Profile requests
netblue30 opened this issue · comments
Issue to ask for and discuss about new profiles.
Progress is tracked in: https://github.com/netblue30/firejail/projects/3?fullscreen=true
- command line document converter (e.g.
latex2*
,pdf*
,rst2*
,pod2
,pcp2pdf
,wkhtmltopdf
, ...) -
disable-sys.inc
to restrict access to files in/sys/{block,bus,class,dev,devices,kernel}
- KVM
- qemu-system-*
- quemu-kvm
- virt-manager,
- jmemorize
- KTnef,
- KRDC
- discover
- KWalletManager,
- brl-cad (a millitary-veteran CAD..but common at civilian enviorments)
- https://sourceforge.net/projects/animationmaker/
- jdownloader2
- InSync
- variety
- KDE connect
- autotrace
- Y PPA Manager
- Adobe reader
- standalone flashplayer
- Adobe AIR
- cinepaint
- jahshakavr
- soulseekqt
- Tribler
- Leonflix
- upwork desktop
- Quake3
- UrbanTerror
- Citra
- makemkv
- Mellowplayer
- Stubby
- SpamAssassin
- Kile
- llpp
- zotero
- neovim
- Sia-UI
- Calculator (
io.elementary.calculator
) - Calendar
-
io.elementary.calendar
-
io.elementary.calendar-daemon
-
- Camera (
io.elementary.camera
) - Captive Portal Assistant (
io.elementary.capnet-assist
) - Code (
io.elementary.code
) - Files
-
io.elementary.files
-
io.elementary.files-daemon
-
io.elementary.files-pkexec
-
- Music (
io.elementary.music
) - Photos (
io.elementary.photos
) - Based on the old Shotwell code - Terminal (
io.elementary.terminal
) - Videos (
io.elementary.videos
) - GNOME Podcasts (
gnome-podcasts
) - pass / gopass
-
pass
-
gopass
-
- Keybase
-
kbfsfuse
(not sure if this one makes sense...) -
keybase
-
keybase-gui
-
- Yubikey Manager
-
ykman
-
ykman-gui
-
- GZDoom (
gzdoom
) - QuakeSpasm (
quake
) - rRootage (
rrootage
) - Renames TV Series
- deepin-screen-recorder
- Joplin
- mate-terminal
- asbru
- socat
- cordless
- Unity/Unity Hub
- pcloud
- lens
- Obsidian
- luarocks
- Stremio
- cointop
- irssi
- easytag
- mbsync
- Bitwig Studio
- radicale
- solvespace
- screen
- khard
- vdirsyncer
- cryptomator
- Microsoft Edge for linux
- SRBMiner
- NBMiner
- gh
- Hypnotix
- Fwknop
- Sublime Text 4
- Hamsket
- webex
- Veloren and Airshipper
- openstego
- etcher and Ventoy
- waifu2x-converter-cpp
- MEGAsync
- seafile-client
- retroshare
- Aether
- rust-analyzer
- FireDM
- xournal-thumbnailer
- blender-thumbnailer.py
- rustup
- scour
- gnome-extensions-app
- gnome-extensions
- gnome-games
- gnome-do
- gnome-epub-thumbnailer
- gnome-kra-ora-thumbnailer
- gnome-dictionary
- gnome-translate
Resolved
strikethrough means won't fix
- kwrite
- Jerry chess
- Riot.im (desktop)
- freemind
- tshark
- tcpdump
- freecad
- geary
- imagej
- macrofusion
- discord
- rambox
-
gnome-online-miners - gnome-sound-recorder
- Natron
- Cinelerra
- amule
- Calligra
-
Ghetto-skype - Blender
- Google Earth
- shotcut
-
Tbb PPA -
Gnome-boxes -
Tor Messenger - amuled
- shortwave
- WPS-Office
-
Temaviewer#825 (comment) - Ricochet
- tvbrowser
- foliate
- RTV
- homebank
- dooble browser
- Otter browser
- mattermost desktop client
- FreeTube
- Spectacle
- Lyx
- Fractal
- Quaternion
- Youtube-Viewer
- balsa
- Minecraft Server
- Minitube
- lutris
- tutanota-desktop
- Coyim
- Avidemux
- librewolf
- pipe-viewer
- gtk-pipe-viewer
- sway
- tmux
- librecad
- Notable
Comments which are marked as resolved contain request/question to new profiles or a hint to a PR/a commit which adds a new profile
macrofusion
hugin
imagej
geary
@rekixex does #1154 work for you?
