youtube-viewers: refactor and add gtk-youtube-viewers-common

author: pirate486743186 <> 2023-04-16 00:06:28 +0200
committer: pirate486743186 <> 2023-04-16 00:06:28 +0200
commit: 99898db8fc47b951ba0e8efdc61299be72aaa3c6 (patch)
tree: a7861f7a18b6ca8ff498f426ac3f129fe394c6be /etc
parent: Merge pull request #5777 from hotcapy/patch-1 (diff)
download: firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.tar.gz
firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.tar.zst
firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.zip
12 files changed, 46 insertions, 29 deletions
diff --git a/etc/profile-a-l/gtk-lbry-viewer.profile b/etc/profile-a-l/gtk-lbry-viewer.profile
index e1fb53b16..71d4fd632 100644
--- a/etc/profile-a-l/gtk-lbry-viewer.profile
+++ b/etc/profile-a-l/gtk-lbry-viewer.profile
@@ -6,7 +6,9 @@ include gtk-lbry-viewer.local
 # added by included profile
 #include globals.local
-ignore quiet
+private-bin gtk-lbry-viewer
+include gtk-youtube-viewers-common.profile
 # Redirect
 include lbry-viewer.profile
diff --git a/etc/profile-a-l/gtk-pipe-viewer.profile b/etc/profile-a-l/gtk-pipe-viewer.profile
index 9c212ff6e..b41a5d8ee 100644
--- a/etc/profile-a-l/gtk-pipe-viewer.profile
+++ b/etc/profile-a-l/gtk-pipe-viewer.profile
@@ -6,7 +6,9 @@ include gtk-pipe-viewer.local
 # added by included profile
 #include globals.local
-ignore quiet
+private-bin gtk-pipe-viewer
+include gtk-youtube-viewers-common.profile
 # Redirect
 include pipe-viewer.profile
diff --git a/etc/profile-a-l/gtk-straw-viewer.profile b/etc/profile-a-l/gtk-straw-viewer.profile
index 978b3d896..84429856d 100644
--- a/etc/profile-a-l/gtk-straw-viewer.profile
+++ b/etc/profile-a-l/gtk-straw-viewer.profile
@@ -6,7 +6,9 @@ include gtk-straw-viewer.local
 # added by included profile
 #include globals.local
-ignore quiet
+private-bin gtk-straw-viewer
+include gtk-youtube-viewers-common.profile
 # Redirect
 include straw-viewer.profile
diff --git a/etc/profile-a-l/gtk-youtube-viewer.profile b/etc/profile-a-l/gtk-youtube-viewer.profile
index c814f0fef..5463973ad 100644
--- a/etc/profile-a-l/gtk-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk-youtube-viewer.profile
@@ -6,7 +6,9 @@ include gtk-youtube-viewer.local
 # added by included profile
 #include globals.local
-ignore quiet
+private-bin gtk-youtube-viewer
+include gtk-youtube-viewers-common.profile
 # Redirect
 include youtube-viewer.profile
diff --git a/etc/profile-a-l/gtk-youtube-viewers-common.profile b/etc/profile-a-l/gtk-youtube-viewers-common.profile
new file mode 100644
index 000000000..049448a23
--- /dev/null
+++ b/etc/profile-a-l/gtk-youtube-viewers-common.profile
@@ -0,0 +1,22 @@
+# Firejail profile for gtk-youtube-viewer clones
+# Description: common profile for Trizen's gtk Youtube viewers
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gtk-youtube-viewers-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+ignore quiet
+# The lines below are needed to find the default Firefox profile name, to allow
+# opening links in an existing instance of Firefox (note that it still fails if
+# there isn't a Firefox instance running with the default profile; see #5352)
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+private-bin firefox,xterm
+dbus-user filter
+# allow D-Bus communication with firefox for opening links
+dbus-user.talk org.mozilla.*
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 787c7bd90..51f0a0dd6 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -6,12 +6,9 @@ include gtk2-youtube-viewer.local
 # added by included profile
 #include globals.local
-ignore quiet
+private-bin gtk2-youtube-viewer
-noblacklist /tmp/.X11-unix
+include gtk-youtube-viewers-common.profile
-noblacklist ${RUNUSER}
-include whitelist-runuser-common.inc
 # Redirect
 include youtube-viewer.profile
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 988882622..e380304b3 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer.profile
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -6,12 +6,9 @@ include gtk3-youtube-viewer.local
