aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar Davide Beatrici <git@davidebeatrici.dev>2020-03-24 23:09:21 +0100
committerLibravatar Davide Beatrici <git@davidebeatrici.dev>2020-03-24 23:09:21 +0100
commitb086e9305528cd6ea89ee22b1714fd9eb4f8c801 (patch)
tree53da7c63e8274eff8870334a8915b8dfdaaa0b14 /etc
parentAdd a profile for X2GoClient (diff)
downloadfirejail-b086e9305528cd6ea89ee22b1714fd9eb4f8c801.tar.gz
firejail-b086e9305528cd6ea89ee22b1714fd9eb4f8c801.tar.zst
firejail-b086e9305528cd6ea89ee22b1714fd9eb4f8c801.zip
steam.profile: correctly blacklist unneeded directories in user's home
"noblacklist" directives prevent following ones from blacklisting the specified directory/file. The profile currently has a "noblacklist" directive for each directory used by Steam and/or its games, which is fine. However, there are no directives blacklisting the user's home, thus all directories and files inside it are accessible by Steam. This commit fixes the issue by adding "whitelist" directives, which automatically blacklist the parent directory (in this case the user's home). "mkdir" and "mkfile" directives are added so that the directories/files are created if they don't exist. Thanks to @SkewedZeppelin for suggesting to keep "noblacklist" and use "mkdir" and "mkfile".
Diffstat (limited to 'etc')
-rw-r--r--etc/steam.profile28
1 files changed, 28 insertions, 0 deletions
diff --git a/etc/steam.profile b/etc/steam.profile
index 499d21e6d..c6f0ca145 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -36,6 +36,34 @@ include disable-interpreters.inc
36include disable-passwdmgr.inc 36include disable-passwdmgr.inc
37include disable-programs.inc 37include disable-programs.inc
38 38
39mkdir ${HOME}/.killingfloor
40mkdir ${HOME}/.local/share/3909/PapersPlease
41mkdir ${HOME}/.local/share/aspyr-media
42mkdir ${HOME}/.local/share/cdprojektred
43mkdir ${HOME}/.local/share/feral-interactive
44mkdir ${HOME}/.local/share/Steam
45mkdir ${HOME}/.local/share/SuperHexagon
46mkdir ${HOME}/.local/share/Terraria
47mkdir ${HOME}/.local/share/vpltd
48mkdir ${HOME}/.local/share/vulkan
49mkdir ${HOME}/.steam
50mkfile ${HOME}/.steampath
51mkfile ${HOME}/.steampid
52whitelist ${HOME}/.killingfloor
53whitelist ${HOME}/.local/share/3909/PapersPlease
54whitelist ${HOME}/.local/share/aspyr-media
55whitelist ${HOME}/.local/share/cdprojektred
56whitelist ${HOME}/.local/share/feral-interactive
57whitelist ${HOME}/.local/share/Steam
58whitelist ${HOME}/.local/share/SuperHexagon
59whitelist ${HOME}/.local/share/Terraria
60whitelist ${HOME}/.local/share/vpltd
61whitelist ${HOME}/.local/share/vulkan
62whitelist ${HOME}/.steam
63whitelist ${HOME}/.steampath
64whitelist ${HOME}/.steampid
65whitelist ${HOME}/.steampid
66include whitelist-common.inc
39include whitelist-var-common.inc 67include whitelist-var-common.inc
40 68
41caps.drop all 69caps.drop all
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-26 15:04:15 +0000