From 3b17b6e2395db62c0fd2881f2fca19bad19113e0 Mon Sep 17 00:00:00 2001 From: "amano.kenji" Date: Fri, 27 Dec 2024 14:06:26 +0000 Subject: [PATCH 1/4] New profile: pyradio https://github.com/coderholic/pyradio --- etc/profile-m-z/pyradio.profile | 103 ++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 etc/profile-m-z/pyradio.profile diff --git a/etc/profile-m-z/pyradio.profile b/etc/profile-m-z/pyradio.profile new file mode 100644 index 0000000000..d118a8fe9b --- /dev/null +++ b/etc/profile-m-z/pyradio.profile @@ -0,0 +1,103 @@ +# Firejail profile for pyradio +# Description: Curses based internet radio player +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include pyradio.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/mpv +noblacklist ${HOME}/.netrc +noblacklist ${HOME}/.mplayer +noblacklist ${HOME}/.cache/vlc +noblacklist ${HOME}/.config/vlc +noblacklist ${HOME}/.config/aacs +noblacklist ${HOME}/.local/share/vlc + +# This is required by mpv +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc + +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python3.inc + +blacklist ${RUNUSER}/wayland-* +blacklist /usr/libexec + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-X11.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/pyradio +mkdir ${HOME}/.config/pyradio +mkdir ${HOME}/.local/share/pyradio +mkdir ${HOME}/.local/state/pyradio +mkdir ${HOME}/pyradio-recordings +whitelist ${HOME}/.cache/pyradio +whitelist ${HOME}/.config/pyradio +whitelist ${HOME}/.local/share/pyradio +whitelist ${HOME}/.local/state/pyradio +whitelist ${HOME}/pyradio-recordings +# mpv +mkdir ${HOME}/.config/mpv +mkfile ${HOME}/.netrc +whitelist ${HOME}/.config/mpv +whitelist ${HOME}/.netrc +whitelist /usr/share/lua +whitelist /usr/share/lua* +# mplayer +mkdir ${HOME}/.mplayer +whitelist ${HOME}/.mplayer +# vlc +mkdir ${HOME}/.cache/vlc +mkdir ${HOME}/.config/vlc +mkdir ${HOME}/.local/share/vlc +whitelist ${HOME}/.cache/vlc +whitelist ${HOME}/.config/vlc +whitelist ${HOME}/.local/share/vlc +whitelist ${HOME}/.config/aacs + +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +notpm +notv +nou2f +novideo +protocol unix,inet,inet6,netlink +seccomp +seccomp.block-secondary + +disable-mnt +private-dev +private-tmp +writable-run-user + +dbus-user none +dbus-system none + +deterministic-shutdown +#memory-deny-write-execute # crashes lua +read-write ${HOME} +restrict-namespaces From a830d94af20f49ea4b7a90e9581a9ccaa77df65d Mon Sep 17 00:00:00 2001 From: amano-kenji <106365348+amano-kenji@users.noreply.github.com> Date: Tue, 31 Dec 2024 13:35:41 +0000 Subject: [PATCH 2/4] Update etc/profile-m-z/pyradio.profile Co-authored-by: Kelvin M. Klann --- etc/profile-m-z/pyradio.profile | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/etc/profile-m-z/pyradio.profile b/etc/profile-m-z/pyradio.profile index d118a8fe9b..eff37862bf 100644 --- a/etc/profile-m-z/pyradio.profile +++ b/etc/profile-m-z/pyradio.profile @@ -7,13 +7,20 @@ include pyradio.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.config/mpv -noblacklist ${HOME}/.netrc -noblacklist ${HOME}/.mplayer +noblacklist ${HOME}/.cache/mpv noblacklist ${HOME}/.cache/vlc +noblacklist ${HOME}/.config/mpv noblacklist ${HOME}/.config/vlc -noblacklist ${HOME}/.config/aacs noblacklist ${HOME}/.local/share/vlc +noblacklist ${HOME}/.local/state/mpv +noblacklist ${HOME}/.mplayer +noblacklist ${HOME}/.netrc + +noblacklist ${HOME}/.cache/pyradio +noblacklist ${HOME}/.config/pyradio +noblacklist ${HOME}/.local/share/pyradio +noblacklist ${HOME}/.local/state/pyradio +noblacklist ${HOME}/pyradio-recordings # This is required by mpv # Allow lua (blacklisted by disable-interpreters.inc) From d8a6c00368056c3f8076322b24f2cb835d45a300 Mon Sep 17 00:00:00 2001 From: amano-kenji <106365348+amano-kenji@users.noreply.github.com> Date: Tue, 31 Dec 2024 13:42:20 +0000 Subject: [PATCH 3/4] Update etc/profile-m-z/pyradio.profile Co-authored-by: Kelvin M. Klann --- etc/profile-m-z/pyradio.profile | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/etc/profile-m-z/pyradio.profile b/etc/profile-m-z/pyradio.profile index eff37862bf..9f6329e2d7 100644 --- a/etc/profile-m-z/pyradio.profile +++ b/etc/profile-m-z/pyradio.profile @@ -42,6 +42,18 @@ include disable-shell.inc include disable-X11.inc include disable-xdg.inc +whitelist ${HOME}/.cache/mpv +whitelist ${HOME}/.cache/vlc +whitelist ${HOME}/.config/mpv +whitelist ${HOME}/.config/vlc +whitelist ${HOME}/.local/share/vlc +whitelist ${HOME}/.local/state/mpv +whitelist ${HOME}/.mplayer +whitelist ${HOME}/.netrc +whitelist /usr/share/lua* +whitelist /usr/share/mpv +whitelist /usr/share/vlc + mkdir ${HOME}/.cache/pyradio mkdir ${HOME}/.config/pyradio mkdir ${HOME}/.local/share/pyradio @@ -52,25 +64,6 @@ whitelist ${HOME}/.config/pyradio whitelist ${HOME}/.local/share/pyradio whitelist ${HOME}/.local/state/pyradio whitelist ${HOME}/pyradio-recordings -# mpv -mkdir ${HOME}/.config/mpv -mkfile ${HOME}/.netrc -whitelist ${HOME}/.config/mpv -whitelist ${HOME}/.netrc -whitelist /usr/share/lua -whitelist /usr/share/lua* -# mplayer -mkdir ${HOME}/.mplayer -whitelist ${HOME}/.mplayer -# vlc -mkdir ${HOME}/.cache/vlc -mkdir ${HOME}/.config/vlc -mkdir ${HOME}/.local/share/vlc -whitelist ${HOME}/.cache/vlc -whitelist ${HOME}/.config/vlc -whitelist ${HOME}/.local/share/vlc -whitelist ${HOME}/.config/aacs - include whitelist-common.inc include whitelist-run-common.inc include whitelist-runuser-common.inc From 446a2f5053bd1d9ad4cd5a084d28222e77938091 Mon Sep 17 00:00:00 2001 From: amano-kenji <106365348+amano-kenji@users.noreply.github.com> Date: Tue, 31 Dec 2024 13:42:26 +0000 Subject: [PATCH 4/4] Update etc/profile-m-z/pyradio.profile Co-authored-by: Kelvin M. Klann --- etc/profile-m-z/pyradio.profile | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/profile-m-z/pyradio.profile b/etc/profile-m-z/pyradio.profile index 9f6329e2d7..9acbffb350 100644 --- a/etc/profile-m-z/pyradio.profile +++ b/etc/profile-m-z/pyradio.profile @@ -99,5 +99,4 @@ dbus-system none deterministic-shutdown #memory-deny-write-execute # crashes lua -read-write ${HOME} restrict-namespaces