Commit 71f838b5 authored by Tad's avatar Tad

Fix notv placement

parent b1479a37
......@@ -27,6 +27,7 @@ netfilter
nogroups
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -39,4 +40,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -19,6 +19,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -30,4 +31,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -12,7 +12,7 @@ ignore noroot
net none
no3d
nosound
nosound
notv
novideo
shell none
tracelog
......@@ -20,4 +20,3 @@ tracelog
private-dev
include /etc/firejail/default.profile
notv
......@@ -18,10 +18,10 @@ nogroups
nonewprivs
noroot
nosound
notv
protocol unix,inet,inet6,netlink
seccomp
shell none
private-dev
private-tmp
notv
......@@ -23,5 +23,5 @@ include /etc/firejail/whitelist-common.inc
caps.drop all
nonewprivs
noroot
seccomp
notv
seccomp
......@@ -21,9 +21,9 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
shell none
tracelog
notv
......@@ -27,6 +27,7 @@ nonewprivs
# In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix.
# noroot
nosound
notv
protocol unix
seccomp
shell none
......@@ -38,4 +39,3 @@ private
private-dev
# private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname
private-tmp
notv
......@@ -28,6 +28,7 @@ nonewprivs
# In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix.
#noroot
nosound
notv
protocol unix
seccomp
shell none
......@@ -39,4 +40,3 @@ private
private-dev
private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname
private-tmp
notv
......@@ -39,9 +39,9 @@ caps.drop all
netfilter
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
seccomp
tracelog
# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
notv
......@@ -19,6 +19,7 @@ no3d
nogroups
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -30,4 +31,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -16,6 +16,7 @@ netfilter
nogroups
nonewprivs
noroot
notv
protocol unix,inet,inet6
# seccomp
shell none
......@@ -24,4 +25,3 @@ shell none
private-dev
# private-etc none
private-tmp
notv
......@@ -23,6 +23,7 @@ netfilter
nogroups
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -32,4 +33,3 @@ private-dev
# private-tmp
noexec /tmp
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -27,4 +28,3 @@ private-dev
noexec ${HOME}
noexec /tmp
notv
......@@ -21,6 +21,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -30,4 +31,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -27,4 +28,3 @@ shell none
private-dev
# private-etc
private-tmp
notv
......@@ -24,6 +24,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -38,4 +39,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6,netlink
seccomp
......@@ -25,4 +26,3 @@ shell none
private-dev
private-tmp
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6,netlink
seccomp
......@@ -25,4 +26,3 @@ shell none
private-dev
private-tmp
notv
......@@ -19,6 +19,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -29,4 +30,3 @@ tracelog
private-dev
private-etc none
private-tmp
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -27,4 +28,3 @@ tracelog
private-bin atril, atril-previewer, atril-thumbnailer
private-dev
private-tmp
notv
......@@ -17,6 +17,7 @@ caps.drop all
netfilter
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -25,4 +26,3 @@ tracelog
private-bin audacious
private-tmp
notv
......@@ -18,6 +18,7 @@ no3d
nogroups
nonewprivs
noroot
notv
novideo
protocol unix
seccomp
......@@ -30,4 +31,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -22,6 +22,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -31,4 +32,3 @@ tracelog
