Updated for firejail 0.9.70

Convert whitelist and read-only pairs to the new whitelist-ro setting.
Fix vlc failing to load lirc configuration.
Add more comments to profiles for unusual workarounds.

1 files changed, 15 insertions, 16 deletions

diff --git a/profiles/vlc.local b/profiles/vlc.local
index 2785bb6..183924d 100644
--- a/profiles/vlc.local
+++ b/profiles/vlc.local
@@ -7,15 +7,12 @@ noblacklist ${VIDEOS}
 
 include disable-xdg.inc
 
-whitelist ${DOWNLOADS}
-whitelist ${MUSIC}
-whitelist ${PICTURES}
-whitelist ${VIDEOS}
-
-read-only ${DOWNLOADS}
-read-only ${MUSIC}
-read-only ${PICTURES}
-read-only ${VIDEOS}
+whitelist-ro ${DOWNLOADS}
+whitelist-ro ${MUSIC}
+whitelist-ro ${PICTURES}
+# Uncomment to allow screenshots
+#read-write ${PICTURES}
+whitelist-ro ${VIDEOS}
 
 # # alsa audio will work with ipc-namespace,
 # # but it hogs the alsa device from other applications
@@ -25,14 +22,16 @@ ignore ipc-namespace
 # # due to syscall name_to_handle_at
 seccomp !name_to_handle_at
 
+# Just say no to dbus
+ignore dbus-user filter
+ignore dbus-user.own org.mpris.MediaPlayer2.vlc
+ignore dbus-user.talk org.freedesktop.Notifications
+ignore dbus-user.talk org.freedesktop.ScreenSaver
+ignore dbus-user.talk org.kde.StatusNotifierWatcher
+ignore dbus-user.talk org.mpris.MediaPlayer2.vlc
 dbus-user none
 dbus-system none
 
-# # noinput breaks lirc support
-# ignore noinput
-
 # Allow paths for custom lirc config
-#whitelist ${HOME}/.lircrc
-#read-only ${HOME}/.lircrc
-#whitelist ${HOME}/.config/lirc/vlc
-#read-only ${HOME}/.config/lirc/vlc
+#whitelist /run/lirc
+#whitelist-ro ${HOME}/.config/lirc/vlc