From 22e8632c780d3dbf945601447567f9c0f75a6cd3 Mon Sep 17 00:00:00 2001 From: amano-kenji <106365348+amano-kenji@users.noreply.github.com> Date: Mon, 10 Feb 2025 23:16:28 +0000 Subject: [PATCH] New profile: ncmpcpp (#6587) https://github.com/ncmpcpp/ncmpcpp --- etc/inc/disable-common.inc | 1 + etc/inc/disable-programs.inc | 3 ++ etc/profile-m-z/ncmpcpp.profile | 75 +++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+) create mode 100644 etc/profile-m-z/ncmpcpp.profile diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 9568bbe6f5..652eb66872 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -345,6 +345,7 @@ read-only ${HOME}/.cargo/env read-only ${HOME}/.config/mpv read-only ${HOME}/.config/msmtp read-only ${HOME}/.config/nano +read-only ${HOME}/.config/ncmpcpp/config read-only ${HOME}/.config/nvim read-only ${HOME}/.config/pkcs11 read-only ${HOME}/.dotfiles diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 970c189d03..285e3b4caf 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -586,6 +586,7 @@ blacklist ${HOME}/.config/mutter blacklist ${HOME}/.config/mypaint blacklist ${HOME}/.config/nano blacklist ${HOME}/.config/nautilus +blacklist ${HOME}/.config/ncmpcpp blacklist ${HOME}/.config/nemo blacklist ${HOME}/.config/neochat.notifyrc blacklist ${HOME}/.config/neochatrc @@ -1099,6 +1100,7 @@ blacklist ${HOME}/.local/state/audacity blacklist ${HOME}/.local/state/mpv blacklist ${HOME}/.local/state/pipewire blacklist ${HOME}/.lv2 +blacklist ${HOME}/.lyrics blacklist ${HOME}/.lyx blacklist ${HOME}/.magicor blacklist ${HOME}/.masterpdfeditor @@ -1281,3 +1283,4 @@ blacklist /var/games/slashem blacklist /var/games/vulturesclaw blacklist /var/games/vultureseye blacklist /var/lib/games/Maelstrom-Scores +blacklist /var/lib/mpd diff --git a/etc/profile-m-z/ncmpcpp.profile b/etc/profile-m-z/ncmpcpp.profile new file mode 100644 index 0000000000..72aaf96860 --- /dev/null +++ b/etc/profile-m-z/ncmpcpp.profile @@ -0,0 +1,75 @@ +# Firejail profile for ncmpcpp +# Description: Featureful ncurses-based MPD client inspired by ncmpc +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include ncmpcpp.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/ncmpcpp +noblacklist ${HOME}/.lyrics +noblacklist /var/lib/mpd + +# Allow /bin/sh (blacklisted by disable-shell.inc) +include allow-bin-sh.inc + +blacklist ${RUNUSER} +blacklist /usr/libexec + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +#include disable-write-mnt.inc +include disable-X11.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/ncmpcpp +mkdir ${HOME}/.lyrics +whitelist ${HOME}/.config/ncmpcpp +whitelist ${HOME}/.lyrics +whitelist /var/lib/mpd +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +nosound +notpm +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary + +disable-mnt +private-bin ncmpcpp,sh +private-cache +private-dev +private-etc terminfo +private-tmp +writable-var + +dbus-user none +dbus-system none + +deterministic-shutdown +memory-deny-write-execute