[GH-ISSUE #475] mpv unable to use youtube-dl with icecat profile

gitea-mirror commented

2026-05-05 05:37:22 -06:00

Owner

Originally created by @dirtybytes on GitHub (Apr 22, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/475

Recently (it started no longer than two weeks ago, probably less than one) I've been unable to use play-with-mpv add-on from within firejailed icecat. It worked fine for as long as I can remember, but not anymore. It looks like mpv is started, but is unable to use youtube-dl for some reason and so quickly fails, as revealed from the console:

$ firejail --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw
Reading profile /etc/firejail/icecat.profile
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Warning: user namespaces not available in the current kernel.
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 25360, child pid 25361
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog

Child process initialized
Playing: https://www.youtube.com/watch?v=IVpOyKCNZYw
[ytdl_hook] youtube-dl failed, trying to play URL directly ... 
[ffmpeg] tls: The TLS connection was non-properly terminated.
Failed to recognize file format.


Exiting... (Errors when loading file)

Parent is shutting down, bye...

It works fine though when starting without specifying the profile.

Originally created by @dirtybytes on GitHub (Apr 22, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/475 Recently (it started no longer than two weeks ago, probably less than one) I've been unable to use play-with-mpv add-on from within firejailed icecat. It worked fine for as long as I can remember, but not anymore. It looks like mpv is started, but is unable to use youtube-dl for some reason and so quickly fails, as revealed from the console: ``` $ firejail --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw Reading profile /etc/firejail/icecat.profile Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Warning: user namespaces not available in the current kernel. Reading profile /etc/firejail/whitelist-common.inc Parent pid 25360, child pid 25361 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Child process initialized Playing: https://www.youtube.com/watch?v=IVpOyKCNZYw [ytdl_hook] youtube-dl failed, trying to play URL directly ... [ffmpeg] tls: The TLS connection was non-properly terminated. Failed to recognize file format. Exiting... (Errors when loading file) Parent is shutting down, bye... ``` It works fine though when starting without specifying the profile.

gitea-mirror

2026-05-05 05:37:22 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 05:37:27 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 22, 2016):

What happens when you don't specify the profile? (Please show the terminal output.)
Do you perhaps have a custom profile in ~/.config/firejail/ ?

@Fred-Barclay commented on GitHub (Apr 22, 2016): What happens when you don't specify the profile? (Please show the terminal output.) Do you perhaps have a custom profile in ~/.config/firejail/ ?

gitea-mirror commented

2026-05-05 05:37:28 -06:00

Author

Owner

@liloman commented on GitHub (Apr 22, 2016):

Hi,

I was going to report exactly the same but for firefox. :D
I've been using firefox and youtube-dl since I started using firejail and It was working nice since the last commit 2 months ago, today I have update firejail to last commit and suddenly youtube-dl stopped working.

The issue is that /usr/bin/python3 is blocked by default in disable-devel.profile, so It stopped working because last week It was blacklisted in this profile.

I've tried using noblacklist after including the profile without luck.

So I have 2 question:

1-How can you whitelist just python for youtube-dl or at least for firefox?. :S

2-I don't know why BUT my journalctl is reporting me many blocked attempts to the whole devel enviroment from firefox since I started using firejail. Is that a common issue or O_o??

The logs look like this:

journalctl  SYSLOG_IDENTIFIER=firejail -xr
abr 22 22:09:57 pc firejail[14822]: blacklist violation - sandbox 14819, exe firefox, syscall access, path /usr/bin/gdb

EDIT: To add log
Cheers and thanks.

@liloman commented on GitHub (Apr 22, 2016): Hi, I was going to report exactly the same but for firefox. :D I've been using firefox and youtube-dl since I started using firejail and It was working nice since the last commit 2 months ago, today I have update firejail to last commit and suddenly youtube-dl stopped working. The issue is that /usr/bin/python3 is blocked by default in disable-devel.profile, so It stopped working because last week It was blacklisted in this profile. I've tried using noblacklist after including the profile without luck. So I have 2 question: 1-How can you whitelist just python for youtube-dl or at least for firefox?. :S 2-I don't know why BUT my journalctl is reporting me many blocked attempts to the whole devel enviroment from firefox since I started using firejail. Is that a common issue or O_o?? The logs look like this: ``` journalctl SYSLOG_IDENTIFIER=firejail -xr abr 22 22:09:57 pc firejail[14822]: blacklist violation - sandbox 14819, exe firefox, syscall access, path /usr/bin/gdb ``` EDIT: To add log Cheers and thanks.

gitea-mirror commented

2026-05-05 05:37:30 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 22, 2016):

$ firejail mpv https://www.youtube.com/watch?v=IVpOyKCNZYw
Reading profile /etc/firejail/generic.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Warning: user namespaces not available in the current kernel.

