Add profile for straw-viewer (#3742)

* Add profile for straw-viewer * Remove blacklist, fixes
author: kortewegdevries <kortewegdevries@protonmail.ch> 2020-11-18 16:52:22 +0000
committer: GitHub <noreply@github.com> 2020-11-18 16:52:22 +0000
commit: ddb9194f8152ef16e3a1e678a976dc7aca10b066 (patch)
tree: 4ad10be11c975a5976ed5abd8e35e45598c32e39 /etc
parent: Merge pull request #3757 from rusty-snake/overrides2upstream (diff)
download: firejail-ddb9194f8152ef16e3a1e678a976dc7aca10b066.tar.gz
firejail-ddb9194f8152ef16e3a1e678a976dc7aca10b066.tar.zst
firejail-ddb9194f8152ef16e3a1e678a976dc7aca10b066.zip
7 files changed, 85 insertions, 19 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 7e3c0b657..976f988b2 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -378,6 +378,7 @@ blacklist ${HOME}/.config/spotify
 blacklist ${HOME}/.config/sqlitebrowser
 blacklist ${HOME}/.config/stellarium
 blacklist ${HOME}/.config/strawberry
+blacklist ${HOME}/.config/straw-viewer
 blacklist ${HOME}/.config/supertuxkart
 blacklist ${HOME}/.config/synfig
 blacklist ${HOME}/.config/teams
@@ -972,6 +973,7 @@ blacklist ${HOME}/.cache/smuxi
 blacklist ${HOME}/.cache/snox
 blacklist ${HOME}/.cache/spotify
 blacklist ${HOME}/.cache/strawberry
+blacklist ${HOME}/.cache/straw-viewer
 blacklist ${HOME}/.cache/supertuxkart
 blacklist ${HOME}/.cache/systemsettings
 blacklist ${HOME}/.cache/telepathy
diff --git a/etc/profile-a-l/gtk-straw-viewer.profile b/etc/profile-a-l/gtk-straw-viewer.profile
new file mode 100644
index 000000000..e2721360b
--- /dev/null
+++ b/etc/profile-a-l/gtk-straw-viewer.profile
@@ -0,0 +1,14 @@
+# Firejail profile for gtk-straw-viewer
+# Description: Gtk front-end to straw-viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gtk-straw-viewer.local
+# added by included profile
+#include globals.local
+ignore quiet
+include whitelist-runuser-common.inc
+# Redirect
+include straw-viewer.profile
diff --git a/etc/profile-a-l/gtk-youtube-viewer b/etc/profile-a-l/gtk-youtube-viewer.profile
index 023f10d3d..848979b52 100644
--- a/etc/profile-a-l/gtk-youtube-viewer
+++ b/etc/profile-a-l/gtk-youtube-viewer.profile
@@ -3,16 +3,12 @@
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gtk-youtube-viewer.local
-# Persistent global definitions
+# added by included profile
-# include globals.local
+#include globals.local
 ignore quiet
-noblacklist /tmp/.X11-unix
-noblacklist ${RUNUSER}/wayland-*
-noblacklist ${RUNUSER}
 include whitelist-runuser-common.inc
 # Redirect
-include youtube-viewer.profile
-\ No newline at end of file
+include youtube-viewer.profile
diff --git a/etc/profile-a-l/gtk2-youtube-viewer b/etc/profile-a-l/gtk2-youtube-viewer.profile
index 331e73218..dccadcf2e 100644
--- a/etc/profile-a-l/gtk2-youtube-viewer
+++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -3,8 +3,8 @@
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gtk2-youtube-viewer.local
-# Persistent global definitions
+# added by included profile
-# include globals.local
+#include globals.local
 ignore quiet
@@ -15,4 +15,4 @@ noblacklist ${RUNUSER}
 include whitelist-runuser-common.inc
 # Redirect
-include youtube-viewer.profile
-\ No newline at end of file
+include youtube-viewer.profile
diff --git a/etc/profile-a-l/gtk3-youtube-viewer b/etc/profile-a-l/gtk3-youtube-viewer.profile
index 4c5bde55f..3d91e284d 100644
--- a/etc/profile-a-l/gtk3-youtube-viewer
+++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -3,8 +3,8 @@
 # This file is overwritten after every install/update
 # Persistent local customizations
 include gtk3-youtube-viewer.local
-# Persistent global definitions
+# added by included profile
-# include globals.local
+#include globals.local
 ignore quiet
@@ -15,4 +15,4 @@ noblacklist ${RUNUSER}
