Electronplayer

From ArchWiki
Revision as of 17:12, 28 May 2019 by Bonzu (talk | contribs) (Created page with "== Electronplayer == {{aur|electronplayer}} Is an application using the {{pkg|electron}} app development framework. It is used for viewing Netflix, YouTube, Twitch and Floatp...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Electronplayer

electronplayerAUR Is an application using the electron app development framework. It is used for viewing Netflix, YouTube, Twitch and Floatplane. Most notably to isolate the cookies from these websites from your main web browser.

Sandboxing

electronplayerAUR Seems to be resistant to being sandboxed with firejail, as it seems that it is installed by default in /usr/bin/electronplayer with a symlink to /opt/electronplayer/electronplayer --no-sandbox. Because of this, running:

$ ln -s /usr/bin/firejail /usr/local/bin/electronplayer 

and then running:

$ /usr/local/bin/electronplayer

will NOT sandbox electronplayer, it will immediately break out of the sandbox and begin running unconfined as if it were not being run with firejail. A workaround I've found for this problem is as follows:

Create firejail profile for electronplayer

$ touch /etc/firejail/electronplayer.profile

then:

$ chmod 644 /etc/firejail/electronplayer.profile

Then follow instructions in firejail for details on how to create a custom firejail profile. This is the one I use:

# Firejail profile for electronplayer
include electronplayer.local
# Persistent global definitions
include globals.local

include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc

noblacklist ${HOME}/.config/electronplayer
whitelist ${HOME}/.config/electronplayer

apparmor
caps.drop all
netfilter
nodbus
nodvd
nogroups
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
seccomp
Template error: are you trying to use the = sign? Visit Help:Template#Escape template-breaking characters for workarounds.

Create a soft link to electronplayer

Because /usr/bin/electronplayer already has a hard symlink to /opt/electronplayer/electronplayer --no-sandbox, the next step is to create a soft link to /usr/bin/firejail /opt/electronplayer/electronplayer in /usr/local/bin.

First:

$ touch /usr/local/bin/electronplayer

then:

$ chmod 755 /usr/local/bin/electronplayer

then add the following text to /usr/local/bin/electronplayer, adding whatever arguments or options you like to either of the commands:

#!/bin/sh
/usr/bin/firejail /opt/electronplayer/electronplayer
Template error: are you trying to use the = sign? Visit Help:Template#Escape template-breaking characters for workarounds.

And that's it! Now you can watch videos isolated from you normal web browser from the safety of the firejail sandbox!