From fdc265b5b362db9dba3a8a03cae9e34d3e84fafb Mon Sep 17 00:00:00 2001 From: kortewegdevries Date: Thu, 3 Sep 2020 08:11:05 +0000 Subject: Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola (#3577) * Add profile for twitch,youtube wrappers * Fix git-cola, add Youtube music wrapper profiles * Fixes for git-cola again * Add profile for alternative name for git-cola * Fixes * Fix --- etc/inc/disable-programs.inc | 4 +++ etc/profile-a-l/cola.profile | 10 +++++++ etc/profile-a-l/git-cola.profile | 29 ++++++++++++++---- etc/profile-m-z/twitch.profile | 36 +++++++++++++++++++++++ etc/profile-m-z/youtube.profile | 37 +++++++++++++++++++++++ etc/profile-m-z/youtubemusic-nativefier.profile | 38 ++++++++++++++++++++++++ etc/profile-m-z/ytmdesktop.profile | 39 +++++++++++++++++++++++++ src/firecfg/firecfg.config | 5 ++++ 8 files changed, 192 insertions(+), 6 deletions(-) create mode 100644 etc/profile-a-l/cola.profile create mode 100644 etc/profile-m-z/twitch.profile create mode 100644 etc/profile-m-z/youtube.profile create mode 100644 etc/profile-m-z/youtubemusic-nativefier.profile create mode 100644 etc/profile-m-z/ytmdesktop.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e22a9ae3a..c7206686c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -135,9 +135,11 @@ blacklist ${HOME}/.config/Slack blacklist ${HOME}/.config/Standard Notes blacklist ${HOME}/.config/SubDownloader blacklist ${HOME}/.config/Thunar +blacklist ${HOME}/.config/Twitch blacklist ${HOME}/.config/Unknown Organization blacklist ${HOME}/.config/VirtualBox blacklist ${HOME}/.config/Wire +blacklist ${HOME}/.config/Youtube blacklist ${HOME}/.config/Zeal blacklist ${HOME}/.config/ZeGrapher Project blacklist ${HOME}/.config/abiword @@ -410,6 +412,8 @@ blacklist ${HOME}/.config/yandex-browser blacklist ${HOME}/.config/yandex-browser-beta blacklist ${HOME}/.config/yelp blacklist ${HOME}/.config/youtube-dl +blacklist ${HOME}/.config/youtubemusic-nativefier-040164 +blacklist ${HOME}/.config/youtube-music-desktop-app blacklist ${HOME}/.config/youtube-viewer blacklist ${HOME}/.config/zathura blacklist ${HOME}/.config/zoomus.conf diff --git a/etc/profile-a-l/cola.profile b/etc/profile-a-l/cola.profile new file mode 100644 index 000000000..e5debfd82 --- /dev/null +++ b/etc/profile-a-l/cola.profile @@ -0,0 +1,10 @@ +# Firejail profile for cola +# Description: Linux native frontend for Git,alternative call for git-cola +# This file is overwritten after every install/update +# Persistent local customizations +include cola.local +# Persistent global definitions +include globals.local + +# Redirect +include git-cola.profile \ No newline at end of file diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 30e80f519..4708078dd 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile @@ -12,6 +12,7 @@ noblacklist ${HOME}/.gitconfig noblacklist ${HOME}/.git-credentials noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.ssh +noblacklist ${HOME}/.subversion noblacklist ${HOME}/.config/git noblacklist ${HOME}/.config/git-cola # Put your editor,diff viewer config path below and uncomment to load settings @@ -28,7 +29,19 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc +whitelist ${RUNUSER}/gnupg +whitelist ${RUNUSER}/keyring +# Whitelist your editor, diff viewer, gnupg path below in /usr/share/ +whitelist /usr/share/git +whitelist /usr/share/git-cola +whitelist /usr/share/git-core +whitelist /usr/share/git-gui +whitelist /usr/share/gitk +whitelist /usr/share/gitweb +whitelist /usr/share/gnupg +whitelist /usr/share/gnupg2 include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc include whitelist-var-common.inc apparmor @@ -49,18 +62,22 @@ seccomp shell none tracelog -# private-bin atom,bash,colordiff,emacs,fldiff,geany,gedit,git,git gui,git-cola,git-dag,gitk,gpg,gvim,leafpad,meld,mousepad,nano,notepadqq,python*,sh,ssh,vim,vimdiff,which,xed +# Add your own diff viewer,editor,pinentry program +# pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg +private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed private-cache private-dev -# Comment if you sign commits with GPG -private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,X11,xdg +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg private-tmp +writable-run-user -dbus-user