New profile: parsecd

author: NetSysFire <59517351+NetSysFire@users.noreply.github.com> 2023-02-07 11:35:47 +0100
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-02-18 11:42:55 -0300
commit: 9fa9d088874427ebcf8e45e9334102bd337475be (patch)
tree: 49a8329f975e817175c29e2e759fa16957befaf6 /etc/profile-m-z
parent: testing (diff)
download: firejail-9fa9d088874427ebcf8e45e9334102bd337475be.tar.gz
firejail-9fa9d088874427ebcf8e45e9334102bd337475be.tar.zst
firejail-9fa9d088874427ebcf8e45e9334102bd337475be.zip
1 files changed, 44 insertions, 0 deletions
diff --git a/etc/profile-m-z/parsecd.profile b/etc/profile-m-z/parsecd.profile
new file mode 100644
index 000000000..398af7f80
--- /dev/null
+++ b/etc/profile-m-z/parsecd.profile
@@ -0,0 +1,44 @@
+# Firejail profile for Parsec
+# Description: Remote desktop application focused on gaming and other 3D applications
+# This file is overwritten after every install/update
+# Persistent local customizations
+include parsecd.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.parsec
+mkdir ${HOME}/.parsec
+whitelist ${HOME}/.parsec
+whitelist /usr/share/parsec
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+# Due to the nature of parsec, the following directives will not work:
+# - no3d
+# - novideo
+# - nosound
+# - noinput (it does remote passthrough stuff for gamepads)
+# - private-dev (because of the above)
+apparmor
+caps.drop all
+nodvd
+nogroups
+nonewprivs
+notv
+nou2f
+noroot
+# Will fail to start with mty_evdev_create: 'udev_monitor_new_from_netlink' failed without netlink
+protocol unix,inet,inet6,netlink
+seccomp !tgkill
+seccomp.block-secondary
+# Will not start with zenity missing
+private-bin parsecd,zenity
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
author	NetSysFire <59517351+NetSysFire@users.noreply.github.com>	2023-02-07 11:35:47 +0100
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-02-18 11:42:55 -0300
commit	9fa9d088874427ebcf8e45e9334102bd337475be (patch)
tree	49a8329f975e817175c29e2e759fa16957befaf6 /etc/profile-m-z
parent	testing (diff)
download	firejail-9fa9d088874427ebcf8e45e9334102bd337475be.tar.gz firejail-9fa9d088874427ebcf8e45e9334102bd337475be.tar.zst firejail-9fa9d088874427ebcf8e45e9334102bd337475be.zip

diff --git a/etc/profile-m-z/parsecd.profile b/etc/profile-m-z/parsecd.profile new file mode 100644 index 000000000..398af7f80 --- /dev/null +++ b/etc/profile-m-z/parsecd.profile
@@ -0,0 +1,44 @@
	1	# Firejail profile for Parsec
	2	# Description: Remote desktop application focused on gaming and other 3D applications
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include parsecd.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.parsec
	10
	11	mkdir ${HOME}/.parsec
	12	whitelist ${HOME}/.parsec
	13	whitelist /usr/share/parsec
	14	include whitelist-common.inc
	15	include whitelist-usr-share-common.inc
	16
	17	# Due to the nature of parsec, the following directives will not work:
	18	# - no3d
	19	# - novideo
	20	# - nosound
	21	# - noinput (it does remote passthrough stuff for gamepads)
	22	# - private-dev (because of the above)
	23	apparmor
	24	caps.drop all
	25	nodvd
	26	nogroups
	27	nonewprivs
	28	notv
	29	nou2f
	30	noroot
	31	# Will fail to start with mty_evdev_create: 'udev_monitor_new_from_netlink' failed without netlink
	32	protocol unix,inet,inet6,netlink
	33	seccomp !tgkill
	34	seccomp.block-secondary
	35
	36	# Will not start with zenity missing
	37	private-bin parsecd,zenity
	38	private-tmp
	39
	40	dbus-user none
	41	dbus-system none
	42
	43	memory-deny-write-execute
	44	restrict-namespaces