From 149cf725db62afdf9cd74a8bf05dc3c2783c3d35 Mon Sep 17 00:00:00 2001
From: "amano.kenji" <amano.kenji@proton.me>
Date: Fri, 27 Dec 2024 13:59:15 +0000
Subject: [PATCH] New profile: ncmpcpp

https://github.com/ncmpcpp/ncmpcpp
---
 etc/inc/disable-common.inc      |  1 +
 etc/inc/disable-programs.inc    |  3 ++
 etc/profile-m-z/ncmpcpp.profile | 75 +++++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 etc/profile-m-z/ncmpcpp.profile

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 9568bbe6f5..652eb66872 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -345,6 +345,7 @@ read-only ${HOME}/.cargo/env
 read-only ${HOME}/.config/mpv
 read-only ${HOME}/.config/msmtp
 read-only ${HOME}/.config/nano
+read-only ${HOME}/.config/ncmpcpp/config
 read-only ${HOME}/.config/nvim
 read-only ${HOME}/.config/pkcs11
 read-only ${HOME}/.dotfiles
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index cd006da61d..4971dc516f 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -586,6 +586,7 @@ blacklist ${HOME}/.config/mutter
 blacklist ${HOME}/.config/mypaint
 blacklist ${HOME}/.config/nano
 blacklist ${HOME}/.config/nautilus
+blacklist ${HOME}/.config/ncmpcpp
 blacklist ${HOME}/.config/nemo
 blacklist ${HOME}/.config/neochat.notifyrc
 blacklist ${HOME}/.config/neochatrc
@@ -1098,6 +1099,7 @@ blacklist ${HOME}/.local/state/audacity
 blacklist ${HOME}/.local/state/mpv
 blacklist ${HOME}/.local/state/pipewire
 blacklist ${HOME}/.lv2
+blacklist ${HOME}/.lyrics
 blacklist ${HOME}/.lyx
 blacklist ${HOME}/.magicor
 blacklist ${HOME}/.masterpdfeditor
@@ -1280,3 +1282,4 @@ blacklist /var/games/slashem
 blacklist /var/games/vulturesclaw
 blacklist /var/games/vultureseye
 blacklist /var/lib/games/Maelstrom-Scores
+blacklist /var/lib/mpd
diff --git a/etc/profile-m-z/ncmpcpp.profile b/etc/profile-m-z/ncmpcpp.profile
new file mode 100644
index 0000000000..72aaf96860
--- /dev/null
+++ b/etc/profile-m-z/ncmpcpp.profile
@@ -0,0 +1,75 @@
+# Firejail profile for ncmpcpp
+# Description: Featureful ncurses-based MPD client inspired by ncmpc
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include ncmpcpp.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/ncmpcpp
+noblacklist ${HOME}/.lyrics
+noblacklist /var/lib/mpd
+
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+
+blacklist ${RUNUSER}
+blacklist /usr/libexec
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+#include disable-write-mnt.inc
+include disable-X11.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/ncmpcpp
+mkdir ${HOME}/.lyrics
+whitelist ${HOME}/.config/ncmpcpp
+whitelist ${HOME}/.lyrics
+whitelist /var/lib/mpd
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notpm
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+
+disable-mnt
+private-bin ncmpcpp,sh
+private-cache
+private-dev
+private-etc terminfo
+private-tmp
+writable-var
+
+dbus-user none
+dbus-system none
+
+deterministic-shutdown
+memory-deny-write-execute