diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2022-06-12 23:27:14 -0700 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2022-06-12 23:27:14 -0700 |
| commit | 5f65f89dfa30f6f2f93f6f9c171a90b84f63c5b1 (patch) | |
| tree | 67d3bc590d9200ef8b65254c3d828ad41f1fed68 /profiles | |
| parent | Convert PKGBUILD to use fake depends. (diff) | |
| download | firejail-profiles-5f65f89dfa30f6f2f93f6f9c171a90b84f63c5b1.tar.xz | |
Updated for firejail 0.9.70
Convert whitelist and read-only pairs to the new whitelist-ro setting.
Fix vlc failing to load lirc configuration.
Add more comments to profiles for unusual workarounds.
Diffstat (limited to 'profiles')
37 files changed, 61 insertions, 97 deletions
diff --git a/profiles/antichamber.profile b/profiles/antichamber.profile index 80397e2..f6ee5eb 100644 --- a/profiles/antichamber.profile +++ b/profiles/antichamber.profile @@ -6,8 +6,7 @@ include globals.local ignore include disable-shell.inc -whitelist ${HOME}/games/Antichamber -read-only ${HOME}/games/Antichamber +whitelist-ro ${HOME}/games/Antichamber mkdir ${HOME}/.local/share/AlexanderBruce mkdir ${HOME}/.local/share/AlexanderBruce/Antichamber read-only ${HOME}/games/Antichamber diff --git a/profiles/atom-rpg-trudograd.profile b/profiles/atom-rpg-trudograd.profile index e33300f..7b04ddf 100644 --- a/profiles/atom-rpg-trudograd.profile +++ b/profiles/atom-rpg-trudograd.profile @@ -10,13 +10,11 @@ noblacklist ${HOME}/.config/unity3d/AtomTeam/Atom_Trudograd mkdir ${HOME}/.config/unity3d/AtomTeam mkdir ${HOME}/.config/unity3d/AtomTeam/Atom_Trudograd whitelist ${HOME}/.config/unity3d/AtomTeam/Atom_Trudograd -whitelist ${HOME}/games/AtomRPG - Trudograd -read-only ${HOME}/games/AtomRPG - Trudograd +whitelist-ro ${HOME}/games/AtomRPG - Trudograd # # Allow read-only access to original Atom save games noblacklist ${HOME}/.config/unity3d/AtomTeam/Atom mkdir ${HOME}/.config/unity3d/AtomTeam/Atom -whitelist ${HOME}/.config/unity3d/AtomTeam/Atom -read-only ${HOME}/.config/unity3d/AtomTeam/Atom +whitelist-ro ${HOME}/.config/unity3d/AtomTeam/Atom include generic-unity-game.inc diff --git a/profiles/atom-rpg.profile b/profiles/atom-rpg.profile index 2aa24b8..bdacf26 100644 --- a/profiles/atom-rpg.profile +++ b/profiles/atom-rpg.profile @@ -10,7 +10,6 @@ noblacklist ${HOME}/.config/unity3d/AtomTeam/Atom mkdir ${HOME}/.config/unity3d/AtomTeam mkdir ${HOME}/.config/unity3d/AtomTeam/Atom whitelist ${HOME}/.config/unity3d/AtomTeam/Atom -whitelist ${HOME}/games/AtomRPG -read-only ${HOME}/games/AtomRPG +whitelist-ro ${HOME}/games/AtomRPG include generic-unity-game.inc diff --git a/profiles/cities-skylines.profile b/profiles/cities-skylines.profile index 4035a70..108a14a 100644 --- a/profiles/cities-skylines.profile +++ b/profiles/cities-skylines.profile @@ -15,7 +15,7 @@ mkdir ${HOME}/.local/share/Colossal Order mkdir ${HOME}/.local/share/Colossal Order/Cities_Skylines whitelist ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines whitelist ${HOME}/.local/share/Colossal Order/Cities_Skylines -whitelist ${HOME}/games/CitiesSkylines -read-only ${HOME}/games/CitiesSkylines +whitelist-ro ${HOME}/games/CitiesSkylines + include generic-unity-game.inc diff --git a/profiles/crusader-kings-ii.profile b/profiles/crusader-kings-ii.profile index 38d3916..25e773a 