Hey donosaurus - where is you GUI ?? Wery needed firewall like that - app goes to internet -> wirewall asks - > allow/deny/create rule.
@rekixex gpicview has been added: b51d44a 😄
1 brl-cad (a millitary-veteran CAD..but common at civilian enviorments)
2 freecad (a civil-use CAD)
3 dia (from gnome)
4 fontforge
Nylas Email client
Wire Chat client
@Fred-Barclay
@mustaqimM We actually already have a Wire profile. 😄
@Fred-Barclay Thanks for that, for some reason it wasn't in the AUR package, so now I'm using the git one. I'm having trouble creating a profile for Nylas Mail
, I get
Streaming log data to /tmp/Nylas-Mail-3.log
[3:0413/071541:FATAL:udev_linux.cc(20)] Check failed: monitor_.
#0 0x000001e5855e <unknown>
#1 0x000001e6e25b <unknown>
#2 0x000000cbe6a6 <unknown>
#3 0x000001248602 <unknown>
#4 0x000001e59226 <unknown>
#5 0x000001e74755 <unknown>
#6 0x000001e74a48 <unknown>
#7 0x000001e74e9b <unknown>
#8 0x000001e4e669 <unknown>
#9 0x000001e8d41e <unknown>
#10 0x000001eac40a <unknown>
#11 0x000002707e36 <unknown>
#12 0x00000270803e <unknown>
#13 0x000001eac4ce <unknown>
#14 0x000001ea8a53 <unknown>
#15 0x7f332d63e2e7 start_thread
#16 0x7f332707f54f __GI___clone
Failed to generate minidump.
Parent is shutting down, bye...
By the way, it's an electron app.
Sure, I'll take a look at it. Can you open a new issue, post the profile you're currently using, and @Fred-Barclay me so I'll get a notification?
would be nice to have profiles for tvbrowser and jdownloader2 :-)
Hi, I would like to make a restrictive version of the "transmission-gtk.profile". As of now, it has access to all folders within my home folder, and I would like to restrict it to a "Torrents" folder only in the home folder. How would I go about doing that? My current transmission-gtk profile is the following:
# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include /etc/firejail/transmission-gtk.local
# transmission-gtk bittorrent profile
noblacklist ${HOME}/.config/transmission
noblacklist ${HOME}/.cache/transmission
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
caps.drop all
netfilter
nonewprivs
noroot
nosound
protocol unix,inet,inet6
seccomp
shell none
tracelog
private-bin transmission-gtk
private-dev
private-tmp
The easiest way would be to start the sandbox with a different user home directory - /home/username/Torrents in your case. Create an empty ~/Torrents directory (mkdir ~/Torrents) and in your profile file add "private ~/Torrents" at the end of the file.
Profile requests:
- Riot.im
- Wire.com
cherrytree (a onenote-like app for linux)
vym/freemind
@qazip - Wire is already in, grab he profile from here: https://github.com/netblue30/firejail/blob/master/etc/wire.profile
@nyancat18 - cherytree is in: https://github.com/netblue30/firejail/blob/master/etc/cherrytree.profile\
@hThoreau - If you just use the default profile, is that one working?
$ firejail --profile=/etc/firejail/transmission-gtk.profile transmision-gtk
Blacklist violations are logged in system log - /var/log/syslog or /var/log/messages depending on your distribution
thanks @netblue30
but freemind/vym :D
@netblue30 oh, that's weird. I don't have that file for some reason. Shouldn't I have (I've firejail 0.9.44.10).
