Skip to content

profiles: ani-cli: add mpv to private-etc for plugins access #6779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kmk3 merged 1 commit into from
Jun 17, 2025
Merged

profiles: ani-cli: add mpv to private-etc for plugins access #6779

kmk3 merged 1 commit into from
Jun 17, 2025

Conversation

@sudoAlphaX
Copy link
Contributor

@sudoAlphaX sudoAlphaX commented Jun 15, 2025
edited by kmk3
Loading

Allow ani-cli to access /etc/mpv for mpv plugins/themes/scripts access.

mpv playing under ani-cli cannot use plugins.
Example: Unable to use mpv-mpris plugin when playing anime using
ani-cli.

This patch just adds mpv to private-etc for plugin access.
The profile imports mpv.profile later so all that magic is taken care
of.

Note that in mpv.profile, there is no private-etc definition, but it is
defined in ani-cli.profile.

That's why it is broken.

Relates to #5707.

@sudoAlphaX
Copy link
Contributor Author

sudoAlphaX commented Jun 15, 2025

On that note, I would like to request addition of private-etc to mpv.profile. I don't know what exactly to allow in /etc for mpv, so it will be great if someone can figure it out.

@sudoAlphaX
Copy link
Contributor Author

sudoAlphaX commented Jun 15, 2025
edited
Loading

On a second thought, it is better to just add a proper private-etc to mpv.profile. This patch is just a hack until that is fixed. If a private-etc definition exists in mpv.profile, this can be reverted.

@sudoAlphaX @kmk3
profiles: ani-cli: add mpv to private-etc for plugins access
c15881c 
Allow ani-cli to access /etc/mpv for mpv plugins/themes/scripts access.

mpv playing under ani-cli cannot use plugins.
Example: Unable to use mpv-mpris plugin when playing anime using
ani-cli.

This patch just adds mpv to private-etc for plugin access.
The profile imports mpv.profile later so all that magic is taken care
of.

Note that in mpv.profile, there is no private-etc definition, but it is
defined in ani-cli.profile.

That's why it is broken.
@kmk3
Copy link
Collaborator

kmk3 commented Jun 16, 2025

On that note, I would like to request addition of private-etc to mpv.profile.
I don't know what exactly to allow in /etc for mpv, so it will be great if
someone can figure it out.

Usually you can run firejail with --trace= and it will say which paths the
program tries to access.

If you could test mpv with the plugins/themes/scripts that you use, check the
trace output and post the relevant paths (or open a PR), that would be very
helpful.

Example:

firejail --trace=trace.txt /usr/bin/mpv

For example, IIRC yt-dlp has a path in /etc.

By the way, I was working on adding the missing mpv paths (and other related
paths) to profiles a while back, though there are many profiles involved and I
wasn't sure if the paths were complete enough, so it's still wIP.

On a second thought, it is better to just add a proper private-etc to
mpv.profile. This patch is just a hack until that is fixed. If a private-etc
definition exists in mpv.profile, this can be reverted.

I think it's fine to merge this patch as is and then try a more encompassing
fix later.

kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 16, 2025
@kmk3
profiles: ripperx/sound-juicer: fix profile name typos
8e4c604 
They are currently named as "mpv".

This amends commit 5dbdf65 ("new profiles: ripperx, sound-juicer",
2020-03-19).

Misc: This was noticed on netblue30#6779.
@kmk3 kmk3 mentioned this pull request Jun 16, 2025
Merged
@sudoAlphaX
Copy link
Contributor Author

sudoAlphaX commented Jun 16, 2025

Usually you can run firejail with --trace= and it will say which paths the
program tries to access.

Alright, ill give it a try. Also, is using --build okay rather than --trace?

@sudoAlphaX sudoAlphaX mentioned this pull request Jun 16, 2025
Draft
kmk3 added a commit that referenced this pull request Jun 17, 2025
@kmk3
profiles: ripperx/sound-juicer: fix profile name typos (#6780)
348f657 
They are currently named as "mpv".

This amends commit 5dbdf65 ("new profiles: ripperx, sound-juicer",
2020-03-19).

Misc: This was noticed on #6779.
@kmk3
Copy link
Collaborator

kmk3 commented Jun 17, 2025

Usually you can run firejail with --trace= and it will say which paths the
program tries to access.

Alright, ill give it a try. Also, is using --build okay rather than
--trace?

--build= can be useful as a starter, though many of the profile lines it
generates are hard-coded and IIRC it misses things compared to --trace=. Not
sure about /etc paths.

See src/fbuilder for details.

@kmk3 kmk3 merged commit 05d3145 into netblue30:master Jun 17, 2025
3 checks passed
@github-project-automation github-project-automation bot moved this from Todo to Done in Release 0.9.76 Jun 17, 2025
@sudoAlphaX sudoAlphaX deleted the ani-cli-mpv branch June 17, 2025 05:55
kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 17, 2025
@kmk3
profiles: use private-etc groups in more profiles
01cc864 
For simplicity and to make diffs more readable.

Use them in the remaining profiles that have `private-etc` enabled but
are not currently using private-etc groups.

Note: All of the profiles in question were created between 0.9.72 and
0.9.74 (which is when private-etc groups were introduced).

Command used to search for relevant profiles:

    $ git grep '^private-etc .*alternatives' -- etc

Misc: The changes were made somewhat manually.

This is a follow-up to netblue30#6779.

Relates to netblue30#5691 netblue30#5706 netblue30#5707 netblue30#5710 netblue30#6007 netblue30#6400.
@kmk3 kmk3 mentioned this pull request Jun 17, 2025
Merged
kmk3 added a commit that referenced this pull request Jun 18, 2025
@kmk3
profiles: use private-etc groups in more profiles (#6783)
02ad655 
For simplicity and to make diffs more readable.

Use them in the remaining profiles that have `private-etc` enabled but
are not currently using private-etc groups.

Note: All of the profiles in question were created between 0.9.72 and
0.9.74 (which is when private-etc groups were introduced).

Command used to search for relevant profiles:

    $ git grep '^private-etc .*alternatives' -- etc

Misc: The changes were made somewhat manually.

This is a follow-up to #6779.

Relates to #5691 #5706 #5707 #5710 #6007 #6400.
kmk3 added a commit that referenced this pull request Jun 23, 2025
@kmk3
RELNOTES: add feature, modif and profile items
e029ed4 
Relates to #6747 #6761 #6773 #6775 #6777 #6779 #6780 #6783 #6784 #6785.
@kmk3 kmk3 moved this from Done to Done (on RELNOTES) in Release 0.9.76 Jun 23, 2025
@kmk3 kmk3 added the bugfix This fixes a bug label Jul 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kmk3 kmk3 kmk3 approved these changes

Assignees

No one assigned

Labels

bugfix This fixes a bug

Projects

Release 0.9.76
Status: Done (on RELNOTES)

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sudoAlphaX @kmk3