100644 --- a/profiles/crusader-kings-ii.profile +++ b/profiles/crusader-kings-ii.profile @@ -10,13 +10,11 @@ noblacklist ${HOME}/games/Crusader Kings II noblacklist ${HOME}/.paradoxinteractive noblacklist ${HOME}/.paradoxinteractive/Crusader Kings II -whitelist ${HOME}/games/Crusader Kings II -read-only ${HOME}/games/Crusader Kings II +whitelist-ro ${HOME}/games/Crusader Kings II mkdir ${HOME}/.paradoxinteractive mkdir ${HOME}/.paradoxinteractive/Crusader Kings II -whitelist ${HOME}/.paradoxinteractive -read-only ${HOME}/.paradoxinteractive -whitelist ${HOME}/.paradoxinteractive/Crusader Kings II +# For unknown reasons, paradox games need to be able to see the .paradoxinteractive folder +whitelist-ro ${HOME}/.paradoxinteractive read-write ${HOME}/.paradoxinteractive/Crusader Kings II private-etc asound.conf,group,localtime,machine-id,passwd,pulse diff --git a/profiles/crusader-kings-iii.profile b/profiles/crusader-kings-iii.profile index 4c30307..31ba1f2 100644 --- a/profiles/crusader-kings-iii.profile +++ b/profiles/crusader-kings-iii.profile @@ -10,13 +10,11 @@ noblacklist ${HOME}/games/Crusader Kings III noblacklist ${HOME}/.local/share/Paradox Interactive noblacklist ${HOME}/.local/share/Paradox Interactive/Crusader Kings III -whitelist ${HOME}/games/Crusader Kings III -read-only ${HOME}/games/Crusader Kings III +whitelist-ro ${HOME}/games/Crusader Kings III mkdir ${HOME}/.local/share/Paradox Interactive mkdir ${HOME}/.local/share/Paradox Interactive/Crusader Kings III -whitelist ${HOME}/.local/share/Paradox Interactive -read-only ${HOME}/.local/share/Paradox Interactive -whitelist ${HOME}/.local/share/Paradox Interactive/Crusader Kings III +# For unknown reasons, paradox games need to be able to see the .paradoxinteractive folder +whitelist-ro ${HOME}/.paradoxinteractive read-write ${HOME}/.local/share/Paradox Interactive/Crusader Kings III # CK3 requires ptrace to function diff --git a/profiles/desmume.profile b/profiles/desmume.profile index 5508d9e..3db6300 100644 --- a/profiles/desmume.profile +++ b/profiles/desmume.profile @@ -9,8 +9,7 @@ noblacklist ${HOME}/games/Emulators/NDSGAMES mkdir ${HOME}/.config/desmume whitelist ${HOME}/.config/desmume -whitelist ${HOME}/games/Emulators/NDSGAMES -read-only ${HOME}/games/Emulators/NDSGAMES +whitelist-ro ${HOME}/games/Emulators/NDSGAMES include whitelist-common.inc seccomp !name_to_handle_at diff --git a/profiles/dins-curse.profile b/profiles/dins-curse.profile index b4f8eda..7a97fa9 100644 --- a/profiles/dins-curse.profile +++ b/profiles/dins-curse.profile @@ -8,8 +8,7 @@ ignore include disable-shell.inc noblacklist ${HOME}/.local/DinsCurse -whitelist ${HOME}/games/Dins Curse -read-only ${HOME}/games/Dins Curse +whitelist-ro ${HOME}/games/Dins Curse mkdir ${HOME}/.local/DinsCurse whitelist ${HOME}/.local/DinsCurse diff --git a/profiles/disable-programs.local b/profiles/disable-programs.local index fc11926..a8ca7a2 100644 --- a/profiles/disable-programs.local +++ b/profiles/disable-programs.local @@ -56,6 +56,8 @@ blacklist ${HOME}/.local/share/wineprefixes/SimCity4 blacklist ${HOME}/.local/share/wineprefixes/StarCitizen blacklist ${HOME}/.local/share/wineprefixes/Warframe blacklist ${HOME}/.paradoxinteractive/Crusader Kings II +blacklist ${HOME}/.paradoxinteractive/Crusader