Another profile request:
- Jerry chess (https://github.com/asdfjkl/jerry)
InSync
https://www.insynchq.com/
variety
http://peterlevi.com/variety/
KDE connect
https://community.kde.org/KDEConnect
RedShift
https://wiki.archlinux.org/index.php/redshift
and
Y PPA Manager
https://launchpad.net/y-ppa-manager
Would be nice to have too.
cinepaint
jahshakavr
- Youtube-Viewer (https://github.com/trizen/youtube-viewer)
Would be great if we had a profile which allow us to simulate the installation of programs, as "Arkose" used to do. Look: https://stgraber.org/category/arkose/
Maybe it could be implemented using some overlayfs.
@rekixex Catfish has been added: 67a6d87
I'll try to work on Cheese as well.
@ghanan - it is quite easy, this is an example using OpenShot video editor:
In a terminal start a overlayfs sandbox (you would need a kernel 3.18 or better):
$ firejail --name=test --overlay --private --noblacklist=/sbin --noblacklist=/usr/sbin
In a different terminal, join the sandbox as root and install the program - I am using apt-get on Debian:
$ sudo firejail --join=test
Switching to pid 2464, the first child process inside the sandbox
changing root to /proc/2464/root
Child process initialized in 6.05 ms
# apt-get install openshot
# exit
Back in the first terminal run the program
$ openshot
Once you close both sandboxes, overlayfs is disabled and openshot disappears.
I saw it's already on the list but nevertheless I'd like to request a profile for Geary Email Client (https://github.com/GNOME/geary).
Thank you very much and keep up with the good work.
I'm using the nautilus profile provided here in the etc folder. It blocks the extensions clamtk-gnome (5.24-1) and nautilus-compare (0.0.4+po1-1), though other extensions that I also have installed, nautilus-wipe (0.3-1) and onionshare (0.9.2-1), work fine. Therefore, I ask for an amendment to nautilus' profile that could allow it to use these extensions as well. Thank you.
Requesting a profile for soulseekqt ( a few links because the download page hasn't been updated yet, and the last two are direct links )
http://www.soulseekqt.net/news/
https://groups.google.com/d/msg/soulseek-discussion/lOvh7PoOKR0/uIZKRFZmCQAJ
https://www.dropbox.com/s/b8st8jznojbus0b/SoulseekQt-2017-2-20-Ubuntu17-64bit.tgz (x86_64)
https://www.dropbox.com/s/m12bxp0bjl6iqo9/SoulseekQt-2017-2-20-Ubuntu17-32bit.tgz (i686)
Tribler, a onion routing torrent client: https://github.com/Tribler/tribler
utox (a light tox client)
Enpass password manager, enpass.io
Minecraft Server (Java), only allow java and server files
@wiredrunner Enpass added in 78b6a1d 😄
I'd like to make another request, this time for Leonflix (http://leonflix.net/). It's not open source so this one's better be Firejailed.
Thanks for everything once again!
add vs code
Would like to have upwork desktop profile and base profile for other time tracking systems.
Nice to have:
- disabled/random system hardware information
- window sandbox by default
Copying from #1878: Coyim (suggested by @bn0785ac)
Minitube
https://flavio.tordini.org/minitube
I have put together a profile for Citra (Nintendo 3DS game system emulator), and would like to contribute it.
(Note that the private-dev
line might be uncommented once #2203 is resolved.)
qownnotes: https://github.com/pbek/QOwnNotes
@qazip Can you try this profile for qownnotes?
# Firejail profile for QOwnNotes
# Description: Plain-text file notepad with markdown support and ownCloud integration
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/QOwnNotes.local
# Persistent global definitions
include /etc/firejail/globals.local
noblacklist ${HOME}/Nextcloud/Notes
noblacklist ${HOME}/.config/PBE
noblacklist ${HOME}/.local/share/PBE
mkdir ${HOME}/Nextcloud/Notes
mkdir ${HOME}.config/PBE
mkdir ${HOME}/.local/share/PBE
whitelist ${HOME}/Nextcloud/Notes
whitelist ${HOME}/.config/PBE
whitelist ${HOME}/.local/share/PBE
include /etc/firejail/whitelist-common.inc
include /etc/firejail/whitelist-var-common.inc
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-xdg.inc
caps.drop all
machine-id
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp
shell none
tracelog
disable-mnt
private-bin QOwnNotes,gio
private-dev
private-etc fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies
private-tmp
noexec ${HOME}
noexec /tmp
@Fred-Barclay I tested Qownotes profile and it works good. I wonder if we should add:
noblacklist ${DOCUMENTS}
whitelist ${DOCUMENTS}
feedreader (https://github.com/jangernert/FeedReader)
In #2273 profiles for Quake3 and UrbanTerror have been requested.
