Difference between revisions of "Electronplayer"

From ArchWiki
Jump to navigation Jump to search
m (Changed formatting a little, the substance of the content remains the same.)
(Fixed template errors)
Line 26: Line 26:
 
  $ chmod 644 /etc/firejail/electronplayer.profile
 
  $ chmod 644 /etc/firejail/electronplayer.profile
 
Then follow instructions in [[firejail]] for details on how to create a custom firejail profile. This is the one I use:
 
Then follow instructions in [[firejail]] for details on how to create a custom firejail profile. This is the one I use:
{{hc|# Firejail profile for electronplayer
+
# Firejail profile for electronplayer
include electronplayer.local
+
include electronplayer.local
# Persistent global definitions
+
# Persistent global definitions
include globals.local
+
include globals.local<br><br>
 
+
include disable-common.inc
include disable-common.inc
+
include disable-passwdmgr.inc
include disable-passwdmgr.inc
+
include disable-programs.inc<br><br>
include disable-programs.inc
+
noblacklist ${HOME}/.config/electronplayer
 
+
whitelist ${HOME}/.config/electronplayer<br><br>
noblacklist ${HOME}/.config/electronplayer
+
apparmor
whitelist ${HOME}/.config/electronplayer
+
caps.drop all
 
+
netfilter
apparmor
+
nodbus
caps.drop all
+
nodvd
netfilter
+
nogroups
nodbus
+
nonewprivs
nodvd
+
noroot
nogroups
+
notv
nonewprivs
+
protocol unix,inet,inet6,netlink
noroot
+
seccomp
notv
 
protocol unix,inet,inet6,netlink
 
seccomp}}
 
  
 
==== Create a soft link to electronplayer ====
 
==== Create a soft link to electronplayer ====
Line 59: Line 56:
 
  $ chmod 755 /usr/local/bin/electronplayer
 
  $ chmod 755 /usr/local/bin/electronplayer
 
then add the following text to {{ic|/usr/local/bin/electronplayer}}, adding whatever arguments or options you like to either of the commands:
 
then add the following text to {{ic|/usr/local/bin/electronplayer}}, adding whatever arguments or options you like to either of the commands:
{{hc|#!/bin/sh
+
#!/bin/sh
/usr/bin/firejail /opt/electronplayer/electronplayer}}
+
/usr/bin/firejail /opt/electronplayer/electronplayer
  
 
'''And that's it! Now you can watch videos isolated from you normal web browser from the safety of the firejail sandbox!'''
 
'''And that's it! Now you can watch videos isolated from you normal web browser from the safety of the firejail sandbox!'''

Revision as of 17:40, 28 May 2019

electronplayerAUR Is an application using the electron app development framework. It is used for viewing Netflix, YouTube, Twitch and Floatplane. Most notably to isolate the cookies from these websites from your main web browser.

Installation

Install electronplayerAUR, either manually or by using one of these AUR_helpers.

Sandboxing

electronplayerAUR Seems to be resistant to being sandboxed with firejail, as it seems that it is installed by default in /usr/bin/electronplayer with a symlink to /opt/electronplayer/electronplayer --no-sandbox. Because of this, running:

$ ln -s /usr/bin/firejail /usr/local/bin/electronplayer 

and then running:

$ /usr/local/bin/electronplayer

will NOT sandbox electronplayer, it will immediately break out of the sandbox and begin running unconfined as if it were not being run with firejail. A workaround I've found for this problem is as follows:

Create firejail profile for electronplayer

$ touch /etc/firejail/electronplayer.profile

then:

$ chmod 644 /etc/firejail/electronplayer.profile

Then follow instructions in firejail for details on how to create a custom firejail profile. This is the one I use:

# Firejail profile for electronplayer
include electronplayer.local
# Persistent global definitions
include globals.local

include disable-common.inc include disable-passwdmgr.inc include disable-programs.inc

noblacklist ${HOME}/.config/electronplayer whitelist ${HOME}/.config/electronplayer

apparmor caps.drop all netfilter nodbus nodvd nogroups nonewprivs noroot notv protocol unix,inet,inet6,netlink seccomp

Create a soft link to electronplayer

Because /usr/bin/electronplayer already has a hard symlink to /opt/electronplayer/electronplayer --no-sandbox, the next step is to create a soft link to /usr/bin/firejail /opt/electronplayer/electronplayer in /usr/local/bin. First:

$ touch /usr/local/bin/electronplayer

then:

$ chmod 755 /usr/local/bin/electronplayer

then add the following text to /usr/local/bin/electronplayer, adding whatever arguments or options you like to either of the commands:

#!/bin/sh
/usr/bin/firejail /opt/electronplayer/electronplayer

And that's it! Now you can watch videos isolated from you normal web browser from the safety of the firejail sandbox!