 include whitelist-runuser-common.inc
 # Redirect
-include youtube-viewer.profile
-\ No newline at end of file
+include youtube-viewer.profile
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile
new file mode 100644
index 000000000..721ad38ee
--- /dev/null
+++ b/etc/profile-m-z/straw-viewer.profile
@@ -0,0 +1,58 @@
+# Firejail profile for straw-viewer
+# Description: Fork of youtube-viewer acts like an invidious frontend
+quiet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include straw-viewer.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/straw-viewer
+noblacklist ${HOME}/.config/straw-viewer
+include allow-lua.inc
+include allow-perl.inc
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/straw-viewer
+mkdir ${HOME}/.cache/straw-viewer
+whitelist ${HOME}/.cache/straw-viewer
+whitelist ${HOME}/.config/straw-viewer
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin bash,ffmpeg,ffprobe,gtk-straw-viewer,mpv,perl,python*,sh,smplayer,straw-viewer,stty,vlc,wget,which,youtube-dl
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile
index 513cb0f6e..a3a2afa29 100644
--- a/etc/profile-m-z/youtube-viewer.profile
+++ b/etc/profile-m-z/youtube-viewer.profile
@@ -7,10 +7,6 @@ include youtube-viewer.local
 # Persistent global definitions
 include globals.local
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
-blacklist ${RUNUSER}
 noblacklist ${HOME}/.config/youtube-viewer
 include allow-perl.inc
@@ -47,11 +43,11 @@ shell none
 tracelog
 disable-mnt
-# private-bin ffmpeg,ffprobe,firefox,gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,mpv,python*,smplayer,sh,which,vlc,youtube-dl,youtube-viewer
+private-bin ffmpeg,ffprobe,firefox,gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,mpv,python*,sh,smplayer,stty,vlc,which,youtube-dl,youtube-viewer
 private-cache
 private-dev
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg
 private-tmp
 dbus-user none
-dbus-system none
-\ No newline at end of file
+dbus-system none
author	kortewegdevries <kortewegdevries@protonmail.ch>	2020-11-18 16:52:22 +0000
committer	GitHub <noreply@github.com>	2020-11-18 16:52:22 +0000
commit	ddb9194f8152ef16e3a1e678a976dc7aca10b066 (patch)
tree	4ad10be11c975a5976ed5abd8e35e45598c32e39 /etc
parent	Merge pull request #3757 from rusty-snake/overrides2upstream (diff)
download	firejail-ddb9194f8152ef16e3a1e678a976dc7aca10b066.tar.gz firejail-ddb9194f8152ef16e3a1e678a976dc7aca10b066.tar.zst firejail-ddb9194f8152ef16e3a1e678a976dc7aca10b066.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 7e3c0b657..976f988b2 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -378,6 +378,7 @@ blacklist ${HOME}/.config/spotify
378	blacklist ${HOME}/.config/sqlitebrowser	378	blacklist ${HOME}/.config/sqlitebrowser
379	blacklist ${HOME}/.config/stellarium	379	blacklist ${HOME}/.config/stellarium
380	blacklist ${HOME}/.config/strawberry	380	blacklist ${HOME}/.config/strawberry
		381	blacklist ${HOME}/.config/straw-viewer
381	blacklist ${HOME}/.config/supertuxkart	382	blacklist ${HOME}/.config/supertuxkart
382	blacklist ${HOME}/.config/synfig	383	blacklist ${HOME}/.config/synfig
383	blacklist ${HOME}/.config/teams	384	blacklist ${HOME}/.config/teams
@@ -972,6 +973,7 @@ blacklist ${HOME}/.cache/smuxi
972	blacklist ${HOME}/.cache/snox	973	blacklist ${HOME}/.cache/snox
973	blacklist ${HOME}/.cache/spotify	974	blacklist ${HOME}/.cache/spotify
974	blacklist ${HOME}/.cache/strawberry	975	blacklist ${HOME}/.cache/strawberry
		976	blacklist ${HOME}/.cache/straw-viewer
975	blacklist ${HOME}/.cache/supertuxkart	977	blacklist ${HOME}/.cache/supertuxkart
976	blacklist ${HOME}/.cache/systemsettings	978	blacklist ${HOME}/.cache/systemsettings
977	blacklist ${HOME}/.cache/telepathy	979	blacklist ${HOME}/.cache/telepathy