Hello, a profile for makemkv (https://www.makemkv.com/) would be nice since it's one of the only GNU/Linux proprietary softwares without alternative.
Maybe mpv can this if libdvdcss is installed.
EDIT: or other libs.
See: https://wiki.archlinux.org/index.php/Blu-ray
the default konversation profile do not contains the netlink
protocol so the logs are spammed with errors, i'm not sure about the consequences for the app or if it's intended by the profile author.
netfilter
in warzone2100 profile is breaking the game hosting function for me, not sure if it's because i'm using --net eth0 --ip.. to bypass my vpn
@Lockdis konvrsation profile is fixed in master now, thx.
https://github.com/netblue30/firejail/blob/master/etc/flameshot.profile
flameshot is not working (the application hang and refuse to take screenshot, i can't find errors in log) for me with the default profile, by removing memory-deny-write-execute
it works
Mellowplayer please. :-) It depends on flashplayer.
MellowPlayer is a free, open source and cross-platform desktop app with cloud music integration.
Fractal (It's a matrix client: https://gitlab.gnome.org/GNOME/fractal)
Quaternion (It's a matrix client: https://github.com/QMatrixClient/Quaternion/)
Stubby https://github.com/getdnsapi/stubby, a dns resolver, think a profile like unbound maybe?
webui-aria2, the popular web UI for the aria2 download manager, has now also a profile. (Could be included via PR.)
@schtobia Please open the PR! It'd be great to have this. 😉
Postfix
Specifically the smtp executable. Seems non-trivial; this script fails with a useless error message:
#!/bin/sh
keys=$(postconf -h smtp_tls_CAfile)
dir_keys=${keys%/*}
dir_cfg=${dir_keys%/*}
alias_maps_param=$(postconf -h alias_maps)
alias_maps=${alias_maps_param##*:}
firejail --whitelist="$alias_maps"\
--whitelist="$dir_cfg"\
--whitelist="$(postconf -h daemon_directory)"\
--whitelist="$(postconf -h data_directory)"\
--whitelist="$(postconf -h smtp_tls_CApath)"\
--whitelist="$(postconf -h myorigin)"\
/usr/lib/postfix/sbin/smtp "$@"
(edit)
If I run that script directly from the CLI, firejail
gives: "invalid whitelist path: /etc/aliases". If I remove that whitelist entry, firejail
complains about the next one.. and so on. The only path firejail
allows me to whitelist from the above list is /var/lib/postfix
(the data_directory
).
SpamAssassin
There are data leaks, so sandboxing S/A is important for security. I've not tried the default config so I'm not sure if a profile is needed but there are essential config files so I guess it's likely.
@libBletchley Did you try the server
profile yet for PostFix/smtp? The default profile is a generic GUI one (like it says inside the file). On another note, IMHO it would be more appropriate for a daemon like smtp to use native systemd hardening techniques.
@glitsj16 I didn't know about server.profile
. Maybe I'll try that and add port 25 loosening in the netfilter. I plan to use firejail to force it through a Tor middlebox so systemd changes wouldn't be sufficient.
I have a working smtp.profile
. Note that it was tested in a firejail that is isolated on a Tor middlebox. I've removed anything Tor-specific but did not test it that way. Anyway, this is the profile if someone wants to integrate it. Note that postfix_smtp.profile
may be a better name.
