summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--PKGBUILD4
-rw-r--r--profiles/0ad.local1
-rw-r--r--profiles/cities-skylines.profile11
-rw-r--r--profiles/discord.local13
-rw-r--r--profiles/generic-unity-game.inc37
-rw-r--r--profiles/keepassxc.local2
-rw-r--r--profiles/mini-metro.profile11
-rw-r--r--profiles/newsboat.local2
-rw-r--r--profiles/othercide.profile26
-rw-r--r--profiles/pathfinder-kingmaker.profile16
-rw-r--r--profiles/vambrace-cold-soul.profile10
-rw-r--r--profiles/warhammer40k-mechanicus.profile12
-rw-r--r--profiles/wine.local1
-rw-r--r--profiles/ziggurat.profile12
14 files changed, 89 insertions, 69 deletions
diff --git a/PKGBUILD b/PKGBUILD
index f353e81..22f1c3b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
pkgname=firejail-profiles
-pkgver=20210205
+pkgver=20210325
pkgrel=1
pkgdesc="Additional firejail profiles and locals"
arch=('any')
@@ -9,7 +9,7 @@ url="https://library.iserlohn-fortress.net/firejail-profiles.git"
license=('GPLv3')
depends=('firejail' 'hardened-malloc')
source=(profiles.tar.gz)
-b2sums=('2c96349db638a70c17b03eb93176e58e35a87d32b5a9bade8d5fedd92761c2d689da5576bbf53c02e6d56e7ad2482e10c967104515a47553e26989e5aab6ae83')
+b2sums=('9a9d335c042ba1c150b4f7b21693186a23183b01551b4294dd273939ce39310b1f71e3ca62a37009e0c202e59d610f71357beada4d196b33d738e14f3b1aecda')
package() {
install --directory ${pkgdir}/etc/firejail
diff --git a/profiles/0ad.local b/profiles/0ad.local
deleted file mode 100644
index dc9c78f..0000000
--- a/profiles/0ad.local
+++ /dev/null
@@ -1 +0,0 @@
-include disable-xdg.inc
diff --git a/profiles/cities-skylines.profile b/profiles/cities-skylines.profile
index 142db0d..4035a70 100644
--- a/profiles/cities-skylines.profile
+++ b/profiles/cities-skylines.profile
@@ -4,13 +4,11 @@ include cities-skylines.local
# Persistent global definitions
include globals.local
-noblacklist ${HOME}/.config/unity3d
noblacklist ${HOME}/.config/unity3d/Colossal Order
noblacklist ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines
noblacklist ${HOME}/.local/share/Colossal Order
noblacklist ${HOME}/.local/share/Colossal Order/Cities_Skylines
-mkdir ${HOME}/.config/unity3d
mkdir ${HOME}/.config/unity3d/Colossal Order
mkdir ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines
mkdir ${HOME}/.local/share/Colossal Order
@@ -20,11 +18,4 @@ whitelist ${HOME}/.local/share/Colossal Order/Cities_Skylines
whitelist ${HOME}/games/CitiesSkylines
read-only ${HOME}/games/CitiesSkylines
-protocol unix,netlink
-seccomp !name_to_handle_at,!kcmp
-
-ignore memory-deny-write-execute
-
-ignore noexec ${HOME}
-
-include generic-game.inc
+include generic-unity-game.inc
diff --git a/profiles/discord.local b/profiles/discord.local
deleted file mode 100644
index 76dc0be..0000000
--- a/profiles/discord.local
+++ /dev/null
@@ -1,13 +0,0 @@
-noblacklist /opt/discord
-
-whitelist /opt/discord
-
-ipc-namespace
-# machine-id
-ignore noroot
-shell none
-# # tracelog breaks CEF
-# tracelog
-
-disable-mnt
-private-etc asound.conf,fonts,machine-id,pulse,resolv.conf
diff --git a/profiles/generic-unity-game.inc b/profiles/generic-unity-game.inc
new file mode 100644
index 0000000..cd19424
--- /dev/null
+++ b/profiles/generic-unity-game.inc
@@ -0,0 +1,37 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include generic-unity-game.local
+
+
+noblacklist ${HOME}/.config/unity3d
+
+# # Exmaple noblacklist for per-game profiles
+# noblacklist ${HOME}/.config/unity3d/Colossal Order
+# noblacklist ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines
+# noblacklist ${HOME}/.local/share/Colossal Order
