From 98492f4f3f007d2674ff0e60fb8e81a0c231faf2 Mon Sep 17 00:00:00 2001 From: pirate486743186 <> Date: Thu, 9 Mar 2023 01:25:44 +0100 Subject: refactor yt-dlp --- etc/profile-a-l/gallery-dl.profile | 2 +- etc/profile-m-z/youtube-dl.profile | 58 ++++---------------------------- etc/profile-m-z/yt-dlp.profile | 68 ++++++++++++++++++++++++++++++++++---- 3 files changed, 69 insertions(+), 59 deletions(-) (limited to 'etc') diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile index 9c8200dc4..9643820e7 100644 --- a/etc/profile-a-l/gallery-dl.profile +++ b/etc/profile-a-l/gallery-dl.profile @@ -15,4 +15,4 @@ private-bin gallery-dl private-etc gallery-dl.conf # Redirect -include youtube-dl.profile +include yt-dlp.profile diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 8376b4989..9e81d745d 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile @@ -5,63 +5,17 @@ quiet # Persistent local customizations include youtube-dl.local # Persistent global definitions -include globals.local - -# breaks when installed under ${HOME} via `pip install --user` (see #2833) -ignore noexec ${HOME} +# added by included profile +#include globals.local noblacklist ${HOME}/.cache/youtube-dl noblacklist ${HOME}/.config/youtube-dl -noblacklist ${HOME}/.netrc -noblacklist ${MUSIC} -noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) include allow-python2.inc -include allow-python3.inc - -blacklist /tmp/.X11-unix -blacklist ${RUNUSER} - -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-programs.inc -include disable-shell.inc -include disable-xdg.inc - -include whitelist-usr-share-common.inc -include whitelist-var-common.inc - -apparmor -caps.drop all -ipc-namespace -machine-id -netfilter -no3d -nodvd -nogroups -noinput -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix,inet,inet6 -seccomp -seccomp.block-secondary -tracelog - -private-bin env,ffmpeg,python*,youtube-dl -private-cache -private-dev -private-etc @tls-ca,mime.types,youtube-dl.conf -private-tmp -dbus-user none -dbus-system none +private-bin youtube-dl +private-etc youtube-dl.conf -#memory-deny-write-execute - breaks on Arch (see issue #1803) -restrict-namespaces +# Redirect +include yt-dlp.profile diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index 49d4b3b56..97f9e620a 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile @@ -5,17 +5,73 @@ quiet # Persistent local customizations include yt-dlp.local # Persistent global definitions -# added by included profile -#include globals.local +include globals.local + +# If you installed via pip under ${HOME} +# add 'ignore noexec ${HOME}' in yt-dlp.local. +# AppArmor needs to allow it too, +# add 'ignore apparmor' in yt-dlp.local +# OR in /etc/apparmor.d/local/firejail-default add: +# 'owner @HOME/.local/bin/** ix,' +# 'owner @HOME/.local/lib/python*/** ix,' +# then run the command +# 'sudo apparmor_parser -r /etc/apparmor.d/firejail-default' noblacklist ${HOME}/.cache/yt-dlp noblacklist ${HOME}/.config/yt-dlp noblacklist ${HOME}/.config/yt-dlp.conf noblacklist ${HOME}/yt-dlp.conf noblacklist ${HOME}/yt-dlp.conf.txt +noblacklist ${HOME}/.netrc +noblacklist ${MUSIC} +noblacklist ${VIDEOS} + +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python3.inc + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary +tracelog + +private-bin env,ffmpeg,ffprobe,python*,yt-dlp +private-cache +private-dev +private-etc @tls-ca,mime.types,yt-dlp.conf +private-tmp + +dbus-user none +dbus-system none -private-bin ffprobe,yt-dlp -private-etc yt-dlp.conf +memory-deny-write-execute -# Redirect -include youtube-dl.profile +restrict-namespaces -- cgit v1.2.3-70-g09d2