Electronplayer

From ArchWiki

electronplayer is an application using the electron app development framework. It is used for viewing Netflix, YouTube, Twitch, Floatplane, Hulu, Amazon Prime Video and more. Most notably to isolate the cookies from these websites from your main web browser.

Installation

Install the electronplayerAUR package.

Sandboxing

electronplayer seems to be resistant to being sandboxed with firejail, as it seems that it is installed by default in /usr/bin/electronplayer with a symlink to /opt/electronplayer/electronplayer --no-sandbox. Because of this, running:

$ ln -s /usr/bin/firejail /usr/local/bin/electronplayer 

and then running:

$ /usr/local/bin/electronplayer

will NOT sandbox electronplayer, it will immediately break out of the sandbox and begin running unconfined as if it were not being run with firejail. A workaround I have found for this problem is as follows:

Create firejail profile for electronplayer

$ touch /etc/firejail/electronplayer.profile

then:

$ chmod 644 /etc/firejail/electronplayer.profile

Then follow instructions in firejail for details on how to create a custom firejail profile. This is the one I use:

# Firejail profile for electronplayer
include electronplayer.local
# Persistent global definitions
include globals.local

include disable-common.inc include disable-passwdmgr.inc include disable-programs.inc

noblacklist ${HOME}/.config/electronplayer whitelist ${HOME}/.config/electronplayer

apparmor caps.drop all netfilter nodbus nodvd nogroups nonewprivs noroot notv protocol unix,inet,inet6,netlink seccomp

Create a soft link to electronplayer

Because /usr/bin/electronplayer already has a hard symlink to /opt/electronplayer/electronplayer --no-sandbox, the next step is to create a soft link to /usr/bin/firejail /opt/electronplayer/electronplayer in /usr/local/bin. First:

$ touch /usr/local/bin/electronplayer

then:

$ chmod 755 /usr/local/bin/electronplayer

then add the following text to /usr/local/bin/electronplayer, adding whatever arguments or options you like to either of the commands:

#!/bin/sh
/usr/bin/firejail /opt/electronplayer/electronplayer

And that's it! Now you can watch videos isolated from you normal web browser from the safety of the firejail sandbox!