** Note: you can use --noprofile to disable generic.profile **

Parent pid 11481, child pid 11482
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted

Child process initialized
Playing: https://www.youtube.com/watch?v=IVpOyKCNZYw
 (+) Video --vid=1 (*) (h264)
 (+) Audio --aid=1 --alang=und (*) 'DASH audio' (aac) (external)
[vo/opengl/x11] Forcing NetWM FULLSCREEN support.
[vo/opengl/x11] Forcing NetWM FULLSCREEN support.
libva info: VA-API version 0.39.0
libva info: va_getDriverName() returns 0
libva info: Trying to open /usr/lib/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_39
libva info: va_openDriver() returns 0
AO: [pulse] 44100Hz stereo 2ch float
Using hardware decoding (vaapi).
VO: [opengl] 640x360 vaapi
AV: 00:00:03 / 00:01:57 (3%) A-V:  0.000 Cache: 10s+352KB


Exiting... (Quit)

Parent is shutting down, bye...

Here's the output after watching for three seconds and quitting. And no, I don't have any custom profiles in my home directory.

@dirtybytes commented on GitHub (Apr 22, 2016): ``` $ firejail mpv https://www.youtube.com/watch?v=IVpOyKCNZYw Reading profile /etc/firejail/generic.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-passwdmgr.inc Warning: user namespaces not available in the current kernel. ** Note: you can use --noprofile to disable generic.profile ** Parent pid 11481, child pid 11482 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized Playing: https://www.youtube.com/watch?v=IVpOyKCNZYw (+) Video --vid=1 (*) (h264) (+) Audio --aid=1 --alang=und (*) 'DASH audio' (aac) (external) [vo/opengl/x11] Forcing NetWM FULLSCREEN support. [vo/opengl/x11] Forcing NetWM FULLSCREEN support. libva info: VA-API version 0.39.0 libva info: va_getDriverName() returns 0 libva info: Trying to open /usr/lib/dri/i965_drv_video.so libva info: Found init function __vaDriverInit_0_39 libva info: va_openDriver() returns 0 AO: [pulse] 44100Hz stereo 2ch float Using hardware decoding (vaapi). VO: [opengl] 640x360 vaapi AV: 00:00:03 / 00:01:57 (3%) A-V: 0.000 Cache: 10s+352KB Exiting... (Quit) Parent is shutting down, bye... ``` Here's the output after watching for three seconds and quitting. And no, I don't have any custom profiles in my home directory.

gitea-mirror commented

2026-05-05 05:37:31 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 22, 2016):

Yes, I was the one who blacklisted python2 and python3. Sorry about the trouble--it's going to take a bit to find all the programmes that require python3. :)

@liloman : the logs are because tracelog is enabled in the firejail profile. That's good. What is gdb?

@dirtybytes : apparently icecat.profile includes disable-devel.inc, while the mpv profile doesn't. Let's try noblacklisting python3. firejail --noblacklist=${PATH}/python3* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw

I personally am not comfortable with removing python3 from the blacklist (though of course any decision on what to do is ultimately @netblue30's). Python isn't a common attack vector--nothing as bad as java--but it's still a concern of mine.
I'm not exactly sure how to write a profile for an add-on. Would you do some experimenting if I hack a profile together?

@Fred-Barclay commented on GitHub (Apr 22, 2016): Yes, I was the one who blacklisted python2 and python3. Sorry about the trouble--it's going to take a bit to find all the programmes that require python3. :) @liloman : the logs are because tracelog is enabled in the firejail profile. That's good. What is gdb? @dirtybytes : apparently icecat.profile includes disable-devel.inc, while the mpv profile doesn't. Let's try noblacklisting python3. `firejail --noblacklist=${PATH}/python3* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw` I personally am not comfortable with removing python3 from the blacklist (though of course any decision on what to do is ultimately @netblue30's). Python isn't a common attack vector--nothing as bad as java--but it's still a concern of mine. I'm not exactly sure how to write a profile for an add-on. Would you do some experimenting if I hack a profile together?

gitea-mirror commented

2026-05-05 05:37:33 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 22, 2016):

