Merge pull request #5715 from pirate486743186/yt-dlp

refactor yt-dlp
author: netblue30 <netblue30@protonmail.com> 2023-03-13 13:27:26 -0400
committer: GitHub <noreply@github.com> 2023-03-13 13:27:26 -0400
commit: 318b0f66320f69eee63996bb49b4994e2e0bc511 (patch)
tree: 9e4b701da707b599b3058aa408d0f8b76eb27276 /etc
parent: Merge branch 'master' of ssh://github.com/netblue30/firejail (diff)
parent: refactor yt-dlp (diff)
download: firejail-318b0f66320f69eee63996bb49b4994e2e0bc511.tar.gz
firejail-318b0f66320f69eee63996bb49b4994e2e0bc511.tar.zst
firejail-318b0f66320f69eee63996bb49b4994e2e0bc511.zip
3 files changed, 69 insertions, 59 deletions
diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile
index 9c8200dc4..9643820e7 100644
--- a/etc/profile-a-l/gallery-dl.profile
+++ b/etc/profile-a-l/gallery-dl.profile
@@ -15,4 +15,4 @@ private-bin gallery-dl
 private-etc gallery-dl.conf
 # Redirect
-include youtube-dl.profile
+include yt-dlp.profile
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile
index 8376b4989..9e81d745d 100644
--- a/etc/profile-m-z/youtube-dl.profile
+++ b/etc/profile-m-z/youtube-dl.profile
@@ -5,63 +5,17 @@ quiet
 # Persistent local customizations
 include youtube-dl.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-# breaks when installed under ${HOME} via `pip install --user` (see #2833)
-ignore noexec ${HOME}
 noblacklist ${HOME}/.cache/youtube-dl
 noblacklist ${HOME}/.config/youtube-dl
-noblacklist ${HOME}/.netrc
-noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
-include allow-python3.inc
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-apparmor
-caps.drop all
-ipc-namespace
-machine-id
-netfilter
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-seccomp.block-secondary
-tracelog
-private-bin env,ffmpeg,python*,youtube-dl
-private-cache
-private-dev
-private-etc @tls-ca,mime.types,youtube-dl.conf
-private-tmp
-dbus-user none
+private-bin youtube-dl
-dbus-system none
+private-etc youtube-dl.conf
-#memory-deny-write-execute - breaks on Arch (see issue #1803)
+# Redirect
-restrict-namespaces
+include yt-dlp.profile
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile
index 49d4b3b56..97f9e620a 100644
--- a/etc/profile-m-z/yt-dlp.profile
+++ b/etc/profile-m-z/yt-dlp.profile
@@ -5,17 +5,73 @@ quiet
 # Persistent local customizations
 include yt-dlp.local
 # Persistent global definitions
-# added by included profile
+include globals.local
-#include globals.local
+# If you installed via pip under ${HOME}
+# add 'ignore noexec ${HOME}' in yt-dlp.local.
+# AppArmor needs to allow it too,
+# add 'ignore apparmor' in yt-dlp.local
+# OR in /etc/apparmor.d/local/firejail-default add:
+# 'owner @HOME/.local/bin/** ix,'
+# 'owner @HOME/.local/lib/python*/** ix,'
+# then run the command
+# 'sudo apparmor_parser -r /etc/apparmor.d/firejail-default'
 noblacklist ${HOME}/.cache/yt-dlp
 noblacklist ${HOME}/.config/yt-dlp
 noblacklist ${HOME}/.config/yt-dlp.conf
 noblacklist ${HOME}/yt-dlp.conf
 noblacklist ${HOME}/yt-dlp.conf.txt
+noblacklist ${HOME}/.netrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+tracelog
+private-bin env,ffmpeg,ffprobe,python*,yt-dlp
+private-cache
+private-dev
+private-etc @tls-ca,mime.types,yt-dlp.conf
+private-tmp
+dbus-user none
+dbus-system none
-private-bin ffprobe,yt-dlp
+memory-deny-write-execute
-private-etc yt-dlp.conf
-# Redirect
+restrict-namespaces
-include youtube-dl.profile
author	netblue30 <netblue30@protonmail.com>	2023-03-13 13:27:26 -0400
committer	GitHub <noreply@github.com>	2023-03-13 13:27:26 -0400
commit	318b0f66320f69eee63996bb49b4994e2e0bc511 (patch)
tree	9e4b701da707b599b3058aa408d0f8b76eb27276 /etc
parent	Merge branch 'master' of ssh://github.com/netblue30/firejail (diff)
parent	refactor yt-dlp (diff)
download	firejail-318b0f66320f69eee63996bb49b4994e2e0bc511.tar.gz firejail-318b0f66320f69eee63996bb49b4994e2e0bc511.tar.zst firejail-318b0f66320f69eee63996bb49b4994e2e0bc511.zip

diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile index 9c8200dc4..9643820e7 100644 --- a/etc/profile-a-l/gallery-dl.profile +++ b/etc/profile-a-l/gallery-dl.profile
@@ -15,4 +15,4 @@ private-bin gallery-dl
15	private-etc gallery-dl.conf	15	private-etc gallery-dl.conf
16		16
17	# Redirect	17	# Redirect
18	include youtube-dl.profile	18	include yt-dlp.profile


diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 8376b4989..9e81d745d 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile
@@ -5,63 +5,17 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include youtube-dl.local	6	include youtube-dl.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	# added by included profile
9		9	#include globals.local
10	# breaks when installed under ${HOME} via `pip install --user` (see #2833)
11	ignore noexec ${HOME}
12		10
13	noblacklist ${HOME}/.cache/youtube-dl	11	noblacklist ${HOME}/.cache/youtube-dl
14	noblacklist ${HOME}/.config/youtube-dl	12	noblacklist ${HOME}/.config/youtube-dl
15	noblacklist ${HOME}/.netrc
16	noblacklist ${MUSIC}
17	noblacklist ${VIDEOS}
18		13
19	# Allow python (blacklisted by disable-interpreters.inc)	14	# Allow python (blacklisted by disable-interpreters.inc)
20	include allow-python2.inc	15	include allow-python2.inc
21	include allow-python3.inc
22
23	blacklist /tmp/.X11-unix
24	blacklist ${RUNUSER}
25
26	include disable-common.inc
27	include disable-devel.inc
28	include disable-exec.inc
29	include disable-interpreters.inc
30	include disable-programs.inc
31	include disable-shell.inc
32	include disable-xdg.inc
33
34	include whitelist-usr-share-common.inc
35	include whitelist-var-common.inc
36
37	apparmor
38	caps.drop all
39	ipc-namespace
40	machine-id
41	netfilter
42	no3d
43	nodvd
44	nogroups
45	noinput
46	nonewprivs
47	noroot
48	nosound
49	notv
50	nou2f
51	novideo
52	protocol unix,inet,inet6
53	seccomp
54	seccomp.block-secondary
55	tracelog
56
57	private-bin env,ffmpeg,python*,youtube-dl
58	private-cache
59	private-dev
60	private-etc @tls-ca,mime.types,youtube-dl.conf
61	private-tmp
62		16
63	dbus-user none	17	private-bin youtube-dl
64	dbus-system none	18	private-etc youtube-dl.conf
65		19
66	#memory-deny-write-execute - breaks on Arch (see issue #1803)	20	# Redirect
67	restrict-namespaces	21	include yt-dlp.profile


diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index 49d4b3b56..97f9e620a 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile
@@ -5,17 +5,73 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include yt-dlp.local	6	include yt-dlp.local
7	# Persistent global definitions	7	# Persistent global definitions
8	# added by included profile	8	include globals.local
9	#include globals.local	9
		10	# If you installed via pip under ${HOME}
		11	# add 'ignore noexec ${HOME}' in yt-dlp.local.
		12	# AppArmor needs to allow it too,
		13	# add 'ignore apparmor' in yt-dlp.local
		14	# OR in /etc/apparmor.d/local/firejail-default add:
		15	# 'owner @HOME/.local/bin/** ix,'
		16	# 'owner @HOME/.local/lib/python/* ix,'
		17	# then run the command
		18	# 'sudo apparmor_parser -r /etc/apparmor.d/firejail-default'
10		19
11	noblacklist ${HOME}/.cache/yt-dlp	20	noblacklist ${HOME}/.cache/yt-dlp
12	noblacklist ${HOME}/.config/yt-dlp	21	noblacklist ${HOME}/.config/yt-dlp
13	noblacklist ${HOME}/.config/yt-dlp.conf	22	noblacklist ${HOME}/.config/yt-dlp.conf
14	noblacklist ${HOME}/yt-dlp.conf	23	noblacklist ${HOME}/yt-dlp.conf
15	noblacklist ${HOME}/yt-dlp.conf.txt	24	noblacklist ${HOME}/yt-dlp.conf.txt
		25	noblacklist ${HOME}/.netrc
		26	noblacklist ${MUSIC}
		27	noblacklist ${VIDEOS}
		28
		29	# Allow python (blacklisted by disable-interpreters.inc)
		30	include allow-python3.inc
		31
		32	blacklist /tmp/.X11-unix
		33	blacklist ${RUNUSER}
		34
		35	include disable-common.inc
		36	include disable-devel.inc
		37	include disable-exec.inc
		38	include disable-interpreters.inc
		39	include disable-programs.inc
		40	include disable-shell.inc
		41	include disable-xdg.inc
		42
		43	include whitelist-usr-share-common.inc
		44	include whitelist-var-common.inc
		45
		46	apparmor
		47	caps.drop all
		48	ipc-namespace
		49	machine-id
		50	netfilter
		51	no3d
		52	nodvd
		53	nogroups
		54	noinput
		55	nonewprivs
		56	noroot
		57	nosound
		58	notv
		59	nou2f
		60	novideo
		61	protocol unix,inet,inet6
		62	seccomp
		63	seccomp.block-secondary
		64	tracelog
		65
		66	private-bin env,ffmpeg,ffprobe,python*,yt-dlp
		67	private-cache
		68	private-dev
		69	private-etc @tls-ca,mime.types,yt-dlp.conf
		70	private-tmp
		71
		72	dbus-user none
		73	dbus-system none
16		74
17	private-bin ffprobe,yt-dlp	75	memory-deny-write-execute
18	private-etc yt-dlp.conf
19		76
20	# Redirect	77	restrict-namespaces
21	include youtube-dl.profile