diff options
| -rw-r--r-- | PKGBUILD | 6 | ||||
| -rw-r--r-- | profiles/fallout.profile | 10 | ||||
| -rw-r--r-- | profiles/hg.profile | 16 | ||||
| -rw-r--r-- | profiles/renpy.profile | 11 |
4 files changed, 38 insertions, 5 deletions
@@ -1,15 +1,15 @@ # Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net> pkgname=firejail-profiles -pkgver=20210704 -pkgrel=4 +pkgver=20210826 +pkgrel=1 pkgdesc="Additional firejail profiles and locals" arch=('any') url="https://library.iserlohn-fortress.net/firejail-profiles.git" license=('GPLv3') depends=('firejail' 'hardened-malloc') source=(profiles.tar.gz) -b2sums=('c7fb1ea5bcd050c7b925c718a8bce64bcffff894ca46b6ca8e2575fe96b51acb31aae98d05fd6c3e258a037d00cbeebdec51d51557757ab15f1739cdcaf489f4') +b2sums=('a0dd506104b5a76505b749c623cc98a0b60af65407ac6a1d4e2f2f88590ba1724076a0a6b83f5293ac27c5cdebb27fabdb930244f34eb0a7819ac28b9f79fb87') package() { install --directory ${pkgdir}/etc/firejail diff --git a/profiles/fallout.profile b/profiles/fallout.profile new file mode 100644 index 0000000..1ec3b24 --- /dev/null +++ b/profiles/fallout.profile @@ -0,0 +1,10 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include fallout.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.local/share/wineprefixes/Fallout +whitelist ${HOME}/.local/share/wineprefixes/Fallout + +include generic-wine-game.inc diff --git a/profiles/hg.profile b/profiles/hg.profile index ac5943d..c72365f 100644 --- a/profiles/hg.profile +++ b/profiles/hg.profile @@ -17,12 +17,17 @@ noblacklist ${HOME}/.oh-my-zsh noblacklist ${HOME}/.vim noblacklist ${HOME}/.viminfo +# Allow ssh (blacklisted by disable-common.inc) +include allow-ssh.inc + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* + include disable-common.inc +include disable-exec.inc include disable-passwdmgr.inc include disable-programs.inc -blacklist /tmp/.X11-unix - whitelist ${HOME}/.config/nano whitelist ${HOME}/.emacs whitelist ${HOME}/.emacs.d @@ -40,15 +45,18 @@ whitelist ${HOME}/build whitelist ${HOME}/workspace caps.drop all +ipc-namespace machine-id netfilter no3d nodvd nogroups +noinput nonewprivs noroot nosound notv +nou2f novideo protocol inet,inet6 #protocol unix,inet,inet6 @@ -56,4 +64,8 @@ seccomp shell none private-bin hg,python2 +private-cache private-dev + +memory-deny-write-execute + diff --git a/profiles/renpy.profile b/profiles/renpy.profile index 7e213bc..ea5a8a5 100644 --- a/profiles/renpy.profile +++ b/profiles/renpy.profile @@ -13,6 +13,17 @@ whitelist ${HOME}/.renpy whitelist ${HOME}/games read-only ${HOME}/games +# # Games requiring special rules +# Maid with Perfection +#read-write ${HOME}/games/Maid With Perfection/zipfile.txt + +# Nachigal +#allusers + +# Roommates +#allusers + + ignore memory-deny-write-execute ignore noexec ${HOME} |