Oh--one more thing. Are all of you on firejail 0.9.40~rc2?
firejail --version

@Fred-Barclay commented on GitHub (Apr 22, 2016): Oh--one more thing. Are all of you on firejail 0.9.40~rc2? `firejail --version`

gitea-mirror commented

2026-05-05 05:37:35 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 22, 2016):

$PATH is actually a list, so I'm not sure if you can do stuff like ${PATH}/xyz. Tried this instead:

$ firejail --noblacklist=/usr/bin/python* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw
Reading profile /etc/firejail/icecat.profile
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Warning: user namespaces not available in the current kernel.
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 18425, child pid 18426
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog

Child process initialized
Playing: https://www.youtube.com/watch?v=IVpOyKCNZYw
[ytdl_hook] Could not find platform independent libraries <prefix>
[ytdl_hook] Could not find platform dependent libraries <exec_prefix>
[ytdl_hook] Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
[ytdl_hook] Fatal Python error: Py_Initialize: Unable to get the locale encoding
[ytdl_hook] ImportError: No module named 'encodings'
[ytdl_hook] 
[ytdl_hook] Current thread 0x00007f02b57e5700 (most recent call first):
[ytdl_hook] youtube-dl failed, trying to play URL directly ... 
[ffmpeg] tls: The TLS connection was non-properly terminated.
Failed to recognize file format.


Exiting... (Errors when loading file)

Parent is shutting down, bye...

Sure, I can try different profiles. If you can't find a solution that doesn't involve whitelisting python, it's probably not a good idea to merge the changes into the main branch, but it would still be nice to know what you can do for a custom profile if you're willing to put up with additional risk for some convenience.
Version is the very latest, cloned from github and compiled from source.

@dirtybytes commented on GitHub (Apr 22, 2016): $PATH is actually a list, so I'm not sure if you can do stuff like ${PATH}/xyz. Tried this instead: ``` $ firejail --noblacklist=/usr/bin/python* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw Reading profile /etc/firejail/icecat.profile Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Warning: user namespaces not available in the current kernel. Reading profile /etc/firejail/whitelist-common.inc Parent pid 18425, child pid 18426 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Child process initialized Playing: https://www.youtube.com/watch?v=IVpOyKCNZYw [ytdl_hook] Could not find platform independent libraries <prefix> [ytdl_hook] Could not find platform dependent libraries <exec_prefix> [ytdl_hook] Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] [ytdl_hook] Fatal Python error: Py_Initialize: Unable to get the locale encoding [ytdl_hook] ImportError: No module named 'encodings' [ytdl_hook] [ytdl_hook] Current thread 0x00007f02b57e5700 (most recent call first): [ytdl_hook] youtube-dl failed, trying to play URL directly ... [ffmpeg] tls: The TLS connection was non-properly terminated. Failed to recognize file format. Exiting... (Errors when loading file) Parent is shutting down, bye... ``` Sure, I can try different profiles. If you can't find a solution that doesn't involve whitelisting python, it's probably not a good idea to merge the changes into the main branch, but it would still be nice to know what you can do for a custom profile if you're willing to put up with additional risk for some convenience. Version is the very latest, cloned from github and compiled from source.

gitea-mirror commented

2026-05-05 05:37:36 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 22, 2016):

Good, that's the same version I have (I build from source every day).
You're right about ${PATH}; I don't know what I was thinking. :)

You seem to need the python libraries as well. At the moment I'm not entirely sure if it's python2 or python3, so keep on enabling both of them.
Try this:
firejail --noblacklist=/usr/bin/python* --noblacklist=/usr/lib/python* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw

@Fred-Barclay commented on GitHub (Apr 22, 2016): Good, that's the same version I have (I build from source every day). You're right about ${PATH}; I don't know what I was thinking. :) You seem to need the python libraries as well. At the moment I'm not entirely sure if it's python2 or python3, so keep on enabling both of them. Try this: `firejail --noblacklist=/usr/bin/python* --noblacklist=/usr/lib/python* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw`

gitea-mirror commented

2026-05-05 05:37:38 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 23, 2016):

Yep, works that way. I guess I'll have to add this to a modified profile unless someone can figure out a better solution.

