diff options
author | 2023-04-16 00:06:28 +0200 | |
---|---|---|
committer | 2023-04-16 00:06:28 +0200 | |
commit | 99898db8fc47b951ba0e8efdc61299be72aaa3c6 (patch) | |
tree | a7861f7a18b6ca8ff498f426ac3f129fe394c6be | |
parent | Merge pull request #5777 from hotcapy/patch-1 (diff) | |
download | firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.tar.gz firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.tar.zst firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.zip |
youtube-viewers: refactor and add gtk-youtube-viewers-common
-rw-r--r-- | etc/profile-a-l/gtk-lbry-viewer.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/gtk-pipe-viewer.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/gtk-straw-viewer.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/gtk-youtube-viewer.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/gtk-youtube-viewers-common.profile | 22 | ||||
-rw-r--r-- | etc/profile-a-l/gtk2-youtube-viewer.profile | 7 | ||||
-rw-r--r-- | etc/profile-a-l/gtk3-youtube-viewer.profile | 7 | ||||
-rw-r--r-- | etc/profile-a-l/lbry-viewer.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/pipe-viewer.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/straw-viewer.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/youtube-viewer.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/youtube-viewers-common.profile | 15 |
12 files changed, 46 insertions, 29 deletions
diff --git a/etc/profile-a-l/gtk-lbry-viewer.profile b/etc/profile-a-l/gtk-lbry-viewer.profile index e1fb53b16..71d4fd632 100644 --- a/etc/profile-a-l/gtk-lbry-viewer.profile +++ b/etc/profile-a-l/gtk-lbry-viewer.profile | |||
@@ -6,7 +6,9 @@ include gtk-lbry-viewer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | ignore quiet | 9 | private-bin gtk-lbry-viewer |
10 | |||
11 | include gtk-youtube-viewers-common.profile | ||
10 | 12 | ||
11 | # Redirect | 13 | # Redirect |
12 | include lbry-viewer.profile | 14 | include lbry-viewer.profile |
diff --git a/etc/profile-a-l/gtk-pipe-viewer.profile b/etc/profile-a-l/gtk-pipe-viewer.profile index 9c212ff6e..b41a5d8ee 100644 --- a/etc/profile-a-l/gtk-pipe-viewer.profile +++ b/etc/profile-a-l/gtk-pipe-viewer.profile | |||
@@ -6,7 +6,9 @@ include gtk-pipe-viewer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | ignore quiet | 9 | private-bin gtk-pipe-viewer |
10 | |||
11 | include gtk-youtube-viewers-common.profile | ||
10 | 12 | ||
11 | # Redirect | 13 | # Redirect |
12 | include pipe-viewer.profile | 14 | include pipe-viewer.profile |
diff --git a/etc/profile-a-l/gtk-straw-viewer.profile b/etc/profile-a-l/gtk-straw-viewer.profile index 978b3d896..84429856d 100644 --- a/etc/profile-a-l/gtk-straw-viewer.profile +++ b/etc/profile-a-l/gtk-straw-viewer.profile | |||
@@ -6,7 +6,9 @@ include gtk-straw-viewer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | ignore quiet | 9 | private-bin gtk-straw-viewer |
10 | |||
11 | include gtk-youtube-viewers-common.profile | ||
10 | 12 | ||
11 | # Redirect | 13 | # Redirect |
12 | include straw-viewer.profile | 14 | include straw-viewer.profile |
diff --git a/etc/profile-a-l/gtk-youtube-viewer.profile b/etc/profile-a-l/gtk-youtube-viewer.profile index c814f0fef..5463973ad 100644 --- a/etc/profile-a-l/gtk-youtube-viewer.profile +++ b/etc/profile-a-l/gtk-youtube-viewer.profile | |||
@@ -6,7 +6,9 @@ include gtk-youtube-viewer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | ignore quiet | 9 | private-bin gtk-youtube-viewer |
10 | |||
11 | include gtk-youtube-viewers-common.profile | ||
10 | 12 | ||
11 | # Redirect | 13 | # Redirect |
12 | include youtube-viewer.profile | 14 | include youtube-viewer.profile |