# Firejail profile for postfix/smtp
# This was derived from the generic server.profile, which allows /sbin
# and /usr/sbin directories. This is where servers are installed
# depending on your usage. This configuration was then customized for
# postfix/smtp.
# Recommended script to use for this profile (which you may want to
# save as "$(postconf -h daemon_directory)/smtp_firejail)":
#
# #!/bin/bash
# typeset -r cmd_dir=$(/usr/sbin/postconf -h command_directory); # literal path used here for security reasons
# typeset -r exec_smtp=$("$cmd_dir"/postconf -h daemon_directory)/smtp
# firejail --profile=smtp.profile\
# --noblacklist="$cmd_dir"\
# --whitelist="$("$cmd_dir"/postconf -h queue_directory)"\
# --whitelist="$("$cmd_dir"/postconf -h data_directory)"\
# "$exec_smtp" "$@"
## Postfix/smtp custom rules ##
# Needed for the two whitelist specifications that follow:
writable-var
# Directory needed for writing lockfiles is generally
# /var/spool/postfix/pid. The common literal parent directory is
# hard-coded here. It's recommended to include this in your script to
# enforce configuration consistency:
# --whitelist="$(postconf -h queue_directory)"
whitelist /var/spool/postfix
# It has not been confirmed whether write access to /var/lib/postfix
# is needed. It's hard-coded here for good measure. It's recommended
# to include this in your script to enforce configuration consistency:
# --whitelist="$(postconf -h data_directory)"
whitelist /var/lib/postfix
# Directory needed for executables: /usr/bin. The common literal
# directory is hard-coded here. It's recommended to include this in
# your script to enforce configuration consistency:
# --noblacklist="$(postconf -h command_directory)"
noblacklist /usr/sbin
## Defaults inherited from server.profile ##
blacklist /tmp/.X11-unix
noblacklist /sbin
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
caps
no3d
nosound
private
private-dev
private-tmp
seccomp
shell none
# too new for author's firejail version to test
# (so you may want to remove these comments):
#
# nodvd
# notv
# nou2f
# novideo
Postfix/smtp seems to write to /var/log
without any issues, even though it's not whitelisted. I'm not sure how that's possible.
bitwarden
Added pull request #2710
please add autotrace
- it has a high number of CVE's assigned (https://www.cvedetails.com/vulnerability-list/vendor_id-12987/product_id-26551/year-2017/opov-1/Autotrace-Project-Autotrace.html)
@jose1711 this autotrace? https://github.com/autotrace/autotrace
@Fred-Barclay that seems to be an unoffical fork of the original
http://autotrace.sourceforge.net/
fedora ships a patched version of the original
arch aur has the unofficial
debian used to ship the original
gentoo doesn't ship either
https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/
@qazip can you try this profile for jerry-chess?
# Firejail profile for jerry
# Description: Chess GUI
# This file is overwritten after every install/update
# Persistent local customizations
include jerry.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/dkl
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
caps.drop all
machine-id
net none
no3d
nodbus
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
shell none
tracelog
private-bin jerry,stockfish,sh,bash
private-dev
private-etc fonts,gtk-2.0,gtk-3.0
private-tmp
memory-deny-write-execute
@Fred-Barclay, I no longer use jerry-chess. But I'll see if I can test it sometime this week!
Tbb (http://www.webupd8.org/2013/12/tor-browser-bundle-ubuntu-ppa.html)
Last Update: 2017-03-08 (tor-browser 6.x.x)
No Support for Ubuntu 17.10, 18.04, 18.10, 19.04
Tor Messenger: https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily (No future development https://blog.torproject.org/sunsetting-tor-messenger)
Gnome-boxes (a nice gui for kvm system)
firejail --noprofile gnome-boxes
don't work.
UPDTE: firejail --noprofile --writable-var gnome-boxes
can start VMs but if you shutdown them, gnome-boxes coredumps.
gnome-online-miners
cannot be jailed by firejail because it has only binaries in libexec that are started via dbus.
I suggest to close these requests.
closed everything expect gnome-boxes (firejail --noprofile --writable-var gnome-boxes
works) I will write a profile this week.
@qazip Have you found the time
No, sorry. I tried to install jerry from AUR but it's giving an error. I don't want to compile it myself..
But if it works for you, it probably works for me too!