@dirtybytes commented on GitHub (Apr 23, 2016): Yep, works that way. I guess I'll have to add this to a modified profile unless someone can figure out a better solution.

gitea-mirror commented

2026-05-05 05:37:39 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 23, 2016):

Wait--first let's find out a few more. Can you run each of these and tell me what you get?

firejail --noblacklist=/usr/bin/python2* --noblacklist=/usr/lib/python2* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw
firejail --noblacklist=/usr/bin/python3* --noblacklist=/usr/lib/python3* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw
3.firejail --noblacklist=/usr/lib/python2* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw
firejail -noblacklist=/usr/lib/python3* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw

I'll handle the (experimental) profile if you like. :)

@Fred-Barclay commented on GitHub (Apr 23, 2016): Wait--first let's find out a few more. Can you run each of these and tell me what you get? 1. `firejail --noblacklist=/usr/bin/python2* --noblacklist=/usr/lib/python2* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw` 2. `firejail --noblacklist=/usr/bin/python3* --noblacklist=/usr/lib/python3* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw` 3.`firejail --noblacklist=/usr/lib/python2* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw` 4. `firejail -noblacklist=/usr/lib/python3* --profile=/etc/firejail/icecat.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw` I'll handle the (experimental) profile if you like. :)

gitea-mirror commented

2026-05-05 05:37:41 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 23, 2016):

The second one worked, the rest produced same error as in original post.
Sure, if you want, but it seems like simply adding two "noblacklists" and including the standard icecat profile would do the trick.

@dirtybytes commented on GitHub (Apr 23, 2016): The second one worked, the rest produced same error as in original post. Sure, if you want, but it seems like simply adding two "noblacklists" and including the standard icecat profile would do the trick.

gitea-mirror commented

2026-05-05 05:37:43 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 23, 2016):

Can you try this as a profile (save as mpv.profile):

# Experimental profile for mpv.
# https://github.com/netblue30/firejail/issues/475#issue-150420407

noblacklist /usr/bin/python3*
noblacklist /usr/lib/python3*

include /etc/firejail/icecat.profile

So, something like firejail --profile=/path/to/mpv.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw

@Fred-Barclay commented on GitHub (Apr 23, 2016): Can you try this as a profile (save as mpv.profile): ``` # Experimental profile for mpv. # https://github.com/netblue30/firejail/issues/475#issue-150420407 noblacklist /usr/bin/python3* noblacklist /usr/lib/python3* include /etc/firejail/icecat.profile ``` So, something like `firejail --profile=/path/to/mpv.profile mpv https://www.youtube.com/watch?v=IVpOyKCNZYw`

gitea-mirror commented

2026-05-05 05:37:44 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 23, 2016):

Yeah, starts the video without a hitch. Only, as I understand it, the player would still be jailed under the same profile as the parent process, unless you could have it called with a different one somehow.

@dirtybytes commented on GitHub (Apr 23, 2016): Yeah, starts the video without a hitch. Only, as I understand it, the player would still be jailed under the same profile as the parent process, unless you could have it called with a different one somehow.

gitea-mirror commented

2026-05-05 05:37:46 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 23, 2016):

That's where I'm a bit fuzzy. Your original post said that you had trouble with mpv inside icecat, but you've always started mpv separately (at least, that's what it looks like from here). What happens if you use mpv inside icecat?
First move the mpv.profile to ~/.config/firejail/.

@Fred-Barclay commented on GitHub (Apr 23, 2016): That's where I'm a bit fuzzy. Your original post said that you had trouble with mpv _inside_ icecat, but you've always started mpv separately (at least, that's what it looks like from here). What happens if you use mpv inside icecat? **First** move the mpv.profile to `~/.config/firejail/`.

gitea-mirror commented

2026-05-05 05:37:47 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 23, 2016):

Of course it wouldn't work. It does work when saving as firefox.profile instead, but then again, this is effectively reverting the python blacklist change, so it probably should be left as is, unless you can think of a better solution.

@dirtybytes commented on GitHub (Apr 23, 2016): Of course it wouldn't work. It does work when saving as firefox.profile instead, but then again, this is effectively reverting the python blacklist change, so it probably should be left as is, unless you can think of a better solution.

gitea-mirror commented

2026-05-05 05:37:49 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 23, 2016):

So a temporary fix would be to copy the existing icecat profile to ~/.config/firejail, and then add these two lines at the beginning:

noblacklist /usr/bin/python3*
noblacklist /usr/lib/python3*

(for @liloman , copy and modify the firefox profile instead).

I'm not sure how I feel about removing python3 from the blacklist in etc/disable-devel.inc, though. After all, icecat/firefox itself doesn't require python3, only an addon, so we'd be opening a risk for all users to allow for an addon used by some, if we removed the blacklist. @dirtybytes, I think you agree with this, from what I've read?

