diff options
-rw-r--r-- | PKGBUILD | 4 | ||||
-rw-r--r-- | profiles/0ad.local | 1 | ||||
-rw-r--r-- | profiles/cities-skylines.profile | 11 | ||||
-rw-r--r-- | profiles/discord.local | 13 | ||||
-rw-r--r-- | profiles/generic-unity-game.inc | 37 | ||||
-rw-r--r-- | profiles/keepassxc.local | 2 | ||||
-rw-r--r-- | profiles/mini-metro.profile | 11 | ||||
-rw-r--r-- | profiles/newsboat.local | 2 | ||||
-rw-r--r-- | profiles/othercide.profile | 26 | ||||
-rw-r--r-- | profiles/pathfinder-kingmaker.profile | 16 | ||||
-rw-r--r-- | profiles/vambrace-cold-soul.profile | 10 | ||||
-rw-r--r-- | profiles/warhammer40k-mechanicus.profile | 12 | ||||
-rw-r--r-- | profiles/wine.local | 1 | ||||
-rw-r--r-- | profiles/ziggurat.profile | 12 |
14 files changed, 89 insertions, 69 deletions
@@ -1,7 +1,7 @@ # Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net> pkgname=firejail-profiles -pkgver=20210205 +pkgver=20210325 pkgrel=1 pkgdesc="Additional firejail profiles and locals" arch=('any') @@ -9,7 +9,7 @@ url="https://library.iserlohn-fortress.net/firejail-profiles.git" license=('GPLv3') depends=('firejail' 'hardened-malloc') source=(profiles.tar.gz) -b2sums=('2c96349db638a70c17b03eb93176e58e35a87d32b5a9bade8d5fedd92761c2d689da5576bbf53c02e6d56e7ad2482e10c967104515a47553e26989e5aab6ae83') +b2sums=('9a9d335c042ba1c150b4f7b21693186a23183b01551b4294dd273939ce39310b1f71e3ca62a37009e0c202e59d610f71357beada4d196b33d738e14f3b1aecda') package() { install --directory ${pkgdir}/etc/firejail diff --git a/profiles/0ad.local b/profiles/0ad.local deleted file mode 100644 index dc9c78f..0000000 --- a/profiles/0ad.local +++ /dev/null @@ -1 +0,0 @@ -include disable-xdg.inc diff --git a/profiles/cities-skylines.profile b/profiles/cities-skylines.profile index 142db0d..4035a70 100644 --- a/profiles/cities-skylines.profile +++ b/profiles/cities-skylines.profile @@ -4,13 +4,11 @@ include cities-skylines.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.config/unity3d noblacklist ${HOME}/.config/unity3d/Colossal Order noblacklist ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines noblacklist ${HOME}/.local/share/Colossal Order noblacklist ${HOME}/.local/share/Colossal Order/Cities_Skylines -mkdir ${HOME}/.config/unity3d mkdir ${HOME}/.config/unity3d/Colossal Order mkdir ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines mkdir ${HOME}/.local/share/Colossal Order @@ -20,11 +18,4 @@ whitelist ${HOME}/.local/share/Colossal Order/Cities_Skylines whitelist ${HOME}/games/CitiesSkylines read-only ${HOME}/games/CitiesSkylines -protocol unix,netlink -seccomp !name_to_handle_at,!kcmp - -ignore memory-deny-write-execute - -ignore noexec ${HOME} - -include generic-game.inc +include generic-unity-game.inc diff --git a/profiles/discord.local b/profiles/discord.local deleted file mode 100644 index 76dc0be..0000000 --- a/profiles/discord.local +++ /dev/null @@ -1,13 +0,0 @@ -noblacklist /opt/discord - -whitelist /opt/discord - -ipc-namespace -# machine-id -ignore noroot -shell none -# # tracelog breaks CEF -# tracelog - -disable-mnt -private-etc asound.conf,fonts,machine-id,pulse,resolv.conf diff --git a/profiles/generic-unity-game.inc b/profiles/generic-unity-game.inc new file mode 100644 index 0000000..cd19424 --- /dev/null +++ b/profiles/generic-unity-game.inc @@ -0,0 +1,37 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include generic-unity-game.local + + +noblacklist ${HOME}/.config/unity3d + +# # Exmaple noblacklist for per-game profiles +# noblacklist ${HOME}/.config/unity3d/Colossal Order +# noblacklist ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines +# noblacklist ${HOME}/.local/share/Colossal Order +# noblacklist ${HOME}/.local/share/Colossal Order/Cities_Skylines + +mkdir ${HOME}/.config/unity3d + +# # Exmaple mkdir for per-game profiles +# mkdir ${HOME}/.config/unity3d/Colossal Order +# mkdir ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines +# mkdir ${HOME}/.local/share/Colossal Order +# mkdir ${HOME}/.local/share/Colossal Order/Cities_Skylines + +# # Exmaple whitelist for per-game profiles +# whitelist ${HOME}/.config/unity3d/Colossal Order/Cities_ Skylines +# whitelist ${HOME}/.local/share/Colossal Order/Cities_Skylines +# whitelist ${HOME}/games/CitiesSkylines + +# # Exmaple read-only for per-game profiles +# read-only ${HOME}/games/CitiesSkylines + +protocol unix,netlink +seccomp !name_to_handle_at + +ignore memory-deny-write-execute + +ignore noexec ${HOME} + +include generic-game.inc diff --git a/profiles/keepassxc.local b/profiles/keepassxc.local index 23d2118..b936393 100644 --- a/profiles/keepassxc.local +++ b/profiles/keepassxc.local @@ -21,7 +21,7 @@ protocol unix # # seccomp breaks integrated file manager on kde applications # # due to syscall name_to_handle_at -seccomp !name_to_handle_at +#seccomp !name_to_handle_at tracelog diff --git a/profiles/mini-metro.profile b/profiles/mini-metro.profile index 4a9f247..26cbd1d 100644 --- a/profiles/mini-metro.profile +++ b/profiles/mini-metro.profile @@ -4,22 +4,13 @@ include mini-metro.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.config/unity3d noblacklist ${HOME}/.config/unity3d/Dinosaur Polo Club noblacklist ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro -mkdir ${HOME}/.config/unity3d mkdir ${HOME}/.config/unity3d/Dinosaur Polo Club mkdir ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro whitelist ${HOME}/.config/unity3d/Dinosaur Polo Club/Mini Metro whitelist ${HOME}/games/Mini Metro read-only ${HOME}/games/Mini Metro -protocol unix,netlink -seccomp !name_to_handle_at - -ignore memory-deny-write-execute - -ignore noexec ${HOME} - -include generic-game.inc +include generic-unity-game.inc diff --git a/profiles/newsboat.local b/profiles/newsboat.local index e100217..8d16db1 100644 --- a/profiles/newsboat.local +++ b/profiles/newsboat.local @@ -14,7 +14,7 @@ private-etc alternatives,ca-certificates,crypto-policies,login.defs,pki,passwd,r # if no w3m # protocol unix,inet,inet6 -# private-bin newsboat,curl,w3m +# private-bin gzip,newsboat,curl,w3m,sh # private-etc ca-certificates,resolv.conf,ssl # # Use with hardened-malloc package diff --git a/profiles/othercide.profile b/profiles/othercide.profile new file mode 100644 index 0000000..1469c27 --- /dev/null +++ b/profiles/othercide.profile @@ -0,0 +1,26 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include othercide.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.local/share/wineprefixes/Othercide +whitelist ${HOME}/.local/share/wineprefixes/Othercide + +# machine-id, obs, and alsa don't get along +#ignore machine-id + +seccomp !name_to_handle_at + + +# Uncomment these for controller support +#ignore net none +#protocol unix,inet,inet6,netlink +#ignore private-dev + + +ignore memory-deny-write-execute + +ignore noexec ${HOME} + +include generic-wine-game.inc diff --git a/profiles/pathfinder-kingmaker.profile b/profiles/pathfinder-kingmaker.profile new file mode 100644 index 0000000..d6c4cbe --- /dev/null +++ b/profiles/pathfinder-kingmaker.profile @@ -0,0 +1,16 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include pathfinder-kingmaker.