diff options
| -rw-r--r-- | PKGBUILD | 4 | ||||
| -rw-r--r-- | profiles/hearts-of-iron-iv.profile | 29 | ||||
| -rw-r--r-- | profiles/rtorrent.local | 24 |
3 files changed, 55 insertions, 2 deletions
@@ -1,7 +1,7 @@ # Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net> pkgname=firejail-profiles -pkgver=20201209 +pkgver=20201212 pkgrel=1 pkgdesc="Additional firejail profiles and locals" arch=('any') @@ -9,7 +9,7 @@ url="https://library.iserlohn-fortress.net/firejail-profiles.git" license=('GPLv3') depends=('firejail' 'hardened-malloc') source=(profiles.tar.gz) -b2sums=('8173d250a795ec33d9d05eb9ec6e4bca1977b1e5698cbcd4ee76e3da733379c5a81865c304a87b22cc7b935644ec98c1311dd77441c24d1b5a75d83cec6e56c0') +b2sums=('b6c973d8b55e9309894cbb2936d32e153b75dd1e70169c1a00f01ec48996ba0021370dccaeebe077cbe7ea40d720eee1bfaf1e78473c88860fa376ed9debdbf8') package() { install --directory ${pkgdir}/etc/firejail diff --git a/profiles/hearts-of-iron-iv.profile b/profiles/hearts-of-iron-iv.profile new file mode 100644 index 0000000..6749b14 --- /dev/null +++ b/profiles/hearts-of-iron-iv.profile @@ -0,0 +1,29 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include hearts-of-iron-iv.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/games/Hearts of Iron IV +noblacklist ${HOME}/.local/share/Paradox Interactive +noblacklist ${HOME}/.local/share/Paradox Interactive/Hearts of Iron IV + +whitelist ${HOME}/games/Hearts of Iron IV +read-only ${HOME}/games/Hearts of Iron IV +mkdir ${HOME}/.local/share/Paradox Interactive +mkdir ${HOME}/.local/share/Paradox Interactive/Hearts of Iron IV +whitelist ${HOME}/.local/share/Paradox Interactive +read-only ${HOME}/.local/share/Paradox Interactive +whitelist ${HOME}/.local/share/Paradox Interactive/Hearts of Iron IV +read-write ${HOME}/.local/share/Paradox Interactive/Hearts of Iron IV + +# HoI4 requires ptrace to function +seccomp !ptrace + +private-etc asound.conf,group,localtime,machine-id,passwd,pulse + +ignore memory-deny-write-execute + +ignore noexec ${HOME} + +include generic-game.inc diff --git a/profiles/rtorrent.local b/profiles/rtorrent.local new file mode 100644 index 0000000..5bbc634 --- /dev/null +++ b/profiles/rtorrent.local @@ -0,0 +1,24 @@ +noblacklist ${HOME}/rtorrent +noblacklist ${HOME}/.rtorrent.rc +whitelist ${HOME}/rtorrent +whitelist ${HOME}/.rtorrent.rc + +include disable-xdg.inc + +ipc-namespace +no3d +noautopulse +nogroups +tracelog + +disable-mnt +private-bin rtorrent,mkdir,mv +private-etc ca-certificates,machine-id,passwd,resolv.conf,ssl,xdg + +memory-deny-write-execute + +dbus-user none +dbus-system none + +# # Use with hardened-malloc package +env LD_PRELOAD=/usr/lib/libhardened_malloc.so |