Kings III +blacklist ${HOME}/.paradoxinteractive/Hearts of Iron IV blacklist ${HOME}/.renpy blacklist ${HOME}/.t4-engine blacklist ${HOME}/applications/tor-browser_en-US diff --git a/profiles/divinity-original-sin-ee.profile b/profiles/divinity-original-sin-ee.profile index 76db611..6c68976 100644 --- a/profiles/divinity-original-sin-ee.profile +++ b/profiles/divinity-original-sin-ee.profile @@ -13,6 +13,7 @@ mkdir ${HOME}/Larian Studios mkdir ${HOME}/Larian Studios/Divinity Original Sin Enhanced Edition whitelist ${HOME}/Larian Studios/Divinity Original Sin Enhanced Edition whitelist ${HOME}/games/Divinity - Original Sin - Extended Edition +# # The game fails to load the correct language if marked as read-only #read-only ${HOME}/games/Divinity - Original Sin - Extended Edition seccomp !name_to_handle_at diff --git a/profiles/dolphin-emu.local b/profiles/dolphin-emu.local index 32ea3fd..c9bccc7 100644 --- a/profiles/dolphin-emu.local +++ b/profiles/dolphin-emu.local @@ -1,7 +1,6 @@ noblacklist ${HOME}/games/Emulators/GCNGAMES -whitelist ${HOME}/games/Emulators/GCNGAMES -read-only ${HOME}/games/Emulators/GCNGAMES +whitelist-ro ${HOME}/games/Emulators/GCNGAMES # # alsa audio will work with ipc-namespace, # # but it hogs the alsa device from other applications diff --git a/profiles/factorio.profile b/profiles/factorio.profile index ea999a5..b7a1734 100644 --- a/profiles/factorio.profile +++ b/profiles/factorio.profile @@ -4,8 +4,7 @@ include factorio.local # Persistent global definitions include globals.local -whitelist ${HOME}/games/Factorio -read-only ${HOME}/games/Factorio +whitelist-ro ${HOME}/games/Factorio mkdir ${HOME}/.local/share/factorio whitelist ${HOME}/.local/share/factorio diff --git a/profiles/fceux.profile b/profiles/fceux.profile index bdbc3fe..d4fa0c5 100644 --- a/profiles/fceux.profile +++ b/profiles/fceux.profile @@ -9,8 +9,7 @@ noblacklist ${HOME}/games/Emulators/NESGAMES mkdir ${HOME}/.fceux whitelist ${HOME}/.fceux -whitelist ${HOME}/games/Emulators/NESGAMES -read-only ${HOME}/games/Emulators/NESGAMES +whitelist-ro ${HOME}/games/Emulators/NESGAMES include whitelist-common.inc seccomp !name_to_handle_at diff --git a/profiles/ftl-advanced-edition.profile b/profiles/ftl-advanced-edition.profile index a47939c..4aaebfd 100644 --- a/profiles/ftl-advanced-edition.profile +++ b/profiles/ftl-advanced-edition.profile @@ -8,8 +8,7 @@ noblacklist ${HOME}/.local/share/FasterThanLight mkdir ${HOME}/.local/share/FasterThanLight whitelist ${HOME}/.local/share/FasterThanLight -whitelist ${HOME}/games/FTL - Advanced Edition -read-only ${HOME}/games/FTL - Advanced Edition +whitelist-ro ${HOME}/games/FTL - Advanced Edition ignore memory-deny-write-execute diff --git a/profiles/hoi4.profile b/profiles/hoi4.profile index ac1efc0..9df93ef 100644 --- a/profiles/hoi4.profile +++ b/profiles/hoi4.profile @@ -14,9 +14,8 @@ whitelist ${HOME}/games/Hearts of Iron IV read-only ${HOME}/games/Hearts of Iron IV mkdir ${HOME}/.local/share/Paradox Interactive mkdir ${HOME}/.local/share/Paradox Interactive/Hearts of Iron IV -whitelist ${HOME}/.local/share/Paradox Interactive -read-only ${HOME}/.local/share/Paradox Interactive -whitelist ${HOME}/.local/share/Paradox Interactive/Hearts of Iron IV +# For unknown reasons, paradox games need