Merge pull request #1501 from SpotComms/iio

Tweak itch.io profile
author: netblue30 <netblue30@yahoo.com> 2017-09-02 11:36:15 -0400
committer: GitHub <noreply@github.com> 2017-09-02 11:36:15 -0400
commit: c5b79700b46dcea0daa47bb11aeb80836db5d58d (patch)
tree: ab199c2310729e4377163e93a83acaf673ede891 /etc
parent: Merge pull request #1515 from SpotComms/sf (diff)
parent: Tweak itch.io profile (diff)
download: firejail-c5b79700b46dcea0daa47bb11aeb80836db5d58d.tar.gz
firejail-c5b79700b46dcea0daa47bb11aeb80836db5d58d.tar.zst
firejail-c5b79700b46dcea0daa47bb11aeb80836db5d58d.zip
2 files changed, 9 insertions, 4 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index b833a3f68..13ed3f212 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/inox
+blacklist ${HOME}/.config/itch
 blacklist ${HOME}/.config/jd-gui.cfg
 blacklist ${HOME}/.config/k3brc
 blacklist ${HOME}/.config/katepartrc
diff --git a/etc/itch.profile b/etc/itch.profile
index c7a12dfee..7e8f0518d 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-noblacklist ~/.config/itch
+# itch.io has native firejail/sandboxing support bundled in
+# See https://itch.io/docs/itch/using/sandbox/linux.html
+noblacklist ${HOME}/.config/itch
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
-whitelist ~/.config/itch
+mkdir ${HOME}/.config/itch
+whitelist ${HOME}/.config/itch
 include /etc/firejail/whitelist-common.inc
 caps.drop all
@@ -22,6 +26,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
@@ -29,5 +34,4 @@ shell none
 private-dev
 private-tmp
-noexec ${HOME}
 noexec /tmp
author	netblue30 <netblue30@yahoo.com>	2017-09-02 11:36:15 -0400
committer	GitHub <noreply@github.com>	2017-09-02 11:36:15 -0400
commit	c5b79700b46dcea0daa47bb11aeb80836db5d58d (patch)
tree	ab199c2310729e4377163e93a83acaf673ede891 /etc
parent	Merge pull request #1515 from SpotComms/sf (diff)
parent	Tweak itch.io profile (diff)
download	firejail-c5b79700b46dcea0daa47bb11aeb80836db5d58d.tar.gz firejail-c5b79700b46dcea0daa47bb11aeb80836db5d58d.tar.zst firejail-c5b79700b46dcea0daa47bb11aeb80836db5d58d.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index b833a3f68..13ed3f212 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/gthumb
106	blacklist ${HOME}/.config/gwenviewrc	106	blacklist ${HOME}/.config/gwenviewrc
107	blacklist ${HOME}/.config/hexchat	107	blacklist ${HOME}/.config/hexchat
108	blacklist ${HOME}/.config/inox	108	blacklist ${HOME}/.config/inox
		109	blacklist ${HOME}/.config/itch
109	blacklist ${HOME}/.config/jd-gui.cfg	110	blacklist ${HOME}/.config/jd-gui.cfg
110	blacklist ${HOME}/.config/k3brc	111	blacklist ${HOME}/.config/k3brc
111	blacklist ${HOME}/.config/katepartrc	112	blacklist ${HOME}/.config/katepartrc


diff --git a/etc/itch.profile b/etc/itch.profile index c7a12dfee..7e8f0518d 100644 --- a/etc/itch.profile +++ b/etc/itch.profile
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local
5	# Persistent global definitions	5	# Persistent global definitions
6	include /etc/firejail/globals.local	6	include /etc/firejail/globals.local
7		7
8	noblacklist ~/.config/itch	8	# itch.io has native firejail/sandboxing support bundled in
		9	# See https://itch.io/docs/itch/using/sandbox/linux.html
		10
		11	noblacklist ${HOME}/.config/itch
9		12
10	include /etc/firejail/disable-common.inc	13	include /etc/firejail/disable-common.inc
11	include /etc/firejail/disable-devel.inc	14	include /etc/firejail/disable-devel.inc
		15	include /etc/firejail/disable-passwdmgr.inc
12	include /etc/firejail/disable-programs.inc	16	include /etc/firejail/disable-programs.inc
13		17
14	whitelist ~/.config/itch	18	mkdir ${HOME}/.config/itch
15		19	whitelist ${HOME}/.config/itch
16	include /etc/firejail/whitelist-common.inc	20	include /etc/firejail/whitelist-common.inc
17		21
18	caps.drop all	22	caps.drop all
@@ -22,6 +26,7 @@ nogroups
22	nonewprivs	26	nonewprivs
23	noroot	27	noroot
24	notv	28	notv
		29	novideo
25	protocol unix,inet,inet6,netlink	30	protocol unix,inet,inet6,netlink
26	seccomp	31	seccomp
27	shell none	32	shell none
@@ -29,5 +34,4 @@ shell none
29	private-dev	34	private-dev
30	private-tmp	35	private-tmp
31		36
32	noexec ${HOME}
33	noexec /tmp	37	noexec /tmp