Updated firejail profile

1 files changed, 10 insertions, 7 deletions

diff --git a/test/poi.profile b/test/poi.profile
index 9e28868..f405a10 100644
--- a/test/poi.profile
+++ b/test/poi.profile
@@ -9,19 +9,21 @@ include /etc/firejail/globals.local
 noblacklist ~/.cache/smolbote
 noblacklist ~/.config/smolbote
 noblacklist ~/.local/share/smolbote
+
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+mkdir ~/.cache/smolbote
+mkdir ~/.config/smolbote
+mkdir ~/.local/share/smolbote
 
 whitelist ${DOWNLOADS}
-mkdir ~/.cache/smolbote
 whitelist ~/.cache/smolbote
-mkdir ~/.config/smolbote
 whitelist ~/.config/smolbote
-mkdir ~/.local/share/smolbote
 whitelist ~/.local/share/smolbote
+include /etc/firejail/whitelist-common.inc
 
 
 ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid
@@ -45,6 +47,9 @@ noroot
 ## notv - Disable access to DVB TV devices.
 notv
 
+# novideo - Disable access to video devices.
+novideo
+
 ## protocol - Only allows sockets of the following types. Not supported on i386 architecture.
 protocol unix,inet,inet6,netlink
 
@@ -69,7 +74,8 @@ disable-mnt
 private-dev
 
 ## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories.
-#private-etc nsswitch.conf,resolv.conf
+# Experimental support for only fonts and alsa audio
+#private-etc fonts,machine-id
 
 ## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs.
 private-tmp
@@ -78,6 +84,3 @@ private-tmp
 ## noexec - Prevent execution of files in the specified locations
 noexec ${HOME}
 noexec /tmp
-
-
-include /etc/firejail/whitelist-common.inc