Add Chatterino profile

author: Dpeta <Jasprose@protonmail.com> 2022-12-24 23:21:43 +0100
committer: Dpeta <jasprose@protonmail.com> 2022-12-25 15:30:47 +0100
commit: 3af6c406834d5f18d1422ce95ebd02646862ce74 (patch)
tree: 25f81c5627394d2a80ab56520eb570a1a263a514
parent: testing (diff)
download: firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.tar.gz
firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.tar.zst
firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.zip
3 files changed, 118 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index b52bcaa11..698ee7eca 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -876,6 +876,7 @@ blacklist ${HOME}/.local/share/caja-python
 blacklist ${HOME}/.local/share/calligragemini
 blacklist ${HOME}/.local/share/cantata
 blacklist ${HOME}/.local/share/cdprojektred
+blacklist ${HOME}/.local/share/chatterino
 blacklist ${HOME}/.local/share/clipit
 blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 blacklist ${HOME}/.local/share/contacts
diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile
new file mode 100644
index 000000000..bbb536827
--- /dev/null
+++ b/etc/profile-a-l/chatterino.profile
@@ -0,0 +1,116 @@
+# Firejail profile for Chatterino
+# Description: Chat client for https://twitch.tv
+# This file is overwritten after every install/update
+# Persistent local customizations
+include chatterino.local
+# Persistent global definitions
+include globals.local
+# Also allow access to mpv/vlc, they're usable via streamlink.
+noblacklist ${HOME}/.cache/vlc
+noblacklist ${HOME}/.config/aacs
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/pulse
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.local/share/chatterino
+noblacklist ${HOME}/.local/share/vlc
+# To upload images, whitelist/noblacklist their path in chatterino.local.
+#noblacklist ${HOME}/Pictures/
+# For custom notification sounds, whitelist/noblacklist their path in chatterino.local.
+#noblacklist ${HOME}/Music/
+# Allow Python for Streamlink integration (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+# Allow Lua for mpv (blacklisted by disable-interpreters.inc)
+include allow-lua.inc
+# disable-*.inc includes
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-xdg.inc
+# Also allow access to mpv/vlc, they're usable via streamlink.
+mkdir ${HOME}/.cache/vlc
+mkdir ${HOME}/.config/aacs
+mkdir ${HOME}/.config/mpv
+mkdir ${HOME}/.config/pulse
+mkdir ${HOME}/.config/vlc
+mkdir ${HOME}/.local/share/chatterino
+mkdir ${HOME}/.local/share/vlc
+whitelist ${HOME}/.cache/vlc
+whitelist ${HOME}/.config/aacs
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.config/pulse
+whitelist ${HOME}/.config/vlc
+whitelist ${HOME}/.local/share/chatterino
+whitelist ${HOME}/.local/share/vlc
+# To upload images, whitelist/noblacklist their path in chatterino.local.
+#whitelist ${HOME}/Pictures/
+# For custom notification sounds, whitelist/noblacklist their path in chatterino.local.
+#whitelist ${HOME}/Music/
+# whitelist-*.inc includes
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+# Streamlink+VLC doesn't seem to close properly with apparmor enabled.
+#apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noprinters
+noroot
+notv
+nou2f
+# Netlink is required for streamlink integration.
+protocol unix,inet,inet6,netlink
+# Seccomp may break browser integration.
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+# Add more private-bin lines for browsers or video players to chatterino.local if wanted.
+private-bin chatterino,pgrep
+private-bin ffmpeg,python*,streamlink
+private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc
+private-bin env,mpv,python*,waf,youtube-dl,yt-dlp
+# private-cache may cause issues with mpv (see #2838)
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11
+private-opt none
+private-srv none
+private-tmp
+dbus-user filter
+dbus-user.own com.chatterino.*
+# Session Bus Policy from flatpak
+dbus-user.talk com.canonical.AppMenu.Registrar
+dbus-user.talk org.kde.kconfig.notify
+dbus-user.talk org.kde.KGlobalSettings
+dbus-user.talk org.freedesktop.Flatpak
+# Allow notifications.
+dbus-user.talk org.freedesktop.Notifications
+# For media player integration.
+dbus-user.talk org.freedesktop.ScreenSaver
+?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.talk org.mpris.MediaPlayer2.Player
+dbus-system none
+# Prevents browsers/players from lingering after Chatterino is closed.
+#deterministic-shutdown
+# Add to chatterino.local to force Qt to use its wayland QPA plugin.
+#env QT_QPA_PLATFORM=wayland
+# memory-deny-write-execute may break streamlink and browser integration.
+#memory-deny-write-execute
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 152263f04..15169f983 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -130,6 +130,7 @@ catfish
 cawbird
 celluloid
 chafa
+chatterino
 checkbashisms
 cheese
 cherrytree
author	Dpeta <Jasprose@protonmail.com>	2022-12-24 23:21:43 +0100
committer	Dpeta <jasprose@protonmail.com>	2022-12-25 15:30:47 +0100
commit	3af6c406834d5f18d1422ce95ebd02646862ce74 (patch)
tree	25f81c5627394d2a80ab56520eb570a1a263a514
parent	testing (diff)
download	firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.tar.gz firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.tar.zst firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index b52bcaa11..698ee7eca 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -876,6 +876,7 @@ blacklist ${HOME}/.local/share/caja-python
876	blacklist ${HOME}/.local/share/calligragemini	876	blacklist ${HOME}/.local/share/calligragemini
877	blacklist ${HOME}/.local/share/cantata	877	blacklist ${HOME}/.local/share/cantata
878	blacklist ${HOME}/.local/share/cdprojektred	878	blacklist ${HOME}/.local/share/cdprojektred
		879	blacklist ${HOME}/.local/share/chatterino
879	blacklist ${HOME}/.local/share/clipit	880	blacklist ${HOME}/.local/share/clipit
880	blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate	881	blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
881	blacklist ${HOME}/.local/share/contacts	882	blacklist ${HOME}/.local/share/contacts


diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile new file mode 100644 index 000000000..bbb536827 --- /dev/null +++ b/etc/profile-a-l/chatterino.profile
@@ -0,0 +1,116 @@
		1	# Firejail profile for Chatterino
		2	# Description: Chat client for https://twitch.tv
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include chatterino.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	# Also allow access to mpv/vlc, they're usable via streamlink.
