Merge pull request #4079 from Neo00001/master

Add profile for youtube-dl-gui & some other changes

5 files changed, 69 insertions, 0 deletions

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 806a94eac..7a37c9fb4 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -438,6 +438,7 @@ blacklist ${HOME}/.config/yandex-browser
 blacklist ${HOME}/.config/yandex-browser-beta
 blacklist ${HOME}/.config/yelp
 blacklist ${HOME}/.config/youtube-dl
+blacklist ${HOME}/.config/youtube-dlg
 blacklist ${HOME}/.config/youtubemusic-nativefier-040164
 blacklist ${HOME}/.config/youtube-music-desktop-app
 blacklist ${HOME}/.config/youtube-viewer
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index fce7dc461..38d291324 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -36,10 +36,20 @@ noroot
 notv
 protocol unix,inet,inet6,netlink
 seccomp
+seccomp.block-secondary
 shell none
+tracelog
 
 disable-mnt
+#private-bin telegram,Telegram,telegram-desktop
 private-cache
 private-dev
 private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
+
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.talk org.gnome.Mutter.IdleMonitor
+dbus-user.talk org.freedesktop.ScreenSaver
+dbus-system none
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index 232ff8ae4..64d787bfb 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -44,6 +44,7 @@ shell none
 tracelog
 
 #disable-mnt
+#private-bin basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami
 private-cache
 private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
new file mode 100644
index 000000000..c072d6267
--- /dev/null
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -0,0 +1,56 @@
+# Firejail profile for youtube-dl-gui
+# Description: A cross platform front-end GUI of the popular youtube-dl media downloader
+include youtube-dl-gui.local
+# This file is overwritten after every install/update
+include globals.local
+
+#These are blacklisted by disable-interpreters.inc
+include allow-python2.inc
+include allow-python3.inc
+
+noblacklist ${HOME}/.config/youtube-dlg
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/youtube-dlg
+whitelist ${HOME}/.config/youtube-dlg
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+
+disable-mnt
+private-bin atomicparsley,ffmpeg,ffprobe,python*,youtube-dl-gui
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,locale,locale.conf,passwd,pki,resolv.conf,ssl
+private-tmp
+
+dbus-user none
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 85a5b0453..3da415b70 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -875,6 +875,7 @@ yandex-browser
 yelp
 youtube
 youtube-dl
+youtube-dl-gui
 youtube-viewer
 youtubemusic-nativefier
 ytmdesktop