diff options
author | Tad <tad@spotco.us> | 2017-08-29 03:04:01 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-08-30 10:53:10 -0400 |
commit | 94edc7ef3f3d9f05310c7231bc8e607d685c2438 (patch) | |
tree | d633c40d05c075dc82bb9d26bbf304986862ebcd | |
parent | fix seccomp secondary filter printing on i386 platform (diff) | |
download | firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.tar.gz firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.tar.zst firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.zip |
Tweak itch.io profile
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/itch.profile | 12 |
2 files changed, 9 insertions, 4 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 736ac1e89..7ec842728 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/gthumb | |||
106 | blacklist ${HOME}/.config/gwenviewrc | 106 | blacklist ${HOME}/.config/gwenviewrc |
107 | blacklist ${HOME}/.config/hexchat | 107 | blacklist ${HOME}/.config/hexchat |
108 | blacklist ${HOME}/.config/inox | 108 | blacklist ${HOME}/.config/inox |
109 | blacklist ${HOME}/.config/itch | ||
109 | blacklist ${HOME}/.config/jd-gui.cfg | 110 | blacklist ${HOME}/.config/jd-gui.cfg |
110 | blacklist ${HOME}/.config/k3brc | 111 | blacklist ${HOME}/.config/k3brc |
111 | blacklist ${HOME}/.config/katepartrc | 112 | blacklist ${HOME}/.config/katepartrc |
diff --git a/etc/itch.profile b/etc/itch.profile index c7a12dfee..7e8f0518d 100644 --- a/etc/itch.profile +++ b/etc/itch.profile | |||
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/itch | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | ||
10 | |||
11 | noblacklist ${HOME}/.config/itch | ||
9 | 12 | ||
10 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
13 | 17 | ||
14 | whitelist ~/.config/itch | 18 | mkdir ${HOME}/.config/itch |
15 | 19 | whitelist ${HOME}/.config/itch | |
16 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
17 | 21 | ||
18 | caps.drop all | 22 | caps.drop all |
@@ -22,6 +26,7 @@ nogroups | |||
22 | nonewprivs | 26 | nonewprivs |
23 | noroot | 27 | noroot |
24 | notv | 28 | notv |
29 | novideo | ||
25 | protocol unix,inet,inet6,netlink | 30 | protocol unix,inet,inet6,netlink |
26 | seccomp | 31 | seccomp |
27 | shell none | 32 | shell none |
@@ -29,5 +34,4 @@ shell none | |||
29 | private-dev | 34 | private-dev |
30 | private-tmp | 35 | private-tmp |
31 | 36 | ||
32 | noexec ${HOME} | ||
33 | noexec /tmp | 37 | noexec /tmp |