to be able to see the .paradoxinteractive folder +whitelist-ro ${HOME}/.paradoxinteractive read-write ${HOME}/.local/share/Paradox Interactive/Hearts of Iron IV # HoI4 requires ptrace to function diff --git a/profiles/imperator-rome.profile b/profiles/imperator-rome.profile index 8732cb9..013dba3 100644 --- a/profiles/imperator-rome.profile +++ b/profiles/imperator-rome.profile @@ -7,8 +7,7 @@ include globals.local noblacklist ${HOME}/games/Imperator - Rome noblacklist ${HOME}/.local/share/Paradox Interactive/Imperator -whitelist ${HOME}/games/Imperator - Rome -read-only ${HOME}/games/Imperator - Rome +whitelist-ro ${HOME}/games/Imperator - Rome mkdir ${HOME}/.local/share/Paradox Interactive mkdir ${HOME}/.local/share/Paradox Interactive/Imperator whitelist ${HOME}/.local/share/Paradox Interactive/Imperator diff --git a/profiles/into-the-breach.profile b/profiles/into-the-breach.profile index f3b46e9..77cabef 100644 --- a/profiles/into-the-breach.profile +++ b/profiles/into-the-breach.profile @@ -10,8 +10,7 @@ noblacklist ${HOME}/.local/share/IntoTheBreach mkdir ${HOME}/.local/share/IntoTheBreach whitelist ${HOME}/.local/share/IntoTheBreach -whitelist ${HOME}/games/Into The Breach -read-only ${HOME}/games/Into The Breach +whitelist-ro ${HOME}/games/Into The Breach # noinput breaks controller support ignore noinput diff --git a/profiles/mgba.profile b/profiles/mgba.profile index 8415985..9ac28b2 100644 --- a/profiles/mgba.profile +++ b/profiles/mgba.profile @@ -12,8 +12,7 @@ mkdir ${HOME}/.config/mgba mkdir ${HOME}/.local/share/mgba whitelist ${HOME}/.config/mgba whitelist ${HOME}/.local/share/mgba -whitelist ${HOME}/games/Emulators/GBAGAMES -read-only ${HOME}/games/Emulators/GBAGAMES +whitelist-ro ${HOME}/games/Emulators/GBAGAMES include whitelist-common.inc # # seccomp breaks integrated file manager on kde applications diff --git a/profiles/mini-metro.profile b/profiles/mini-metro.profile index 26cbd1d..468fa94 100644 --- a/profiles/mini-metro.profile +++ b/profiles/mini-metro.profile @@ -10,7 +10,6 @@ noblacklist ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro mkdir ${HOME}/.config/unity3d/Dinosaur Polo Club mkdir ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro whitelist ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro -whitelist ${HOME}/games/Mini Metro -read-only ${HOME}/games/Mini Metro +whitelist-ro ${HOME}/games/Mini Metro include generic-unity-game.inc diff --git a/profiles/mocp.local b/profiles/mocp.local index e8d27d0..5fd40e2 100644 --- a/profiles/mocp.local +++ b/profiles/mocp.local @@ -4,8 +4,7 @@ blacklist ${RUNUSER}/wayland-* include disable-write-mnt.inc whitelist ${HOME}/.moc -whitelist ${MUSIC} -read-only ${MUSIC} +whitelist-ro ${MUSIC} # # alsa audio will work with ipc-namespace, # # but it hogs the alsa device from other applications diff --git a/profiles/mupen64plus.local b/profiles/mupen64plus.local index 67a8550..6c7b9c0 100644 --- a/profiles/mupen64plus.local +++ b/profiles/mupen64plus.local @@ -1,4 +1,3 @@ -whitelist ${HOME}/games/Emulators/N64GAMES -read-only ${HOME}/games/Emulators/N64GAMES +whitelist-ro ${HOME}/games/Emulators/N64GAMES protocol unix diff --git a/profiles/pandora-first-contact.profile b/profiles/pandora-first-contact.profile index a6e5a28..ed00869 100644 --- a/profiles/pandora-first-contact.profile +++ b/profiles/pandora-first-contact.profile @@ -12,8 +12,7 @@ noblacklist ${HOME}/.config/Proxy Studios/Pandora mkdir ${HOME}/.config/Proxy Studios mkdir ${HOME}/.config/Proxy Studios/Pandora whitelist ${HOME}/.config/Proxy Studios/Pandora -whitelist ${HOME}/games/Pandora - First Contact -read-only ${HOME}/games/Pandora - First Contact +whitelist-ro ${HOME}/games/Pandora - First Contact ignore memory-deny-write-execute diff --git a/profiles/pathfinder-kingmaker.profile b/profiles/pathfinder-kingmaker.profile index d6c4cbe..bd93b1d 100644 --- a/profiles/pathfinder-kingmaker.profile +++ b/profiles/pathfinder-kingmaker.profile @@ -10,7 +10,6 @@ noblacklist ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker mkdir ${HOME}/.config/unity3d/Owlcat Games mkdir ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker whitelist ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker -whitelist ${HOME}/games/Pathfinder Kingmaker -read-only ${HOME}/games/Pathfinder Kingmaker +whitelist-ro ${HOME}/games/Pathfinder Kingmaker include generic-unity-game.inc diff --git a/profiles/ppsspp.local b/profiles/ppsspp.local index 394df2a..fa51b53 100644 --- a/profiles/ppsspp.local +++ b/profiles/ppsspp.local @@ -1,5 +1,4 @@ -whitelist ${HOME}/games/Emulators/PSPGAMES -read-only ${HOME}/games/Emulators/PSPGAMES +whitelist-ro ${HOME}/games/Emulators/PSPGAMES # machine-id, obs, and alsa don't get along #ignore machine-id diff --git a/profiles/renpy.profile b/profiles/renpy.profile index ea5a8a5..1e00b40 100644 --- a/profiles/renpy.profile +++ b/profiles/renpy.profile @@ -10,8 +10,7 @@ noblacklist ${HOME}/.renpy mkdir ${HOME}/.renpy whitelist ${HOME}/.renpy -whitelist ${HOME}/games -read-only ${HOME}/games +whitelist-ro ${HOME}/games # # Games requiring special rules # Maid with Perfection diff --git a/profiles/slay-the-spire.profile b/profiles/slay-the-spire.profile index 616e6ea..69814ed 100644 --- a/profiles/slay-the-spire.profile +++ b/profiles/slay-the-spire.profile @@ -12,8 +12,7 @@ mkfile ${HOME}/games/Slay The Spire/game/info.displayconfig mkdir ${HOME}/games/Slay The Spire/game/runs mkdir ${HOME}/games/Slay The Spire/game/saves mkdir ${HOME}/games/Slay The Spire/game/sendToDevs -whitelist ${HOME}/games/Slay The Spire -read-only ${HOME}/games/Slay The Spire +whitelist-ro ${HOME}/games/Slay The Spire read-write ${HOME}/games/Slay The Spire/game/info.displayconfig read-write ${HOME}/games/Slay The Spire/game/? read-write ${HOME}/games/Slay The Spire/game/runs diff --git a/profiles/starbound.profile b/profiles/starbound.profile index cae94bd..aad11a7 100644 --- a/profiles/starbound.profile +++ b/profiles/starbound.profile @@ -6,8 +6,7 @@ include globals.local ignore include disable-shell.inc -whitelist ${HOME}/games/Starbound -read-only ${HOME}/games/Starbound +whitelist-ro ${HOME}/games/Starbound mkdir ${HOME}/games/Starbound/game/storage read-write ${HOME}/games/Starbound/game/storage diff --git a/profiles/starsector.profile b/profiles/starsector.profile index 0e0be4b..ec147d4 100644 --- a/profiles/starsector.profile +++ b/profiles/starsector.profile @@ -11,8 +11,7 @@ ignore blacklist ${PATH}/sh # # Starsector needs the ? folder to store data # # But mkdir refuses to create it citing invalid characters #mkdir ${HOME}/games/Starsector/? -whitelist ${HOME}/games/Starsector -read-only ${HOME}/games/Starsector +whitelist-ro ${HOME}/games/Starsector read-write ${HOME}/games/Starsector/? read-write ${HOME}/games/Starsector/saves read-write ${HOME}/games/Starsector/screenshots diff --git a/profiles/stellaris.profile b/profiles/stellaris.profile index edd30ae..a187969 100644 --- a/profiles/stellaris.profile +++ b/profiles/stellaris.profile @@ -8,13 +8,11 @@ noblacklist ${HOME}/games/Stellaris noblacklist ${HOME}/.local/share/Paradox Interactive noblacklist ${HOME}/.local/share/Paradox Interactive/Stellaris -whitelist ${HOME}/games/Stellaris -read-only ${HOME}/games/Stellaris +whitelist-ro ${HOME}/games/Stellaris mkdir ${HOME}/.local/share/Paradox Interactive mkdir ${HOME}/.local/share/Paradox Interactive/Stellaris -whitelist ${HOME}/.local/share/Paradox Interactive -read-only ${HOME}/.local/share/Paradox Interactive -whitelist ${HOME}/.local/share/Paradox Interactive/Stellaris +# For unknown reasons, paradox games need to be able to see the .paradoxinteractive folder +whitelist-ro ${HOME}/.paradoxinteractive read-write ${HOME}/.local/share/Paradox Interactive/Stellaris private-etc asound.conf,group,localtime,machine-id,passwd,pulse diff --git a/profiles/timberborn.profile b/profiles/timberborn.profile index a3267bc..3d841ad 100644 --- a/profiles/timberborn.profile +++ b/profiles/timberborn.profile @@ -13,8 +13,6 @@ mkdir ${HOME}/.config/unity3d/Mechanistry mkdir ${HOME}/.config/unity3d/Mechanistry/Timberborn whitelist ${HOME}/.config/unity3d/Mechanistry/Timberborn -whitelist ${HOME}/games/Timberborn - -read-only ${HOME}/games/Timberborn +whitelist-ro ${HOME}/games/Timberborn include generic-unity-game.inc diff --git a/profiles/vambrace-cold-soul.profile b/profiles/vambrace-cold-soul.profile index 7964541..eebb56d 100644 --- a/profiles/vambrace-cold-soul.profile +++ b/profiles/vambrace-cold-soul.profile @@ -10,7 +10,6 @@ noblacklist ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul mkdir ${HOME}/.config/unity3d/DevespressoGames mkdir ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul whitelist ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul -whitelist ${HOME}/games/Vambrace - Cold Soul -read-only ${HOME}/games/Vambrace - Cold Soul +whitelist-ro ${HOME}/games/Vambrace - Cold Soul include generic-unity-game.inc diff --git a/profiles/vlc.local b/profiles/vlc.local index 2785bb6..183924d 100644 --- a/profiles/vlc.local +++ b/profiles/vlc.local @@ -7,15 +7,12 @@ noblacklist ${VIDEOS} include disable-xdg.inc -whitelist ${DOWNLOADS} -whitelist ${MUSIC} -whitelist ${PICTURES} -whitelist ${VIDEOS} - -read-only ${DOWNLOADS} -read-only ${MUSIC} -read-only ${PICTURES} -read-only ${VIDEOS} +whitelist-ro ${DOWNLOADS} +whitelist-ro ${MUSIC} +whitelist-ro ${PICTURES} +# Uncomment to allow screenshots +#read-write ${PICTURES} +whitelist-ro ${VIDEOS} # # alsa audio will work with ipc-namespace, # # but it hogs the alsa device from other applications @@ -25,14 +22,16 @@ ignore ipc-namespace # # due to syscall name_to_handle_at seccomp !name_to_handle_at +# Just say no to dbus +ignore dbus-user filter +ignore dbus-user.own org.mpris.MediaPlayer2.vlc +ignore dbus-user.talk org.freedesktop.Notifications +ignore dbus-user.talk