Give up writing a profile for gnome-boxes, poweroff a VM always ends in a coredump.
FreeTube requested in #2918 by @MystesofEternity
I would appreciate a profile for zotero (Reference management software)
neovim, setup script (or adding to firecfg) for desktop files for AppImage in $HOME/.local/bin
Please can make profile for Sia-UI .appimage https://gitlab.com/NebulousLabs/Sia-UI/-/releases
thank you so much
Draft for RTV
# Firejail profile for rtv
# Description: Browse Reddit from your terminal
# This file is overwritten after every install/update
# Persistent local customizations
include rtv.local
# Persistent global definitions
include globals.local
blacklist /tmp/.X11-unix
noblacklist ${HOME}/.config/rtv
noblacklist ${HOME}/.local/share/rtv
# Allow python (blacklisted by disable-interpreters.inc)
include allow-python2.inc
include allow-python3.inc
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
mkdir ${HOME}/.config/rtv
mkdir ${HOME}/.local/share/rtv
whitelist ${HOME}/.config/rtv
whitelist ${HOME}/.local/share/rtv
include whitelist-var-common.inc
apparmor
caps.drop all
machine-id
netfilter
no3d
nodbus
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
tracelog
disable-mnt
private-bin python*,rtv
private-cache
private-dev
private-etc ca-certificates,alternatives,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
@rusty-snake Looks good! One thing, on Arch I need to add sh,xdg-settings
to private-bin for the rtv.profile to work. 😉
amuled is the deamon version of amule.
I run it like this:
firejail --private-bin=amuled --profile=/etc/firejail/amule.profile /usr/bin/amuled
Profile request: mattermost desktop client
WPS-Office (http://www.wps.com/)
[Moved form #3040]
Some profile requests... This looks like the right place to post them, but if I should open a separate ticket(s), just let me know.
The Elementary OS's Pantheon desktop is really nice. While the project is planning to move towards using Flatpaks for their major apps, the change doesn't seem imminent and having pre-defined jails would be awesome for those of us running Pantheon on non Elementary OS systems.
- Calculator (
io.elementary.calculator
) - Calendar
-
io.elementary.calendar
-
io.elementary.calendar-daemon
-
- Camera (
io.elementary.camera
) - Captive Portal Assistant (
io.elementary.capnet-assist
) - Code (
io.elementary.code
) - Files
-
io.elementary.files
-
io.elementary.files-daemon
-
io.elementary.files-pkexec
-
- Music (
io.elementary.music
) - Photos (
io.elementary.photos
) - Based on the old Shotwell code - Terminal (
io.elementary.terminal
) - Videos (
io.elementary.videos
)
Some other profiles that would be awesome to have:
- GNOME Podcasts (
gnome-podcasts
) - pass / gopass
-
pass
-
gopass
-
- Keybase
-
kbfsfuse
(not sure if this one makes sense...) -
keybase
-
keybase-gui
-
- Yubikey Manager
-
ykman
-
ykman-gui
-
- GZDoom (
gzdoom
) - QuakeSpasm (
quake
) - rRootage (
rrootage
)
Please can make profile for Sia-UI .appimage https://gitlab.com/NebulousLabs/Sia-UI/-/releases
thank you so much
@rusty-snake any update on supporting this profile?
Also:
https://www.tweaking4all.com/home-theatre/rename-my-tv-series-v2/
Renames TV Series, code is not open source, so ideally a profile would be needed to block everything but internet and main folder where all TV Series lies.
I tried running default profile but i get these errors:
Parent pid 17333, child pid 17334
Warning: cleaning all supplementary groups
Child process initialized in 84.83 ms
Exception at 000000000067F072: EInOutError:
Can not load SQLite client library "libsqlite3.so". Check your installation.
Exception at 000000000067F072: EInOutError:
Can not load SQLite client library "libsqlite3.so". Check your installation.
Exception at 00000000004570FE: EAccessViolation:
Access violation.
Exception at 000000000067F072: EInOutError:
Can not load SQLite client library "libsqlite3.so". Check your installation.
Parent is shutting down, bye...