diff --git a/etc/profile-a-l/gtk-youtube-viewers-common.profile b/etc/profile-a-l/gtk-youtube-viewers-common.profile new file mode 100644 index 000000000..049448a23 --- /dev/null +++ b/etc/profile-a-l/gtk-youtube-viewers-common.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # Firejail profile for gtk-youtube-viewer clones | ||
2 | # Description: common profile for Trizen's gtk Youtube viewers | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gtk-youtube-viewers-common.local | ||
6 | # Persistent global definitions | ||
7 | # added by caller profile | ||
8 | #include globals.local | ||
9 | |||
10 | ignore quiet | ||
11 | |||
12 | # The lines below are needed to find the default Firefox profile name, to allow | ||
13 | # opening links in an existing instance of Firefox (note that it still fails if | ||
14 | # there isn't a Firefox instance running with the default profile; see #5352) | ||
15 | noblacklist ${HOME}/.mozilla | ||
16 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
17 | |||
18 | private-bin firefox,xterm | ||
19 | |||
20 | dbus-user filter | ||
21 | # allow D-Bus communication with firefox for opening links | ||
22 | dbus-user.talk org.mozilla.* | ||
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile index 787c7bd90..51f0a0dd6 100644 --- a/etc/profile-a-l/gtk2-youtube-viewer.profile +++ b/etc/profile-a-l/gtk2-youtube-viewer.profile | |||
@@ -6,12 +6,9 @@ include gtk2-youtube-viewer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | ignore quiet | 9 | private-bin gtk2-youtube-viewer |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | include gtk-youtube-viewers-common.profile |
12 | noblacklist ${RUNUSER} | ||
13 | |||
14 | include whitelist-runuser-common.inc | ||
15 | 12 | ||
16 | # Redirect | 13 | # Redirect |
17 | include youtube-viewer.profile | 14 | include youtube-viewer.profile |
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile index 988882622..e380304b3 100644 --- a/etc/profile-a-l/gtk3-youtube-viewer.profile +++ b/etc/profile-a-l/gtk3-youtube-viewer.profile | |||
@@ -6,12 +6,9 @@ include gtk3-youtube-viewer.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | ignore quiet | 9 | private-bin gtk3-youtube-viewer |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | include gtk-youtube-viewers-common.profile |
12 | noblacklist ${RUNUSER} | ||
13 | |||
14 | include whitelist-runuser-common.inc | ||
15 | 12 | ||
16 | # Redirect | 13 | # Redirect |
17 | include youtube-viewer.profile | 14 | include youtube-viewer.profile |
diff --git a/etc/profile-a-l/lbry-viewer.profile b/etc/profile-a-l/lbry-viewer.profile index f6a02ac83..aad1330e0 100644 --- a/etc/profile-a-l/lbry-viewer.profile +++ b/etc/profile-a-l/lbry-viewer.profile | |||
@@ -15,7 +15,7 @@ mkdir ${HOME}/.cache/lbry-viewer | |||
15 | whitelist ${HOME}/.cache/lbry-viewer | 15 | whitelist ${HOME}/.cache/lbry-viewer |
16 | whitelist ${HOME}/.config/lbry-viewer | 16 | whitelist ${HOME}/.config/lbry-viewer |
17 | 17 | ||
18 | private-bin gtk-lbry-viewer,lbry-viewer | 18 | private-bin lbry-viewer |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include youtube-viewers-common.profile | 21 | include youtube-viewers-common.profile |
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile index 3de064311..77393274e 100644 --- a/etc/profile-m-z/pipe-viewer.profile +++ b/etc/profile-m-z/pipe-viewer.profile | |||
@@ -15,7 +15,7 @@ mkdir ${HOME}/.cache/pipe-viewer | |||
15 | whitelist ${HOME}/.cache/pipe-viewer | 15 | whitelist ${HOME}/.cache/pipe-viewer |
16 | whitelist ${HOME}/.config/pipe-viewer | 16 | whitelist ${HOME}/.config/pipe-viewer |
17 | 17 | ||
18 | private-bin gtk-pipe-viewer,pipe-viewer | 18 | private-bin pipe-viewer |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include youtube-viewers-common.profile | 21 | include youtube-viewers-common.profile |