diff --git a/etc/profile-a-l/gtk-straw-viewer.profile b/etc/profile-a-l/gtk-straw-viewer.profile new file mode 100644 index 000000000..e2721360b --- /dev/null +++ b/etc/profile-a-l/gtk-straw-viewer.profile
@@ -0,0 +1,14 @@
		1	# Firejail profile for gtk-straw-viewer
		2	# Description: Gtk front-end to straw-viewer
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gtk-straw-viewer.local
		6	# added by included profile
		7	#include globals.local
		8
		9	ignore quiet
		10
		11	include whitelist-runuser-common.inc
		12
		13	# Redirect
		14	include straw-viewer.profile


diff --git a/etc/profile-a-l/gtk-youtube-viewer b/etc/profile-a-l/gtk-youtube-viewer.profile index 023f10d3d..848979b52 100644 --- a/etc/profile-a-l/gtk-youtube-viewer +++ b/etc/profile-a-l/gtk-youtube-viewer.profile
@@ -3,16 +3,12 @@
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
4	# Persistent local customizations	4	# Persistent local customizations
5	include gtk-youtube-viewer.local	5	include gtk-youtube-viewer.local
6	# Persistent global definitions	6	# added by included profile
7	# include globals.local	7	#include globals.local
8		8
9	ignore quiet	9	ignore quiet
10		10
11	noblacklist /tmp/.X11-unix
12	noblacklist ${RUNUSER}/wayland-*
13	noblacklist ${RUNUSER}
14
15	include whitelist-runuser-common.inc	11	include whitelist-runuser-common.inc
16		12
17	# Redirect	13	# Redirect
18	include youtube-viewer.profile \ No newline at end of file	14	include youtube-viewer.profile


diff --git a/etc/profile-a-l/gtk2-youtube-viewer b/etc/profile-a-l/gtk2-youtube-viewer.profile index 331e73218..dccadcf2e 100644 --- a/etc/profile-a-l/gtk2-youtube-viewer +++ b/etc/profile-a-l/gtk2-youtube-viewer.profile
@@ -3,8 +3,8 @@
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
4	# Persistent local customizations	4	# Persistent local customizations
5	include gtk2-youtube-viewer.local	5	include gtk2-youtube-viewer.local
6	# Persistent global definitions	6	# added by included profile
7	# include globals.local	7	#include globals.local
8		8
9	ignore quiet	9	ignore quiet
10		10
@@ -15,4 +15,4 @@ noblacklist ${RUNUSER}
15	include whitelist-runuser-common.inc	15	include whitelist-runuser-common.inc
16		16
17	# Redirect	17	# Redirect
18	include youtube-viewer.profile \ No newline at end of file	18	include youtube-viewer.profile


