diff options
| -rw-r--r-- | PKGBUILD | 4 | ||||
| -rw-r--r-- | profiles/amfora.profile | 56 | ||||
| -rw-r--r-- | profiles/cataclysm-bn-tiles.profile | 4 | ||||
| -rw-r--r-- | profiles/cataclysm-bn.profile | 28 | ||||
| -rw-r--r-- | profiles/stellaris.profile | 26 |
5 files changed, 116 insertions, 2 deletions
@@ -1,7 +1,7 @@ # Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net> pkgname=firejail-profiles -pkgver=20210325 +pkgver=20210623 pkgrel=1 pkgdesc="Additional firejail profiles and locals" arch=('any') @@ -9,7 +9,7 @@ url="https://library.iserlohn-fortress.net/firejail-profiles.git" license=('GPLv3') depends=('firejail' 'hardened-malloc') source=(profiles.tar.gz) -b2sums=('3d611490f5150adf63c6e2a706b4478a2fbae75739fff25cd10965211adc186d932390fa9de366ec9478af0521b78ac0c70cdaca6c209e16b2728a2f1f7d90c3') +b2sums=('c9be5521de29a3db3ba84a2813291222b4edcc1807c989339ebbd034684aec5135a7de75eb8316bd88598d54fa1d715393c847b9577bf9871a7e989950ee5223') package() { install --directory ${pkgdir}/etc/firejail diff --git a/profiles/amfora.profile b/profiles/amfora.profile new file mode 100644 index 0000000..d4d6fa8 --- /dev/null +++ b/profiles/amfora.profile @@ -0,0 +1,56 @@ +# Firejail profile for amfora +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include amfora.local +# Persistent global definitions +include globals.local + + +noblacklist ${HOME}/.config/amfora +noblacklist ${HOME}/.local/share/amfora + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* + +mkdir ${HOME}/.config/amfora +whitelist ${HOME}/.config/amfora +mkdir ${HOME}/.local/share/amfora +whitelist ${HOME}/.local/share/amfora + + +include allow-perl.inc + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-runuser-common.inc + +caps.drop all +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol inet,inet6 +seccomp +shell none +tracelog + +private-bin amfora +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl +private-tmp + +# # Use with hardened-malloc package +env LD_PRELOAD=/usr/lib/libhardened_malloc.so diff --git a/profiles/cataclysm-bn-tiles.profile b/profiles/cataclysm-bn-tiles.profile new file mode 100644 index 0000000..d21cc21 --- /dev/null +++ b/profiles/cataclysm-bn-tiles.profile @@ -0,0 +1,4 @@ +# This file is overwritten after every install/update + +# Redirect +include cataclysm-bn.profile diff --git a/profiles/cataclysm-bn.profile b/profiles/cataclysm-bn.profile new file mode 100644 index 0000000..d3aff32 --- /dev/null +++ b/profiles/cataclysm-bn.profile @@ -0,0 +1,28 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include cataclysm-bn.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/cataclysm-bn +noblacklist ${HOME}/.local/share/cataclysm-bn +mkdir ${HOME}/.config/cataclysm-bn +mkdir ${HOME}/.local/share/cataclysm-bn +mkdir ${HOME}/.local/share/cataclysm-bn/font +mkdir ${HOME}/.local/share/cataclysm-bn/gfx +mkdir ${HOME}/.local/share/cataclysm-bn/mods +mkdir ${HOME}/.local/share/cataclysm-bn/sound +whitelist ${HOME}/.config/cataclysm-bn +whitelist ${HOME}/.local/share/cataclysm-bn +read-only ${HOME}/.local/share/cataclysm-bn/font +read-only ${HOME}/.local/share/cataclysm-bn/gfx +read-only ${HOME}/.local/share/cataclysm-bn/mods +read-only ${HOME}/.local/share/cataclysm-bn/sound + +seccomp !name_to_handle_at + +private-bin cataclysm-bn,cataclysm-bn-tiles + +ignore memory-deny-write-execute + +include generic-game.inc diff --git a/profiles/stellaris.profile b/profiles/stellaris.profile new file mode 100644 index 0000000..edd30ae --- /dev/null +++ b/profiles/stellaris.profile @@ -0,0 +1,26 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include stellaris.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/games/Stellaris +noblacklist ${HOME}/.local/share/Paradox Interactive +noblacklist ${HOME}/.local/share/Paradox Interactive/Stellaris + +whitelist ${HOME}/games/Stellaris +read-only ${HOME}/games/Stellaris +mkdir ${HOME}/.local/share/Paradox Interactive +mkdir ${HOME}/.local/share/Paradox Interactive/Stellaris +whitelist ${HOME}/.local/share/Paradox Interactive +read-only ${HOME}/.local/share/Paradox Interactive +whitelist ${HOME}/.local/share/Paradox Interactive/Stellaris +read-write ${HOME}/.local/share/Paradox Interactive/Stellaris + +private-etc asound.conf,group,localtime,machine-id,passwd,pulse + +ignore memory-deny-write-execute + +ignore noexec ${HOME} + +include generic-game.inc |