From d9cd95e9fae9b7dcdb36032ccda2b1059dcc1adb Mon Sep 17 00:00:00 2001
From: Pig Monkey <pm@pig-monkey.com>
Date: Tue, 26 Dec 2017 16:39:41 -0800
Subject: [PATCH] use default firejail mpd profile

requires >= 0.9.52
---
 roles/mpd/files/firejail/mpd.profile | 11 -----------
 roles/mpd/tasks/main.yml             | 14 ++++++++++----
 2 files changed, 10 insertions(+), 15 deletions(-)
 delete mode 100644 roles/mpd/files/firejail/mpd.profile

diff --git a/roles/mpd/files/firejail/mpd.profile b/roles/mpd/files/firejail/mpd.profile
deleted file mode 100644
index dcb0c91..0000000
--- a/roles/mpd/files/firejail/mpd.profile
+++ /dev/null
@@ -1,11 +0,0 @@
-include /etc/firejail/globals.local
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-passwdmgr.inc
-
-caps.drop all
-netfilter
-nonewprivs
-noroot
-protocol unix,inet,inet6,netlink
diff --git a/roles/mpd/tasks/main.yml b/roles/mpd/tasks/main.yml
index 2a26f75..2a9f8fa 100644
--- a/roles/mpd/tasks/main.yml
+++ b/roles/mpd/tasks/main.yml
@@ -9,10 +9,16 @@
   tags:
     - firejail
 
-- name: Push mpd firejail profile
-  copy: src=firejail/mpd.profile dest=/usr/local/etc/firejail/mpd.profile
-  notify:
-    - activate firejail profiles
+- name: Verify mpd firejail local profile exists
+  file: path=/etc/firejail/mpd.local state=touch
+  tags:
+    - firejail
+
+- name: Set mpd firejail protocols
+  lineinfile:
+    dest: /etc/firejail/mpd.local
+    regexp: "^protocol"
+    line: "protocol unix,inet,inet6,netlink"
   tags:
     - firejail