 # added by included profile
 #include globals.local
-ignore quiet
+private-bin gtk3-youtube-viewer
-noblacklist /tmp/.X11-unix
+include gtk-youtube-viewers-common.profile
-noblacklist ${RUNUSER}
-include whitelist-runuser-common.inc
 # Redirect
 include youtube-viewer.profile
diff --git a/etc/profile-a-l/lbry-viewer.profile b/etc/profile-a-l/lbry-viewer.profile
index f6a02ac83..aad1330e0 100644
--- a/etc/profile-a-l/lbry-viewer.profile
+++ b/etc/profile-a-l/lbry-viewer.profile
@@ -15,7 +15,7 @@ mkdir ${HOME}/.cache/lbry-viewer
 whitelist ${HOME}/.cache/lbry-viewer
 whitelist ${HOME}/.config/lbry-viewer
-private-bin gtk-lbry-viewer,lbry-viewer
+private-bin lbry-viewer
 # Redirect
 include youtube-viewers-common.profile
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile
index 3de064311..77393274e 100644
--- a/etc/profile-m-z/pipe-viewer.profile
+++ b/etc/profile-m-z/pipe-viewer.profile
@@ -15,7 +15,7 @@ mkdir ${HOME}/.cache/pipe-viewer
 whitelist ${HOME}/.cache/pipe-viewer
 whitelist ${HOME}/.config/pipe-viewer
-private-bin gtk-pipe-viewer,pipe-viewer
+private-bin pipe-viewer
 # Redirect
 include youtube-viewers-common.profile
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile
index 513abc21b..48f83fabc 100644
--- a/etc/profile-m-z/straw-viewer.profile
+++ b/etc/profile-m-z/straw-viewer.profile
@@ -15,7 +15,7 @@ mkdir ${HOME}/.cache/straw-viewer
 whitelist ${HOME}/.cache/straw-viewer
 whitelist ${HOME}/.config/straw-viewer
-private-bin gtk-straw-viewer,straw-viewer
+private-bin straw-viewer
 # Redirect
 include youtube-viewers-common.profile
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile
index 825599fcc..4a0e26540 100644
--- a/etc/profile-m-z/youtube-viewer.profile
+++ b/etc/profile-m-z/youtube-viewer.profile
@@ -15,7 +15,7 @@ mkdir ${HOME}/.config/youtube-viewer
 whitelist ${HOME}/.cache/youtube-viewer
 whitelist ${HOME}/.config/youtube-viewer
-private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer
+private-bin youtube-viewer
 # Redirect
 include youtube-viewers-common.profile
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index d2b73ec4c..c9d2ea53b 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -8,6 +8,7 @@ include youtube-viewers-common.local
 #include globals.local
 noblacklist ${HOME}/.cache/youtube-dl
+noblacklist ${HOME}/.config/mpv
 # Allow lua (blacklisted by disable-interpreters.inc)
 include allow-lua.inc
@@ -19,12 +20,6 @@ include allow-perl.inc
 include allow-python2.inc
 include allow-python3.inc
-# The lines below are needed to find the default Firefox profile name, to allow
-# opening links in an existing instance of Firefox (note that it still fails if
-# there isn't a Firefox instance running with the default profile; see #5352)
-noblacklist ${HOME}/.mozilla
-whitelist ${HOME}/.mozilla/firefox/profiles.ini
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -34,7 +29,9 @@ include disable-xdg.inc
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs
+whitelist ${HOME}/.config/mpv
 include whitelist-common.inc
+include whitelist-run-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -55,16 +52,12 @@ seccomp
 tracelog
 disable-mnt
-private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp
+private-bin bash,ffmpeg,ffprobe,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,youtube-dl,yt-dlp
 private-cache
 private-dev
 private-etc @tls-ca,@x11,host.conf,mime.types
 private-tmp
-dbus-user filter
-# allow D-Bus communication with firefox for opening links
-dbus-user.talk org.mozilla.*
 dbus-system none
 restrict-namespaces
author	pirate486743186 <>	2023-04-16 00:06:28 +0200
committer	pirate486743186 <>	2023-04-16 00:06:28 +0200
commit	99898db8fc47b951ba0e8efdc61299be72aaa3c6 (patch)
tree	a7861f7a18b6ca8ff498f426ac3f129fe394c6be /etc
parent	Merge pull request #5777 from hotcapy/patch-1 (diff)
download	firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.tar.gz firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.tar.zst firejail-99898db8fc47b951ba0e8efdc61299be72aaa3c6.zip