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile index 513abc21b..48f83fabc 100644 --- a/etc/profile-m-z/straw-viewer.profile +++ b/etc/profile-m-z/straw-viewer.profile | |||
@@ -15,7 +15,7 @@ mkdir ${HOME}/.cache/straw-viewer | |||
15 | whitelist ${HOME}/.cache/straw-viewer | 15 | whitelist ${HOME}/.cache/straw-viewer |
16 | whitelist ${HOME}/.config/straw-viewer | 16 | whitelist ${HOME}/.config/straw-viewer |
17 | 17 | ||
18 | private-bin gtk-straw-viewer,straw-viewer | 18 | private-bin straw-viewer |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include youtube-viewers-common.profile | 21 | include youtube-viewers-common.profile |
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile index 825599fcc..4a0e26540 100644 --- a/etc/profile-m-z/youtube-viewer.profile +++ b/etc/profile-m-z/youtube-viewer.profile | |||
@@ -15,7 +15,7 @@ mkdir ${HOME}/.config/youtube-viewer | |||
15 | whitelist ${HOME}/.cache/youtube-viewer | 15 | whitelist ${HOME}/.cache/youtube-viewer |
16 | whitelist ${HOME}/.config/youtube-viewer | 16 | whitelist ${HOME}/.config/youtube-viewer |
17 | 17 | ||
18 | private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer | 18 | private-bin youtube-viewer |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include youtube-viewers-common.profile | 21 | include youtube-viewers-common.profile |
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index d2b73ec4c..c9d2ea53b 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -8,6 +8,7 @@ include youtube-viewers-common.local | |||
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/youtube-dl | 10 | noblacklist ${HOME}/.cache/youtube-dl |
11 | noblacklist ${HOME}/.config/mpv | ||
11 | 12 | ||
12 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
13 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -19,12 +20,6 @@ include allow-perl.inc | |||
19 | include allow-python2.inc | 20 | include allow-python2.inc |
20 | include allow-python3.inc | 21 | include allow-python3.inc |
21 | 22 | ||
22 | # The lines below are needed to find the default Firefox profile name, to allow | ||
23 | # opening links in an existing instance of Firefox (note that it still fails if | ||
24 | # there isn't a Firefox instance running with the default profile; see #5352) | ||
25 | noblacklist ${HOME}/.mozilla | ||
26 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
27 | |||
28 | include disable-common.inc | 23 | include disable-common.inc |
29 | include disable-devel.inc | 24 | include disable-devel.inc |
30 | include disable-exec.inc | 25 | include disable-exec.inc |
@@ -34,7 +29,9 @@ include disable-xdg.inc | |||
34 | 29 | ||
35 | whitelist ${DOWNLOADS} | 30 | whitelist ${DOWNLOADS} |
36 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 31 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
32 | whitelist ${HOME}/.config/mpv | ||
37 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-run-common.inc | ||
38 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
40 | include whitelist-var-common.inc | 37 | include whitelist-var-common.inc |
@@ -55,16 +52,12 @@ seccomp | |||
55 | tracelog | 52 | tracelog |
56 | 53 | ||
57 | disable-mnt | 54 | disable-mnt |
58 | private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp | 55 | private-bin bash,ffmpeg,ffprobe,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,youtube-dl,yt-dlp |
59 | private-cache | 56 | private-cache |
60 | private-dev | 57 | private-dev |
61 | private-etc @tls-ca,@x11,host.conf,mime.types | 58 | private-etc @tls-ca,@x11,host.conf,mime.types |
62 | private-tmp | 59 | private-tmp |
63 | 60 | ||
64 | dbus-user filter | ||
65 | # allow D-Bus communication with firefox for opening links | ||
66 | dbus-user.talk org.mozilla.* | ||
67 | |||
68 | dbus-system none | 61 | dbus-system none |
69 | 62 | ||
70 | restrict-namespaces | 63 | restrict-namespaces |