Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New profile: lobster #5706

Merged
merged 1 commit into from
Mar 8, 2023
Merged

New profile: lobster #5706

merged 1 commit into from
Mar 8, 2023

Conversation

pirate486743186
Copy link
Contributor

it's a shell script for streaming

@kmk3 kmk3 changed the title adding lobster.profile add lobster.profile Mar 3, 2023
@kmk3
Copy link
Collaborator

kmk3 commented Mar 3, 2023
edited
Loading

(Rebased to master to fix CI)

Just to confirm, is this https://github.com/justchokingaround/lobster?

glitsj16
glitsj16 requested changes Mar 3, 2023
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some checks needed for potential hardening.

kmk3
kmk3 reviewed Mar 3, 2023
View reviewed changes
Copy link
Collaborator

@kmk3 kmk3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this script is mostly a wrapper for mpv and yet the profile is more
restrictive than mpv.profile.

For example, it does not include paths which may be needed by mpv plugins:

include allow-lua.inc

whitelist /usr/share/lua
whitelist /usr/share/lua*

And it contains machine-id, which AFAIK may break pulseaudio.

Some of the extra restrictions make sense to me given the more focused
scenario, such as nodvd and include disable-xdg.inc.

How about keeping them and making this a redirect to mpv.profile?

To keep it in sync with mpv.profile and avoid duplication.

@kmk3 kmk3 mentioned this pull request Mar 3, 2023
Merged
@pirate486743186
Copy link
Contributor Author

(Rebased to master to fix CI)

Just to confirm, is this https://github.com/justchokingaround/lobster?

yes

glitsj16
glitsj16 approved these changes Mar 3, 2023
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, just a few nits.

@pirate486743186
Copy link
Contributor Author

pirate486743186 commented Mar 3, 2023
edited
Loading

@kmk3
It's a subjective choice.

The profile as is, is for simple use. It doesn't take into account plugins or weird pulseaudio configs.

@glitsj16 seams more interested in hardening it more.

@pirate486743186
Copy link
Contributor Author

i also commented out machine-id for pulseaudio.

@glitsj16
Copy link
Collaborator

glitsj16 commented Mar 3, 2023

How about keeping them and making this a redirect to mpv.profile?
To keep it in sync with mpv.profile and avoid duplication.

That would indeed be a nicer way to do things, I agree.

glitsj16
glitsj16 reviewed Mar 3, 2023
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on principal. Can you try @kmk3's suggestion to refactor this as mpv redirect?

glitsj16
glitsj16 requested changes Mar 3, 2023
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid including globals.local twice. Format to achieve that is in my comment.

glitsj16
glitsj16 approved these changes Mar 3, 2023
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Nice to have this as a redirect profile now, congrats 👍.

@netblue30 netblue30 merged commit 7b162f8 into netblue30:master Mar 8, 2023
@netblue30
Copy link
Owner

all in, thanks!

@pirate486743186 pirate486743186 deleted the lobster branch March 8, 2023 17:40
kmk3 added a commit to kmk3/firejail that referenced this pull request Mar 28, 2023
@kmk3
mpv: move read-only entries to disable-common.inc
13cb318 
Note: mpv itself does not modify anything in ~/.config/mpv as far as I
know, in which case it does not need a read-write entry.

Relates to netblue30#5706 netblue30#5707 netblue30#5710.
@kmk3 kmk3 mentioned this pull request Mar 28, 2023
Merged
@kmk3 kmk3 changed the title add lobster.profile New profile: lobster Sep 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmk3 kmk3 kmk3 left review comments

@glitsj16 glitsj16 glitsj16 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pirate486743186 @kmk3 @glitsj16 @netblue30