Maybe @netblue30 will chime in; if not, I'll think on it for a few hours and get back with you.
Sorry for the trouble!

What would be really convenient, would be if firejail could detect if you were running a certain plugin, and then and only then include the relevant profile.

@Fred-Barclay commented on GitHub (Apr 23, 2016): So a temporary fix would be to copy the existing icecat profile to ~/.config/firejail, and then add these two lines at the beginning: ``` noblacklist /usr/bin/python3* noblacklist /usr/lib/python3* ``` (for @liloman , copy and modify the firefox profile instead). I'm not sure how I feel about removing python3 from the blacklist in etc/disable-devel.inc, though. After all, icecat/firefox itself doesn't require python3, only an addon, so we'd be opening a risk for **all** users to allow for an addon used by **some**, if we removed the blacklist. @dirtybytes, I think you agree with this, from what I've read? Maybe @netblue30 will chime in; if not, I'll think on it for a few hours and get back with you. Sorry for the trouble! What would be really convenient, would be if firejail could detect if you were running a certain plugin, and then and only then include the relevant profile.

gitea-mirror commented

2026-05-05 05:37:50 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 23, 2016):

Yes, I definitely agree; however, I wonder if it would be possible for mpv to start with its own profile if it's detected. This way, you could have a tigher security profile for your browser, but a more lax one for your player, which probably isn't likely to get exploited.

@dirtybytes commented on GitHub (Apr 23, 2016): Yes, I definitely agree; however, I wonder if it would be possible for mpv to start with its own profile if it's detected. This way, you could have a tigher security profile for your browser, but a more lax one for your player, which probably isn't likely to get exploited.

gitea-mirror commented

2026-05-05 05:37:52 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Apr 23, 2016):

Is this the add-on you use?
https://addons.mozilla.org/en-US/firefox/addon/watch-with-mpv/

@Fred-Barclay commented on GitHub (Apr 23, 2016): Is this the add-on you use? https://addons.mozilla.org/en-US/firefox/addon/watch-with-mpv/

gitea-mirror commented

2026-05-05 05:37:53 -06:00

Author

Owner

@dirtybytes commented on GitHub (Apr 23, 2016):

That's the one.

@dirtybytes commented on GitHub (Apr 23, 2016): That's the one.

gitea-mirror commented

2026-05-05 05:37:54 -06:00

Author

Owner

@liloman commented on GitHub (Apr 23, 2016):

Working now I needed to add the * after python3.

So the remaining question is how to disable python for firefox/icecat/whatever and allow it for a internal plugin??

@liloman commented on GitHub (Apr 23, 2016): Working now I needed to add the \* after python3. So the remaining question is how to disable python for firefox/icecat/whatever and allow it for a internal plugin??

gitea-mirror commented

2026-05-05 05:37:55 -06:00

Author

Owner

@liloman commented on GitHub (Apr 26, 2016):

Related to the question I think It would be nice something like:

noblacklist /usr/bin/python3* -> /usr/bin/youtube-dl
or to not tamper with current implementation:
noblacklistfor /usr/bin/python3* /usr/bin/youtube-dl

Meaning that you shouldn't block python3 for youtube-dl for that profile. I reckon it shouldn't "be hard" to implement and I think it's something that would be necessary sooner or later alike to security frameworks as selinux (transitions,...).

@liloman commented on GitHub (Apr 26, 2016): Related to the question I think It would be nice something like: noblacklist /usr/bin/python3\* -> /usr/bin/youtube-dl or to not tamper with current implementation: noblacklistfor /usr/bin/python3\* /usr/bin/youtube-dl Meaning that you shouldn't block python3 for youtube-dl for that profile. I reckon it shouldn't "be hard" to implement and I think it's something that would be necessary sooner or later alike to security frameworks as selinux (transitions,...).

gitea-mirror commented

2026-05-05 05:37:56 -06:00

Author

Owner

@netblue30 commented on GitHub (May 1, 2016):

moved to: https://github.com/netblue30/firejail/issues/484

@netblue30 commented on GitHub (May 1, 2016): moved to: https://github.com/netblue30/firejail/issues/484

gitea-mirror referenced this issue

2026-05-05 10:04:23 -06:00

[PR #337] [MERGED] Added profiles for vivaldi #3597

Rows
Columns

[GH-ISSUE #475] mpv unable to use youtube-dl with icecat profile #337