filter +# Breaks meld as diff viewer +# dbus-user filter # Uncomment if you need keyring access # dbus-user.talk org.freedesktop.secrets dbus-system none -read-only ${HOME}/.ssh -read-only ${HOME}/.gnupg read-only ${HOME}/.git-credentials + +# Comment if you need to allow hosts +read-only ${HOME}/.ssh diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile new file mode 100644 index 000000000..3c50344f1 --- /dev/null +++ b/etc/profile-m-z/twitch.profile @@ -0,0 +1,36 @@ +# Firejail profile for twitch +# Description: Unofficial electron based desktop warpper for Twitch +# This file is overwritten after every install/update +# Persistent local customizations +include twitch.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/Twitch + +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/Twitch +whitelist ${HOME}/.config/Twitch +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +seccomp !chroot +shell none + +disable-mnt +private-bin twitch +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-opt Twitch +private-tmp + +# Redirect +include electron.profile diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile new file mode 100644 index 000000000..a6c7750a9 --- /dev/null +++ b/etc/profile-m-z/youtube.profile @@ -0,0 +1,37 @@ +# Firejail profile for youtube +# Description: Unofficial electron based desktop warpper for YouTube +# This file is overwritten after every install/update +# Persistent local customizations +include youtube.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/Youtube + +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/Youtube +whitelist ${HOME}/.config/Youtube +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +novideo +seccomp !chroot +shell none + +disable-mnt +private-bin youtube +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-opt Youtube +private-tmp + +# Redirect +include electron.profile diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile new file mode 100644 index 000000000..3a94a5707 --- /dev/null +++ b/etc/profile-m-z/youtubemusic-nativefier.profile @@ -0,0 +1,38 @@ +# Firejail profile for youtubemusic-nativefier +# Description: Unofficial electron based desktop warpper for YouTube Music +# This file is overwritten after every install/update +# Persistent local customizations +include youtube.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/youtubemusic-nativefier-040164 + +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/youtubemusic-nativefier-040164 +whitelist ${HOME}/.config/youtubemusic-nativefier-040164 +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +nou2f +novideo +seccomp !chroot +shell none + +disable-mnt +private-bin youtubemusic-nativefier +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-opt youtubemusic-nativefier +private-tmp + +# Redirect +include electron.profile diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile new file mode 100644 index 000000000..5c37b838b --- /dev/null +++ b/etc/profile-m-z/ytmdesktop.profile @@ -0,0 +1,39 @@ +# Firejail profile for ytmdesktop +# Description: Unofficial electron based desktop warpper for YouTube Music +# This file is overwritten after every install/update +# Persistent local customizations +include youtube.local +# Persistent global definitions +include globals.local + +ignore dbus-user none + +noblacklist ${HOME}/.config/youtube-music-desktop-app + +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/youtube-music-desktop-app +whitelist ${HOME}/.config/youtube-music-desktop-app +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +nou2f +novideo +seccomp !chroot +shell none + +disable-mnt +# private-bin env,ytmdesktop +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +# private-opt +private-tmp + +# Redirect +include electron.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5e0ca8de4..3eb33908d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -136,6 +136,7 @@ clocks cmus code code-oss +cola com.github.dahenson.agenda com.github.johnfactotum.Foliate com.gitlab.newsflash @@ -755,6 +756,7 @@ truecraft tshark tuxguitar tvbrowser +twitch udiskie uefitool uget-gtk @@ -832,8 +834,11 @@ xreader-thumbnailer xviewer yandex-browser yelp +youtube youtube-dl youtube-viewer +youtubemusic-nativefier +ytmdesktop zaproxy zart zathura -- cgit v1.2.3-54-g00ecf