private-bin aweather
private-dev
private-tmp
notv
......@@ -22,6 +22,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
# Baloo makes ioprio_set system calls, which are blacklisted by default.
......@@ -39,4 +40,3 @@ noexec /tmp
# read-only ${HOME}
# read-write ${HOME}/.local/share
# noexec ${HOME}/.local/share
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -29,4 +30,3 @@ private-tmp
memory-deny-write-execute
noexec ${HOME}
noexec /tmp
notv
......@@ -28,6 +28,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6,netlink
seccomp
......@@ -38,4 +39,3 @@ tracelog
private-dev
private-etc fonts,resolv.conf,sword,sword.conf,passwd
private-tmp
notv
......@@ -17,6 +17,7 @@ netfilter
no3d
nonewprivs
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -29,4 +30,3 @@ private-tmp
read-write /var/lib/bitlbee
noexec /tmp
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -31,4 +32,3 @@ shell none
memory-deny-write-execute
noexec ${HOME}
noexec /tmp
notv
......@@ -17,6 +17,7 @@ netfilter
nogroups
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
seccomp
shell none
......@@ -26,4 +27,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -19,6 +19,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -30,4 +31,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -17,6 +17,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -31,4 +32,3 @@ tracelog
memory-deny-write-execute
noexec ${HOME}
noexec /tmp
notv
......@@ -30,8 +30,8 @@ include /etc/firejail/whitelist-common.inc
netfilter
# nonewprivs
# noroot
notv
# protocol unix,inet,inet6,netlink
# seccomp
# disable-mnt
notv
......@@ -22,6 +22,7 @@ netfilter
nogroups
nonewprivs
noroot
notv
protocol unix
seccomp
shell none
......@@ -32,4 +33,3 @@ tracelog
# private-dev
# private-etc fonts
# private-tmp
notv
......@@ -20,6 +20,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -32,4 +33,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -18,6 +18,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -29,4 +30,3 @@ tracelog
# private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m
# private-dev
# private-tmp
notv
......@@ -21,6 +21,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6,netlink
seccomp
......@@ -32,4 +33,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -28,6 +28,7 @@ include /etc/firejail/whitelist-common.inc
caps.keep sys_chroot,sys_admin
netfilter
nogroups
notv
shell none
private-dev
......@@ -35,4 +36,3 @@ private-dev
noexec ${HOME}
noexec /tmp
notv
......@@ -20,10 +20,10 @@ nogroups
nonewprivs
noroot
nosound
notv
protocol unix,inet,inet6
seccomp
shell none
private-dev
private-tmp
notv
......@@ -15,8 +15,8 @@ include /etc/firejail/disable-programs.inc
caps.drop all
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
# Clementine makes ioprio_set system calls, which are blacklisted by default.
seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old
notv
......@@ -20,6 +20,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -31,4 +32,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -16,10 +16,10 @@ caps.drop all
netfilter
nonewprivs
noroot
notv
protocol unix,inet,inet6
seccomp
shell none
private-bin cmus
private-etc group
notv
......@@ -27,6 +27,6 @@ caps.drop all
netfilter
nonewprivs
noroot
notv
protocol unix,inet,inet6
seccomp
notv
......@@ -14,6 +14,6 @@ include /etc/firejail/disable-programs.inc
caps.drop all
netfilter
noroot
notv
protocol unix,inet,inet6
seccomp
notv
......@@ -20,9 +20,9 @@ net none
net none
no3d
nosound
notv
seccomp
shell none
tracelog
private-dev
notv
......@@ -21,6 +21,7 @@ nogroups
nonewprivs
noroot
nosound
notv
protocol unix,inet,inet6
seccomp
shell none
......@@ -32,4 +33,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -17,6 +17,7 @@ netfilter
nogroups
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
seccomp
shell none
......@@ -28,4 +29,3 @@ private-dev
private-tmp
memory-deny-write-execute
notv
......@@ -55,6 +55,7 @@ netfilter
nogroups
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
seccomp
shell none
......@@ -68,4 +69,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -19,6 +19,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -29,4 +30,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -18,6 +18,7 @@ no3d
nogroups
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -28,4 +29,3 @@ private-tmp
noexec ${HOME}
noexec /tmp
notv
......@@ -16,13 +16,13 @@ include /etc/firejail/disable-programs.inc
caps.drop all
# ipc-namespace
netfilter
# no3d
# nogroups
nonewprivs
noroot
# nosound
# novideo
# notv
# no3d
# novideo
protocol unix,inet,inet6
seccomp
# shell none
......
......@@ -22,6 +22,7 @@ netfilter
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
......@@ -31,4 +32,3 @@ shell none
# private-bin deluge,sh,python,uname
private-dev
private-tmp
notv
......@@ -19,6 +19,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -28,4 +29,3 @@ private-dev
noexec ${HOME}
noexec /tmp
notv
......@@ -19,6 +19,7 @@ nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
......@@ -30,4 +31,3 @@ private-tmp