From 883338fd66681d136fc45549424140dc52ed3715 Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Thu, 7 May 2020 01:32:59 -0700
Subject: Add mupen64plus-qt profile Add note for qtox

---
 profiles/mupen64plus-qt.profile | 37 +++++++++++++++++++++++++++++++++++++
 profiles/qtox.local             |  1 +
 profiles/vlc.local              |  3 ++-
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 profiles/mupen64plus-qt.profile

(limited to 'profiles')

diff --git a/profiles/mupen64plus-qt.profile b/profiles/mupen64plus-qt.profile
new file mode 100644
index 0000000..b1971d7
--- /dev/null
+++ b/profiles/mupen64plus-qt.profile
@@ -0,0 +1,37 @@
+# Firejail profile for mupen64plus
+# Description: Nintendo64 Emulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mupen64plus.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/mupen64plus
+noblacklist ${HOME}/.local/share/mupen64plus
+
+include disable-common.inc
+include disable-devel.inc
+include disable-passwdmgr.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+# you'll need to manually whitelist ROM files
+mkdir ${HOME}/.config/mupen64plus
+mkdir ${HOME}/.local/share/mupen64plus
+mkdir ${HOME}/.local/share/mupen64plus-qt
+whitelist ${HOME}/.config/mupen64plus
+whitelist ${HOME}/.local/share/mupen64plus
+whitelist ${HOME}/.local/share/mupen64plus-qt
+whitelist ${HOME}/games/Emulators/N64GAMES
+read-only ${HOME}/games/Emulators/N64GAMES
+include whitelist-common.inc
+
+caps.drop all
+net none
+nodbus
+nodvd
+nonewprivs
+noroot
+notv
+novideo
+seccomp
diff --git a/profiles/qtox.local b/profiles/qtox.local
index 45bd4c7..28cfcdb 100644
--- a/profiles/qtox.local
+++ b/profiles/qtox.local
@@ -20,4 +20,5 @@ private-bin qtox,dbus-launch
 private-etc asound.conf,fonts,group,ld.so.cache,localtime,machine-id,passwd,pulse,resolv.conf
 
 # # Use with hardened-malloc package
+# This breaks qtox on amdgpu for some reason
 env LD_PRELOAD=/usr/lib/libhardened_malloc.so
diff --git a/profiles/vlc.local b/profiles/vlc.local
index 29c9ed8..e34e172 100644
--- a/profiles/vlc.local
+++ b/profiles/vlc.local
@@ -7,4 +7,5 @@ nodbus
 
 # # seccomp breaks integrated file manager on kde applications
 # # due to syscall name_to_handle_at
-seccomp !name_to_handle_at
+# # kcmp syscall requied by amdgpu hardware acceleration
+seccomp !name_to_handle_at,!kcmp
-- 
cgit v1.2.1