+# noblacklist ${HOME}/.local/share/Colossal Order/Cities_Skylines
+
+mkdir ${HOME}/.config/unity3d
+
+# # Exmaple mkdir for per-game profiles
+# mkdir ${HOME}/.config/unity3d/Colossal Order
+# mkdir ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines
+# mkdir ${HOME}/.local/share/Colossal Order
+# mkdir ${HOME}/.local/share/Colossal Order/Cities_Skylines
+
+# # Exmaple whitelist for per-game profiles
+# whitelist ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines
+# whitelist ${HOME}/.local/share/Colossal Order/Cities_Skylines
+# whitelist ${HOME}/games/CitiesSkylines
+
+# # Exmaple read-only for per-game profiles
+# read-only ${HOME}/games/CitiesSkylines
+
+protocol unix,netlink
+seccomp !name_to_handle_at
+
+ignore memory-deny-write-execute
+
+ignore noexec ${HOME}
+
+include generic-game.inc
diff --git a/profiles/keepassxc.local b/profiles/keepassxc.local
index 23d2118..b936393 100644
--- a/profiles/keepassxc.local
+++ b/profiles/keepassxc.local
@@ -21,7 +21,7 @@ protocol unix
# # seccomp breaks integrated file manager on kde applications
# # due to syscall name_to_handle_at
-seccomp !name_to_handle_at
+#seccomp !name_to_handle_at
tracelog
diff --git a/profiles/mini-metro.profile b/profiles/mini-metro.profile
index 4a9f247..26cbd1d 100644
--- a/profiles/mini-metro.profile
+++ b/profiles/mini-metro.profile
@@ -4,22 +4,13 @@ include mini-metro.local
# Persistent global definitions
include globals.local
-noblacklist ${HOME}/.config/unity3d
noblacklist ${HOME}/.config/unity3d/Dinosaur Polo Club
noblacklist ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro
-mkdir ${HOME}/.config/unity3d
mkdir ${HOME}/.config/unity3d/Dinosaur Polo Club
mkdir ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro
whitelist ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro
whitelist ${HOME}/games/Mini Metro
read-only ${HOME}/games/Mini Metro
-protocol unix,netlink
-seccomp !name_to_handle_at
-
-ignore memory-deny-write-execute
-
-ignore noexec ${HOME}
-
-include generic-game.inc
+include generic-unity-game.inc
diff --git a/profiles/newsboat.local b/profiles/newsboat.local
index e100217..8d16db1 100644
--- a/profiles/newsboat.local
+++ b/profiles/newsboat.local
@@ -14,7 +14,7 @@ private-etc alternatives,ca-certificates,crypto-policies,login.defs,pki,passwd,r
# if no w3m
# protocol unix,inet,inet6
-# private-bin newsboat,curl,w3m
+# private-bin gzip,newsboat,curl,w3m,sh
# private-etc ca-certificates,resolv.conf,ssl
# # Use with hardened-malloc package
diff --git a/profiles/othercide.profile b/profiles/othercide.profile
new file mode 100644
index 0000000..1469c27
--- /dev/null
+++ b/profiles/othercide.profile
@@ -0,0 +1,26 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include othercide.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/wineprefixes/Othercide
+whitelist ${HOME}/.local/share/wineprefixes/Othercide
+
+# machine-id, obs, and alsa don't get along
+#ignore machine-id
+
+seccomp !name_to_handle_at
+
+
+# Uncomment these for controller support
+#ignore net none
+#protocol unix,inet,inet6,netlink
+#ignore private-dev
+
+
+ignore memory-deny-write-execute
+
+ignore noexec ${HOME}
+
+include generic-wine-game.inc
diff --git a/profiles/pathfinder-kingmaker.profile b/profiles/pathfinder-kingmaker.profile
new file mode 100644
index 0000000..d6c4cbe
--- /dev/null
+++ b/profiles/pathfinder-kingmaker.profile
@@ -0,0 +1,16 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pathfinder-kingmaker.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/unity3d/Owlcat Games