org.freedesktop.ScreenSaver +ignore dbus-user.talk org.kde.StatusNotifierWatcher +ignore dbus-user.talk org.mpris.MediaPlayer2.vlc dbus-user none dbus-system none -# # noinput breaks lirc support -# ignore noinput - # Allow paths for custom lirc config -#whitelist ${HOME}/.lircrc -#read-only ${HOME}/.lircrc -#whitelist ${HOME}/.config/lirc/vlc -#read-only ${HOME}/.config/lirc/vlc +#whitelist /run/lirc +#whitelist-ro ${HOME}/.config/lirc/vlc diff --git a/profiles/warhammer40k-mechanicus.profile b/profiles/warhammer40k-mechanicus.profile index e8dfbd3..ceb2e82 100644 --- a/profiles/warhammer40k-mechanicus.profile +++ b/profiles/warhammer40k-mechanicus.profile @@ -10,7 +10,6 @@ noblacklist ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus mkdir ${HOME}/.config/unity3d/BulwarkStudios mkdir ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus whitelist ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus -whitelist ${HOME}/games/Warhammer 40k - Mechanicus -read-only ${HOME}/games/Warhammer 40k - Mechanicus +whitelist-ro ${HOME}/games/Warhammer 40k - Mechanicus include generic-unity-game.inc diff --git a/profiles/wasteland-2.profile b/profiles/wasteland-2.profile index ce02383..a6326b2 100644 --- a/profiles/wasteland-2.profile +++ b/profiles/wasteland-2.profile @@ -15,8 +15,7 @@ mkdir ${HOME}/.config/unity3d/inXile Entertainment #mkdir ${HOME}/.config/unity3d/inXile Entertainment/Wasteland 2: Director's Cut #whitelist ${HOME}/.config/unity3d/inXile Entertainment/Wasteland 2: Director's Cut whitelist ${HOME}/.config/unity3d/inXile Entertainment -whitelist ${HOME}/games/Wasteland 2 -read-only ${HOME}/games/Wasteland 2 +whitelist-ro ${HOME}/games/Wasteland 2 protocol unix,netlink seccomp !name_to_handle_at diff --git a/profiles/x4-foundations.profile b/profiles/x4-foundations.profile index e60b8c9..f5211b1 100644 --- a/profiles/x4-foundations.profile +++ b/profiles/x4-foundations.profile @@ -12,8 +12,7 @@ noblacklist ${HOME}/.config/EgoSoft/X4 mkdir ${HOME}/.config/EgoSoft mkdir ${HOME}/.config/EgoSoft/X4 whitelist ${HOME}/.config/EgoSoft/X4 -whitelist ${HOME}/games/X-4 Foundations -read-only ${HOME}/games/X-4 Foundations +whitelist-ro ${HOME}/games/X-4 Foundations # machine-id, obs, and alsa don't get along #ignore machine-id diff --git a/profiles/xenonauts.profile b/profiles/xenonauts.profile index 851aadb..7be2779 100644 --- a/profiles/xenonauts.profile +++ b/profiles/xenonauts.profile @@ -8,7 +8,6 @@ noblacklist ${HOME}/.local/share/Goldhawk Interactive mkdir ${HOME}/.local/share/Goldhawk Interactive whitelist ${HOME}/.local/share/Goldhawk Interactive -whitelist ${HOME}/games/Xenonauts -read-only ${HOME}/games/Xenonauts +whitelist-ro ${HOME}/games/Xenonauts include generic-game.inc diff --git a/profiles/ziggurat.profile b/profiles/ziggurat.profile index dc48378..416fa4d 100644 --- a/profiles/ziggurat.profile +++ b/profiles/ziggurat.profile @@ -10,7 +10,6 @@ noblacklist ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat mkdir ${HOME}/.config/unity3d/Milkstone Studios mkdir ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat whitelist ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat -whitelist ${HOME}/games/Ziggurat -read-only ${HOME}/games/Ziggurat +whitelist-ro ${HOME}/games/Ziggurat include generic-unity-game.inc |