		10	noblacklist ${HOME}/.cache/vlc
		11	noblacklist ${HOME}/.config/aacs
		12	noblacklist ${HOME}/.config/mpv
		13	noblacklist ${HOME}/.config/pulse
		14	noblacklist ${HOME}/.config/vlc
		15	noblacklist ${HOME}/.local/share/chatterino
		16	noblacklist ${HOME}/.local/share/vlc
		17	# To upload images, whitelist/noblacklist their path in chatterino.local.
		18	#noblacklist ${HOME}/Pictures/
		19	# For custom notification sounds, whitelist/noblacklist their path in chatterino.local.
		20	#noblacklist ${HOME}/Music/
		21
		22	# Allow Python for Streamlink integration (blacklisted by disable-interpreters.inc)
		23	include allow-python3.inc
		24
		25	# Allow Lua for mpv (blacklisted by disable-interpreters.inc)
		26	include allow-lua.inc
		27
		28	# disable-*.inc includes
		29	include disable-common.inc
		30	include disable-devel.inc
		31	include disable-exec.inc
		32	include disable-interpreters.inc
		33	include disable-proc.inc
		34	include disable-programs.inc
		35	include disable-xdg.inc
		36
		37	# Also allow access to mpv/vlc, they're usable via streamlink.
		38	mkdir ${HOME}/.cache/vlc
		39	mkdir ${HOME}/.config/aacs
		40	mkdir ${HOME}/.config/mpv
		41	mkdir ${HOME}/.config/pulse
		42	mkdir ${HOME}/.config/vlc
		43	mkdir ${HOME}/.local/share/chatterino
		44	mkdir ${HOME}/.local/share/vlc
		45	whitelist ${HOME}/.cache/vlc
		46	whitelist ${HOME}/.config/aacs
		47	whitelist ${HOME}/.config/mpv
		48	whitelist ${HOME}/.config/pulse
		49	whitelist ${HOME}/.config/vlc
		50	whitelist ${HOME}/.local/share/chatterino
		51	whitelist ${HOME}/.local/share/vlc
		52	# To upload images, whitelist/noblacklist their path in chatterino.local.
		53	#whitelist ${HOME}/Pictures/
		54	# For custom notification sounds, whitelist/noblacklist their path in chatterino.local.
		55	#whitelist ${HOME}/Music/
		56	# whitelist-*.inc includes
		57	include whitelist-common.inc
		58	include whitelist-run-common.inc
		59	include whitelist-runuser-common.inc
		60	include whitelist-usr-share-common.inc
		61	include whitelist-var-common.inc
		62
		63	# Streamlink+VLC doesn't seem to close properly with apparmor enabled.
		64	#apparmor
		65	caps.drop all
		66	netfilter
		67	nodvd
		68	nogroups
		69	nonewprivs
		70	noprinters
		71	noroot
		72	notv
		73	nou2f
		74	# Netlink is required for streamlink integration.
		75	protocol unix,inet,inet6,netlink
		76	# Seccomp may break browser integration.
		77	seccomp
		78	seccomp.block-secondary
		79	tracelog
		80
		81	disable-mnt
		82	# Add more private-bin lines for browsers or video players to chatterino.local if wanted.
		83	private-bin chatterino,pgrep
		84	private-bin ffmpeg,python*,streamlink
		85	private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc
		86	private-bin env,mpv,python*,waf,youtube-dl,yt-dlp
		87	# private-cache may cause issues with mpv (see #2838)
		88	private-cache
		89	private-dev
		90	private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11
		91	private-opt none
		92	private-srv none
		93	private-tmp
		94
		95	dbus-user filter
		96	dbus-user.own com.chatterino.*
		97	# Session Bus Policy from flatpak
		98	dbus-user.talk com.canonical.AppMenu.Registrar
		99	dbus-user.talk org.kde.kconfig.notify
		100	dbus-user.talk org.kde.KGlobalSettings
		101	dbus-user.talk org.freedesktop.Flatpak
		102	# Allow notifications.
		103	dbus-user.talk org.freedesktop.Notifications
		104	# For media player integration.
		105	dbus-user.talk org.freedesktop.ScreenSaver
		106	?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
		107	dbus-user.talk org.mpris.MediaPlayer2.Player
		108	dbus-system none
		109
		110	# Prevents browsers/players from lingering after Chatterino is closed.
		111	#deterministic-shutdown
		112	# Add to chatterino.local to force Qt to use its wayland QPA plugin.
		113	#env QT_QPA_PLATFORM=wayland
		114	# memory-deny-write-execute may break streamlink and browser integration.
		115	#memory-deny-write-execute
		116	restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 152263f04..15169f983 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -130,6 +130,7 @@ catfish
130	cawbird	130	cawbird
131	celluloid	131	celluloid
132	chafa	132	chafa
		133	chatterino
133	checkbashisms	134	checkbashisms
134	cheese	135	cheese
135	cherrytree	136	cherrytree