+noblacklist ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker
+
+mkdir ${HOME}/.config/unity3d/Owlcat Games
+mkdir ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker
+whitelist ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker
+whitelist ${HOME}/games/Pathfinder Kingmaker
+read-only ${HOME}/games/Pathfinder Kingmaker
+
+include generic-unity-game.inc
diff --git a/profiles/vambrace-cold-soul.profile b/profiles/vambrace-cold-soul.profile
index d97a31d..7964541 100644
--- a/profiles/vambrace-cold-soul.profile
+++ b/profiles/vambrace-cold-soul.profile
@@ -4,21 +4,13 @@ include vambrace-cold-soul.local
# Persistent global definitions
include globals.local
-noblacklist ${HOME}/.config/unity3d
noblacklist ${HOME}/.config/unity3d/DevespressoGames
noblacklist ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul
-mkdir ${HOME}/.config/unity3d
mkdir ${HOME}/.config/unity3d/DevespressoGames
mkdir ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul
whitelist ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul
whitelist ${HOME}/games/Vambrace - Cold Soul
read-only ${HOME}/games/Vambrace - Cold Soul
-seccomp !name_to_handle_at
-
-ignore memory-deny-write-execute
-
-ignore noexec ${HOME}
-
-include generic-game.inc
+include generic-unity-game.inc
diff --git a/profiles/warhammer40k-mechanicus.profile b/profiles/warhammer40k-mechanicus.profile
index 32948eb..e8dfbd3 100644
--- a/profiles/warhammer40k-mechanicus.profile
+++ b/profiles/warhammer40k-mechanicus.profile
@@ -4,23 +4,13 @@ include warhammer40k-mechanicus.local
# Persistent global definitions
include globals.local
-noblacklist ${HOME}/.config/unity3d
noblacklist ${HOME}/.config/unity3d/BulwarkStudios
noblacklist ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus
-mkdir ${HOME}/.config/unity3d
mkdir ${HOME}/.config/unity3d/BulwarkStudios
mkdir ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus
whitelist ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus
whitelist ${HOME}/games/Warhammer 40k - Mechanicus
read-only ${HOME}/games/Warhammer 40k - Mechanicus
-#ignore machine-id
-protocol unix,netlink
-seccomp !name_to_handle_at
-
-ignore memory-deny-write-execute
-
-ignore noexec ${HOME}
-
-include generic-game.inc
+include generic-unity-game.inc
diff --git a/profiles/wine.local b/profiles/wine.local
index d2b5003..ebad424 100644
--- a/profiles/wine.local
+++ b/profiles/wine.local
@@ -7,6 +7,7 @@ mkdir ${HOME}/.wine
mkdir ${HOME}/.config/q4wine
mkdir ${HOME}/.local/share/wineprefixes
whitelist ${HOME}/.wine
+whitelist ${HOME}/.cache/winetricks
whitelist ${HOME}/.config/q4wine
whitelist ${HOME}/.local/share/wineprefixes
whitelist /tmp/.wine-*
diff --git a/profiles/ziggurat.profile b/profiles/ziggurat.profile
index 8bf725f..dc48378 100644
--- a/profiles/ziggurat.profile
+++ b/profiles/ziggurat.profile
@@ -4,23 +4,13 @@ include ziggurat.local
# Persistent global definitions
include globals.local
-noblacklist ${HOME}/.config/unity3d
noblacklist ${HOME}/.config/unity3d/Milkstone Studios
noblacklist ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat
-noblacklist ${HOME}/.nv
-mkdir ${HOME}/.config/unity3d
mkdir ${HOME}/.config/unity3d/Milkstone Studios
mkdir ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat
whitelist ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat
whitelist ${HOME}/games/Ziggurat
read-only ${HOME}/games/Ziggurat
-protocol unix,netlink
-seccomp !name_to_handle_at
-
-ignore memory-deny-write-execute
-
-ignore noexec ${HOME}
-
-include generic-game.inc
+include generic-unity-game.inc