From 98492f4f3f007d2674ff0e60fb8e81a0c231faf2 Mon Sep 17 00:00:00 2001 From: pirate486743186 <> Date: Thu, 9 Mar 2023 01:25:44 +0100 Subject: refactor yt-dlp --- etc/profile-m-z/yt-dlp.profile | 68 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 6 deletions(-) (limited to 'etc/profile-m-z/yt-dlp.profile') diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index 49d4b3b56..97f9e620a 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile @@ -5,17 +5,73 @@ quiet # Persistent local customizations include yt-dlp.local # Persistent global definitions -# added by included profile -#include globals.local +include globals.local + +# If you installed via pip under ${HOME} +# add 'ignore noexec ${HOME}' in yt-dlp.local. +# AppArmor needs to allow it too, +# add 'ignore apparmor' in yt-dlp.local +# OR in /etc/apparmor.d/local/firejail-default add: +# 'owner @HOME/.local/bin/** ix,' +# 'owner @HOME/.local/lib/python*/** ix,' +# then run the command +# 'sudo apparmor_parser -r /etc/apparmor.d/firejail-default' noblacklist ${HOME}/.cache/yt-dlp noblacklist ${HOME}/.config/yt-dlp noblacklist ${HOME}/.config/yt-dlp.conf noblacklist ${HOME}/yt-dlp.conf noblacklist ${HOME}/yt-dlp.conf.txt +noblacklist ${HOME}/.netrc +noblacklist ${MUSIC} +noblacklist ${VIDEOS} + +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python3.inc + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary +tracelog + +private-bin env,ffmpeg,ffprobe,python*,yt-dlp +private-cache +private-dev +private-etc @tls-ca,mime.types,yt-dlp.conf +private-tmp + +dbus-user none +dbus-system none -private-bin ffprobe,yt-dlp -private-etc yt-dlp.conf +memory-deny-write-execute -# Redirect -include youtube-dl.profile +restrict-namespaces -- cgit v1.2.3-70-g09d2