Tweak itch.io profile

author: Tad <tad@spotco.us> 2017-08-29 03:04:01 -0400
committer: Tad <tad@spotco.us> 2017-08-30 10:53:10 -0400
commit: 94edc7ef3f3d9f05310c7231bc8e607d685c2438 (patch)
tree: d633c40d05c075dc82bb9d26bbf304986862ebcd /etc
parent: fix seccomp secondary filter printing on i386 platform (diff)
download: firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.tar.gz
firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.tar.zst
firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.zip
2 files changed, 9 insertions, 4 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 736ac1e89..7ec842728 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/inox
+blacklist ${HOME}/.config/itch
 blacklist ${HOME}/.config/jd-gui.cfg
 blacklist ${HOME}/.config/k3brc
 blacklist ${HOME}/.config/katepartrc
diff --git a/etc/itch.profile b/etc/itch.profile
index c7a12dfee..7e8f0518d 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-noblacklist ~/.config/itch
+# itch.io has native firejail/sandboxing support bundled in
+# See https://itch.io/docs/itch/using/sandbox/linux.html
+noblacklist ${HOME}/.config/itch
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
-whitelist ~/.config/itch
+mkdir ${HOME}/.config/itch
+whitelist ${HOME}/.config/itch
 include /etc/firejail/whitelist-common.inc
 caps.drop all
@@ -22,6 +26,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
@@ -29,5 +34,4 @@ shell none
 private-dev
 private-tmp
-noexec ${HOME}
 noexec /tmp
author	Tad <tad@spotco.us>	2017-08-29 03:04:01 -0400
committer	Tad <tad@spotco.us>	2017-08-30 10:53:10 -0400
commit	94edc7ef3f3d9f05310c7231bc8e607d685c2438 (patch)
tree	d633c40d05c075dc82bb9d26bbf304986862ebcd /etc
parent	fix seccomp secondary filter printing on i386 platform (diff)
download	firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.tar.gz firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.tar.zst firejail-94edc7ef3f3d9f05310c7231bc8e607d685c2438.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 736ac1e89..7ec842728 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/gthumb
106	blacklist ${HOME}/.config/gwenviewrc	106	blacklist ${HOME}/.config/gwenviewrc
107	blacklist ${HOME}/.config/hexchat	107	blacklist ${HOME}/.config/hexchat
108	blacklist ${HOME}/.config/inox	108	blacklist ${HOME}/.config/inox
		109	blacklist ${HOME}/.config/itch
109	blacklist ${HOME}/.config/jd-gui.cfg	110	blacklist ${HOME}/.config/jd-gui.cfg
110	blacklist ${HOME}/.config/k3brc	111	blacklist ${HOME}/.config/k3brc
111	blacklist ${HOME}/.config/katepartrc	112	blacklist ${HOME}/.config/katepartrc


diff --git a/etc/itch.profile b/etc/itch.profile index c7a12dfee..7e8f0518d 100644 --- a/etc/itch.profile +++ b/etc/itch.profile
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local
5	# Persistent global definitions	5	# Persistent global definitions
6	include /etc/firejail/globals.local	6	include /etc/firejail/globals.local
7		7
8	noblacklist ~/.config/itch	8	# itch.io has native firejail/sandboxing support bundled in
		9	# See https://itch.io/docs/itch/using/sandbox/linux.html
		10
		11	noblacklist ${HOME}/.config/itch
9		12
10	include /etc/firejail/disable-common.inc	13	include /etc/firejail/disable-common.inc
11	include /etc/firejail/disable-devel.inc	14	include /etc/firejail/disable-devel.inc
		15	include /etc/firejail/disable-passwdmgr.inc
12	include /etc/firejail/disable-programs.inc	16	include /etc/firejail/disable-programs.inc
13		17
14	whitelist ~/.config/itch	18	mkdir ${HOME}/.config/itch
15		19	whitelist ${HOME}/.config/itch
16	include /etc/firejail/whitelist-common.inc	20	include /etc/firejail/whitelist-common.inc
17		21
18	caps.drop all	22	caps.drop all
@@ -22,6 +26,7 @@ nogroups
22	nonewprivs	26	nonewprivs
23	noroot	27	noroot
24	notv	28	notv
		29	novideo
25	protocol unix,inet,inet6,netlink	30	protocol unix,inet,inet6,netlink
26	seccomp	31	seccomp
27	shell none	32	shell none
@@ -29,5 +34,4 @@ shell none
29	private-dev	34	private-dev
30	private-tmp	35	private-tmp
31		36
32	noexec ${HOME}
33	noexec /tmp	37	noexec /tmp