-
Notifications
You must be signed in to change notification settings - Fork 1
/
usr.local.bin.youtube-dl
113 lines (83 loc) · 2.83 KB
/
usr.local.bin.youtube-dl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# vim:syntax=apparmor
#include <tunables/global>
# adjust in local
@{YTDL_DIRS} = @{HOME}/Downloads /tmp/ytdl
@{YTDL_BINS} = /usr/{,local/}bin/{youtube-dl,yt-dlp}*
#include if exists <local/tunables/3rd/usr.local.bin.youtube-dl>
profile youtube_dl @{YTDL_BINS} {
@{YTDL_BINS} r,
#include <abstractions/base>
#include <abstractions/openssl>
#include <abstractions/ssl_certs>
# #include <abstractions/nameservice>
#include <abstractions/3rd/nameservice-strict>
@{YTDL_DIRS}/** rwk,
/etc/youtube-dl.conf r,
/etc/mime.types r,
/etc/python{2.[4-7],3.[0-9],3.[0-9][0-9]}/** r,
owner @{PROC}/@{pid}/{fd/,mounts} r,
owner @{HOME}/.cache/youtube-dl/{,**} rwk,
owner @{HOME}/.config/youtube-dl/{,**} r,
owner @{HOME}/.netrc r,
owner /tmp/ytdl_prg rw,
owner /tmp/ytdl_stderr rw,
owner /tmp/?????? w,
owner /var/tmp/?????? w,
/usr/bin/python{2.[4-7],3.[0-9],3.[0-9][0-9]} rix,
/usr/bin/env rix,
/{,usr/}bin/stty rix,
/{,usr/}sbin/ldconfig{,.real} rix,
/{,usr/}bin/uname rix,
/{,usr/}bin/file rix,
/etc/magic r,
/usr/local/lib{,32,64}/python{2.[4-7],3.[0-9],3.[0-9][0-9]}/{site,dist}-packages/{,youtube_dl/**} r,
deny /usr/bin/ r, # ?; noisy
/usr/bin/ffmpeg Cx,
profile ffmpeg /usr/bin/ffmpeg {
/usr/bin/ffmpeg r,
#include <abstractions/base>
@{YTDL_DIRS}/** rw,
/sys/devices/system/node/{,node[0-9]*/meminfo} r,
# livestreams
# #include <abstractions/3rd/nameservice-strict>
# #include <abstractions/ssl_certs>
# network tcp,
# network udp,
# network netlink raw,
#include if exists <local/usr.local.bin.youtube-dl_ffmpeg>
}
/usr/bin/ffprobe Cx,
profile ffprobe /usr/bin/ffprobe {
/usr/bin/ffprobe r,
#include <abstractions/base>
@{YTDL_DIRS}/** r,
/sys/devices/system/node/{,node[0-9]*/meminfo} r,
# some media-providers require network
network tcp,
#include if exists <local/usr.local.bin.youtube-dl_ffprobe>
}
/{,usr/}bin/dash Cx,
profile dash /{,usr/}bin/dash {
/{,usr/}bin/dash r,
#include <abstractions/base>
@{YTDL_DIRS}/** rw,
# --exec commands goes here
# /bin/mv rix,
# /bin/cp Ux, # Unrestricted, DANGEROUS
#include if exists <local/usr.local.bin.youtube-dl_dash>
}
# yt-dlp
/etc/yt-dlp.conf r,
deny /etc/apt/apt.conf.d/ r, # ??
owner @{HOME}/.cache/yt-dlp/{,**} rwk,
owner @{HOME}/.config/yt-dlp/{,**} r,
owner @{HOME}/.config/yt-dlp.conf r,
owner @{HOME}/yt-dlp.conf{,.txt} r,
/{,var/}run/uuidd/request rw,
/usr/share/dpkg/cputable r,
# Ubuntu
network tcp,
network udp,
network netlink raw,
#include if exists <local/usr.local.bin.youtube-dl>
}