diff --git a/etc/profile-a-l/gtk3-youtube-viewer b/etc/profile-a-l/gtk3-youtube-viewer.profile index 4c5bde55f..3d91e284d 100644 --- a/etc/profile-a-l/gtk3-youtube-viewer +++ b/etc/profile-a-l/gtk3-youtube-viewer.profile
@@ -3,8 +3,8 @@
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
4	# Persistent local customizations	4	# Persistent local customizations
5	include gtk3-youtube-viewer.local	5	include gtk3-youtube-viewer.local
6	# Persistent global definitions	6	# added by included profile
7	# include globals.local	7	#include globals.local
8		8
9	ignore quiet	9	ignore quiet
10		10
@@ -15,4 +15,4 @@ noblacklist ${RUNUSER}
15	include whitelist-runuser-common.inc	15	include whitelist-runuser-common.inc
16		16
17	# Redirect	17	# Redirect
18	include youtube-viewer.profile \ No newline at end of file	18	include youtube-viewer.profile


diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile new file mode 100644 index 000000000..721ad38ee --- /dev/null +++ b/etc/profile-m-z/straw-viewer.profile
@@ -0,0 +1,58 @@
		1	# Firejail profile for straw-viewer
		2	# Description: Fork of youtube-viewer acts like an invidious frontend
		3	quiet
		4	# This file is overwritten after every install/update
		5	# Persistent local customizations
		6	include straw-viewer.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	noblacklist ${HOME}/.cache/straw-viewer
		11	noblacklist ${HOME}/.config/straw-viewer
		12
		13	include allow-lua.inc
		14	include allow-perl.inc
		15	include allow-python2.inc
		16	include allow-python3.inc
		17
		18	include disable-common.inc
		19	include disable-devel.inc
		20	include disable-exec.inc
		21	include disable-interpreters.inc
		22	include disable-passwdmgr.inc
		23	include disable-programs.inc
		24	include disable-xdg.inc
		25
		26	mkdir ${HOME}/.config/straw-viewer
		27	mkdir ${HOME}/.cache/straw-viewer
		28	whitelist ${HOME}/.cache/straw-viewer
		29	whitelist ${HOME}/.config/straw-viewer
		30	whitelist ${DOWNLOADS}
		31	include whitelist-common.inc
		32	include whitelist-usr-share-common.inc
		33	include whitelist-var-common.inc
		34
		35	apparmor
		36	caps.drop all
		37	netfilter
		38	nodvd
		39	nogroups
		40	nonewprivs
		41	noroot
		42	notv
		43	nou2f
		44	novideo
		45	protocol unix,inet,inet6
		46	seccomp
		47	shell none
		48	tracelog
		49
		50	disable-mnt
		51	private-bin bash,ffmpeg,ffprobe,gtk-straw-viewer,mpv,perl,python*,sh,smplayer,straw-viewer,stty,vlc,wget,which,youtube-dl
		52	private-cache
		53	private-dev
		54	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg
		55	private-tmp
		56
		57	dbus-user none
		58	dbus-system none


diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile index 513cb0f6e..a3a2afa29 100644 --- a/etc/profile-m-z/youtube-viewer.profile +++ b/etc/profile-m-z/youtube-viewer.profile
@@ -7,10 +7,6 @@ include youtube-viewer.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	include globals.local
9		9
10	blacklist /tmp/.X11-unix
11	blacklist ${RUNUSER}/wayland-*
12	blacklist ${RUNUSER}
13
14	noblacklist ${HOME}/.config/youtube-viewer	10	noblacklist ${HOME}/.config/youtube-viewer
15		11
16	include allow-perl.inc	12	include allow-perl.inc
@@ -47,11 +43,11 @@ shell none
47	tracelog	43	tracelog
48		44
49	disable-mnt	45	disable-mnt
50	# private-bin ffmpeg,ffprobe,firefox,gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,mpv,python*,smplayer,sh,which,vlc,youtube-dl,youtube-viewer	46	private-bin ffmpeg,ffprobe,firefox,gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,mpv,python*,sh,smplayer,stty,vlc,which,youtube-dl,youtube-viewer
51	private-cache	47	private-cache
52	private-dev	48	private-dev
53	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg	49	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg
54	private-tmp	50	private-tmp
55		51
56	dbus-user none	52	dbus-user none
57	dbus-system none \ No newline at end of file	53	dbus-system none