Merge pull request #4826 from adrianlshaw/master

RPCS3 profile
author: netblue30 <netblue30@protonmail.com> 2022-01-08 22:29:52 +0000
committer: GitHub <noreply@github.com> 2022-01-08 22:29:52 +0000
commit: 28caabfdd7347b57396bcbf7bf15600207513380 (patch)
tree: 38c9fe649ee6b87f44ee510b83db1d016da781f0 /etc/profile-m-z
parent: Merge pull request #4827 from kmk3/noprinters-add-missing (diff)
parent: Add rpcs3 profile (diff)
download: firejail-28caabfdd7347b57396bcbf7bf15600207513380.tar.gz
firejail-28caabfdd7347b57396bcbf7bf15600207513380.tar.zst
firejail-28caabfdd7347b57396bcbf7bf15600207513380.zip
1 files changed, 62 insertions, 0 deletions
diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile
new file mode 100644
index 000000000..147afb236
--- /dev/null
+++ b/etc/profile-m-z/rpcs3.profile
@@ -0,0 +1,62 @@
+# Firejail profile for RPCS3 emulator
+# Description: RPCS3 emulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include rpcs3.local 
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/rpcs3
+noblacklist ${HOME}/.cache/rpcs3
+# Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
+# won't even start.
+noblacklist /sbin
+noblacklist /usr/sbin
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc # disable if PPU compilation crashes
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/rpcs3
+mkdir ${HOME}/.config/rpcs3
+whitelist ${HOME}/.cache/rpcs3
+whitelist ${HOME}/.config/rpcs3
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+netfilter
+nodvd
+nogroups
+#noinput
+nonewprivs
+noroot
+noprinters
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+#private-cache
+#private-etc ca-certificates,crypto-policies,machine-id,pki,resolv.conf,ssl # seems to need awk
+private-tmp
+dbus-user none
+dbus-system none
author	netblue30 <netblue30@protonmail.com>	2022-01-08 22:29:52 +0000
committer	GitHub <noreply@github.com>	2022-01-08 22:29:52 +0000
commit	28caabfdd7347b57396bcbf7bf15600207513380 (patch)
tree	38c9fe649ee6b87f44ee510b83db1d016da781f0 /etc/profile-m-z
parent	Merge pull request #4827 from kmk3/noprinters-add-missing (diff)
parent	Add rpcs3 profile (diff)
download	firejail-28caabfdd7347b57396bcbf7bf15600207513380.tar.gz firejail-28caabfdd7347b57396bcbf7bf15600207513380.tar.zst firejail-28caabfdd7347b57396bcbf7bf15600207513380.zip

diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile new file mode 100644 index 000000000..147afb236 --- /dev/null +++ b/etc/profile-m-z/rpcs3.profile
@@ -0,0 +1,62 @@
	1	# Firejail profile for RPCS3 emulator
	2	# Description: RPCS3 emulator
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include rpcs3.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/rpcs3
	10	noblacklist ${HOME}/.cache/rpcs3
	11	# Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise
	12	# won't even start.
	13	noblacklist /sbin
	14	noblacklist /usr/sbin
	15
	16	blacklist /usr/libexec
	17
	18	include disable-common.inc
	19	include disable-devel.inc
	20	include disable-exec.inc
	21	include disable-interpreters.inc
	22	include disable-programs.inc # disable if PPU compilation crashes
	23	include disable-shell.inc
	24	include disable-xdg.inc
	25
	26	mkdir ${HOME}/.cache/rpcs3
	27	mkdir ${HOME}/.config/rpcs3
	28	whitelist ${HOME}/.cache/rpcs3
	29	whitelist ${HOME}/.config/rpcs3
	30	whitelist ${DOWNLOADS}
	31	include whitelist-common.inc
	32	include whitelist-run-common.inc
	33	include whitelist-runuser-common.inc
	34	include whitelist-usr-share-common.inc
	35	include whitelist-var-common.inc
	36
	37	apparmor
	38	caps.drop all
	39	net none
	40	netfilter
	41	nodvd
	42	nogroups
	43	#noinput
	44	nonewprivs
	45	noroot
	46	noprinters
	47	notv
	48	nou2f
	49	novideo
	50	protocol unix,netlink
	51	seccomp
	52	seccomp.block-secondary
	53	shell none
	54	tracelog
	55
	56	disable-mnt
	57	#private-cache
	58	#private-etc ca-certificates,crypto-policies,machine-id,pki,resolv.conf,ssl # seems to need awk
	59	private-tmp
	60
	61	dbus-user none
	62	dbus-system none