1 files changed, 62 insertions, 6 deletions
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile
index 49d4b3b56..97f9e620a 100644
--- a/etc/profile-m-z/yt-dlp.profile
+++ b/etc/profile-m-z/yt-dlp.profile
@@ -5,17 +5,73 @@ quiet
 # Persistent local customizations
 include yt-dlp.local
 # Persistent global definitions
-# added by included profile
+include globals.local
-#include globals.local
+# If you installed via pip under ${HOME}
+# add 'ignore noexec ${HOME}' in yt-dlp.local.
+# AppArmor needs to allow it too,
+# add 'ignore apparmor' in yt-dlp.local
+# OR in /etc/apparmor.d/local/firejail-default add:
+# 'owner @HOME/.local/bin/** ix,'
+# 'owner @HOME/.local/lib/python*/** ix,'
+# then run the command
+# 'sudo apparmor_parser -r /etc/apparmor.d/firejail-default'
 noblacklist ${HOME}/.cache/yt-dlp
 noblacklist ${HOME}/.config/yt-dlp
 noblacklist ${HOME}/.config/yt-dlp.conf
 noblacklist ${HOME}/yt-dlp.conf
 noblacklist ${HOME}/yt-dlp.conf.txt
+noblacklist ${HOME}/.netrc
+noblacklist ${MUSIC}
+noblacklist ${VIDEOS}
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+tracelog
+private-bin env,ffmpeg,ffprobe,python*,yt-dlp
+private-cache
+private-dev
+private-etc @tls-ca,mime.types,yt-dlp.conf
+private-tmp
+dbus-user none
+dbus-system none
-private-bin ffprobe,yt-dlp
+memory-deny-write-execute
-private-etc yt-dlp.conf
-# Redirect
+restrict-namespaces
-include youtube-dl.profile

diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index 49d4b3b56..97f9e620a 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile
@@ -5,17 +5,73 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include yt-dlp.local	6	include yt-dlp.local
7	# Persistent global definitions	7	# Persistent global definitions
8	# added by included profile	8	include globals.local
9	#include globals.local	9
		10	# If you installed via pip under ${HOME}
		11	# add 'ignore noexec ${HOME}' in yt-dlp.local.
		12	# AppArmor needs to allow it too,
		13	# add 'ignore apparmor' in yt-dlp.local
		14	# OR in /etc/apparmor.d/local/firejail-default add:
		15	# 'owner @HOME/.local/bin/** ix,'
		16	# 'owner @HOME/.local/lib/python/* ix,'
		17	# then run the command
		18	# 'sudo apparmor_parser -r /etc/apparmor.d/firejail-default'
10		19
11	noblacklist ${HOME}/.cache/yt-dlp	20	noblacklist ${HOME}/.cache/yt-dlp
12	noblacklist ${HOME}/.config/yt-dlp	21	noblacklist ${HOME}/.config/yt-dlp
13	noblacklist ${HOME}/.config/yt-dlp.conf	22	noblacklist ${HOME}/.config/yt-dlp.conf
14	noblacklist ${HOME}/yt-dlp.conf	23	noblacklist ${HOME}/yt-dlp.conf
15	noblacklist ${HOME}/yt-dlp.conf.txt	24	noblacklist ${HOME}/yt-dlp.conf.txt
		25	noblacklist ${HOME}/.netrc
		26	noblacklist ${MUSIC}
		27	noblacklist ${VIDEOS}
		28
		29	# Allow python (blacklisted by disable-interpreters.inc)
		30	include allow-python3.inc
		31
		32	blacklist /tmp/.X11-unix
		33	blacklist ${RUNUSER}
		34
		35	include disable-common.inc
		36	include disable-devel.inc
		37	include disable-exec.inc
		38	include disable-interpreters.inc
		39	include disable-programs.inc
		40	include disable-shell.inc
		41	include disable-xdg.inc
		42
		43	include whitelist-usr-share-common.inc
		44	include whitelist-var-common.inc
		45
		46	apparmor
		47	caps.drop all
		48	ipc-namespace
		49	machine-id
		50	netfilter
		51	no3d
		52	nodvd
		53	nogroups
		54	noinput
		55	nonewprivs
		56	noroot
		57	nosound
		58	notv
		59	nou2f
		60	novideo
		61	protocol unix,inet,inet6
		62	seccomp
		63	seccomp.block-secondary
		64	tracelog
		65
		66	private-bin env,ffmpeg,ffprobe,python*,yt-dlp
		67	private-cache
		68	private-dev
		69	private-etc @tls-ca,mime.types,yt-dlp.conf
		70	private-tmp
		71
		72	dbus-user none
		73	dbus-system none
16		74
17	private-bin ffprobe,yt-dlp	75	memory-deny-write-execute
18	private-etc yt-dlp.conf
19		76
20	# Redirect	77	restrict-namespaces
21	include youtube-dl.profile