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/unity3d/Owlcat Games +noblacklist ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker + +mkdir ${HOME}/.config/unity3d/Owlcat Games +mkdir ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker +whitelist ${HOME}/.config/unity3d/Owlcat Games/Pathfinder Kingmaker +whitelist ${HOME}/games/Pathfinder Kingmaker +read-only ${HOME}/games/Pathfinder Kingmaker + +include generic-unity-game.inc diff --git a/profiles/vambrace-cold-soul.profile b/profiles/vambrace-cold-soul.profile index d97a31d..7964541 100644 --- a/profiles/vambrace-cold-soul.profile +++ b/profiles/vambrace-cold-soul.profile @@ -4,21 +4,13 @@ include vambrace-cold-soul.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.config/unity3d noblacklist ${HOME}/.config/unity3d/DevespressoGames noblacklist ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul -mkdir ${HOME}/.config/unity3d mkdir ${HOME}/.config/unity3d/DevespressoGames mkdir ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul whitelist ${HOME}/.config/unity3d/DevespressoGames/VambraceColdSoul whitelist ${HOME}/games/Vambrace - Cold Soul read-only ${HOME}/games/Vambrace - Cold Soul -seccomp !name_to_handle_at - -ignore memory-deny-write-execute - -ignore noexec ${HOME} - -include generic-game.inc +include generic-unity-game.inc diff --git a/profiles/warhammer40k-mechanicus.profile b/profiles/warhammer40k-mechanicus.profile index 32948eb..e8dfbd3 100644 --- a/profiles/warhammer40k-mechanicus.profile +++ b/profiles/warhammer40k-mechanicus.profile @@ -4,23 +4,13 @@ include warhammer40k-mechanicus.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.config/unity3d noblacklist ${HOME}/.config/unity3d/BulwarkStudios noblacklist ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus -mkdir ${HOME}/.config/unity3d mkdir ${HOME}/.config/unity3d/BulwarkStudios mkdir ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus whitelist ${HOME}/.config/unity3d/BulwarkStudios/Mechanicus whitelist ${HOME}/games/Warhammer 40k - Mechanicus read-only ${HOME}/games/Warhammer 40k - Mechanicus -#ignore machine-id -protocol unix,netlink -seccomp !name_to_handle_at - -ignore memory-deny-write-execute - -ignore noexec ${HOME} - -include generic-game.inc +include generic-unity-game.inc diff --git a/profiles/wine.local b/profiles/wine.local index d2b5003..ebad424 100644 --- a/profiles/wine.local +++ b/profiles/wine.local @@ -7,6 +7,7 @@ mkdir ${HOME}/.wine mkdir ${HOME}/.config/q4wine mkdir ${HOME}/.local/share/wineprefixes whitelist ${HOME}/.wine +whitelist ${HOME}/.cache/winetricks whitelist ${HOME}/.config/q4wine whitelist ${HOME}/.local/share/wineprefixes whitelist /tmp/.wine-* diff --git a/profiles/ziggurat.profile b/profiles/ziggurat.profile index 8bf725f..dc48378 100644 --- a/profiles/ziggurat.profile +++ b/profiles/ziggurat.profile @@ -4,23 +4,13 @@ include ziggurat.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.config/unity3d noblacklist ${HOME}/.config/unity3d/Milkstone Studios noblacklist ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat -noblacklist ${HOME}/.nv -mkdir ${HOME}/.config/unity3d mkdir ${HOME}/.config/unity3d/Milkstone Studios mkdir ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat whitelist ${HOME}/.config/unity3d/Milkstone Studios/Ziggurat whitelist ${HOME}/games/Ziggurat read-only ${HOME}/games/Ziggurat -protocol unix,netlink -seccomp !name_to_handle_at - -ignore memory-deny-write-execute - -ignore noexec ${HOME} - -include generic-game.inc +include generic-unity-game.inc |