diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/inc/whitelist-usr-share-common.inc | 2 | ||||
-rw-r--r-- | etc/profile-a-l/lutris.profile | 74 | ||||
-rw-r--r-- | etc/profile-m-z/wine.profile | 3 |
6 files changed, 85 insertions, 2 deletions
@@ -194,4 +194,4 @@ Stats: | |||
194 | 194 | ||
195 | ### New profiles: | 195 | ### New profiles: |
196 | 196 | ||
197 | spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer | 197 | spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris |
@@ -4,7 +4,7 @@ firejail (0.9.65) baseline; urgency=low | |||
4 | * allow AF_BLUETOOTH via --protocol=bluetooth | 4 | * allow AF_BLUETOOTH via --protocol=bluetooth |
5 | * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer | 5 | * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer |
6 | * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer | 6 | * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer |
7 | * new profiles: straw-viewer | 7 | * new profiles: straw-viewer, lutris |
8 | 8 | ||
9 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 | 9 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 |
10 | 10 | ||
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 976f988b2..942dbb2bc 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -293,6 +293,7 @@ blacklist ${HOME}/.config/libreoffice | |||
293 | blacklist ${HOME}/.config/liferea | 293 | blacklist ${HOME}/.config/liferea |
294 | blacklist ${HOME}/.config/linphone | 294 | blacklist ${HOME}/.config/linphone |
295 | blacklist ${HOME}/.config/lugaru | 295 | blacklist ${HOME}/.config/lugaru |
296 | blacklist ${HOME}/.config/lutris | ||
296 | blacklist ${HOME}/.config/lximage-qt | 297 | blacklist ${HOME}/.config/lximage-qt |
297 | blacklist ${HOME}/.config/mailtransports | 298 | blacklist ${HOME}/.config/mailtransports |
298 | blacklist ${HOME}/.local/share/man | 299 | blacklist ${HOME}/.local/share/man |
@@ -662,6 +663,7 @@ blacklist ${HOME}/.local/share/local-mail | |||
662 | blacklist ${HOME}/.local/share/lollypop | 663 | blacklist ${HOME}/.local/share/lollypop |
663 | blacklist ${HOME}/.local/share/love | 664 | blacklist ${HOME}/.local/share/love |
664 | blacklist ${HOME}/.local/share/lugaru | 665 | blacklist ${HOME}/.local/share/lugaru |
666 | blacklist ${HOME}/.local/share/lutris | ||
665 | blacklist ${HOME}/.local/share/mana | 667 | blacklist ${HOME}/.local/share/mana |
666 | blacklist ${HOME}/.local/share/maps-places.json | 668 | blacklist ${HOME}/.local/share/maps-places.json |
667 | blacklist ${HOME}/.local/share/meld | 669 | blacklist ${HOME}/.local/share/meld |
@@ -933,6 +935,7 @@ blacklist ${HOME}/.cache/kube | |||
933 | blacklist ${HOME}/.cache/kwin | 935 | blacklist ${HOME}/.cache/kwin |
934 | blacklist ${HOME}/.cache/libgweather | 936 | blacklist ${HOME}/.cache/libgweather |
935 | blacklist ${HOME}/.cache/liferea | 937 | blacklist ${HOME}/.cache/liferea |
938 | blacklist ${HOME}/.cache/lutris | ||
936 | blacklist ${HOME}/.cache/Mendeley Ltd. | 939 | blacklist ${HOME}/.cache/Mendeley Ltd. |
937 | blacklist ${HOME}/.cache/midori | 940 | blacklist ${HOME}/.cache/midori |
938 | blacklist ${HOME}/.cache/minetest | 941 | blacklist ${HOME}/.cache/minetest |
@@ -988,6 +991,7 @@ blacklist ${HOME}/.cache/vmware | |||
988 | blacklist ${HOME}/.cache/warsow-2.1 | 991 | blacklist ${HOME}/.cache/warsow-2.1 |
989 | blacklist ${HOME}/.cache/waterfox | 992 | blacklist ${HOME}/.cache/waterfox |
990 | blacklist ${HOME}/.cache/wesnoth | 993 | blacklist ${HOME}/.cache/wesnoth |
994 | blacklist ${HOME}/.cache/winetricks | ||
991 | blacklist ${HOME}/.cache/xmms2 | 995 | blacklist ${HOME}/.cache/xmms2 |
992 | blacklist ${HOME}/.cache/xreader | 996 | blacklist ${HOME}/.cache/xreader |
993 | blacklist ${HOME}/.cache/yandex-browser | 997 | blacklist ${HOME}/.cache/yandex-browser |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index de4ae2101..785a1d7d4 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -60,6 +60,8 @@ whitelist /usr/share/texlive | |||
60 | whitelist /usr/share/texmf | 60 | whitelist /usr/share/texmf |
61 | whitelist /usr/share/themes | 61 | whitelist /usr/share/themes |
62 | whitelist /usr/share/thumbnail.so | 62 | whitelist /usr/share/thumbnail.so |
63 | whitelist /usr/share/vulkan | ||
63 | whitelist /usr/share/X11 | 64 | whitelist /usr/share/X11 |
64 | whitelist /usr/share/xml | 65 | whitelist /usr/share/xml |
66 | whitelist /usr/share/zenity | ||
65 | whitelist /usr/share/zoneinfo | 67 | whitelist /usr/share/zoneinfo |
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile new file mode 100644 index 000000000..fabf57861 --- /dev/null +++ b/etc/profile-a-l/lutris.profile | |||
@@ -0,0 +1,74 @@ | |||
1 | # Firejail profile for lutris | ||
2 | # Description: Multi-library game handler with special support for Wine | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lutris.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${PATH}/llvm* | ||
10 | noblacklist ${HOME}/Games | ||
11 | noblacklist ${HOME}/.cache/lutris | ||
12 | noblacklist ${HOME}/.cache/winetricks | ||
13 | noblacklist ${HOME}/.config/lutris | ||
14 | noblacklist ${HOME}/.local/share/lutris | ||
15 | # noblacklist ${HOME}/.wine | ||
16 | noblacklist /tmp/.wine-* | ||
17 | |||
18 | ignore noexec ${HOME} | ||
19 | |||
20 | # Allow python (blacklisted by disable-interpreters.inc) | ||
21 | include allow-python2.inc | ||
22 | include allow-python3.inc | ||
23 | |||
24 | include disable-common.inc | ||
25 | include disable-devel.inc | ||
26 | include disable-exec.inc | ||
27 | include disable-interpreters.inc | ||
28 | include disable-passwdmgr.inc | ||
29 | include disable-programs.inc | ||
30 | include disable-xdg.inc | ||
31 | |||
32 | mkdir ${HOME}/Games | ||
33 | mkdir ${HOME}/.cache/lutris | ||
34 | mkdir ${HOME}/.cache/winetricks | ||
35 | mkdir ${HOME}/.config/lutris | ||
36 | mkdir ${HOME}/.local/share/lutris | ||
37 | # mkdir ${HOME}/.wine | ||
38 | whitelist ${HOME}/Downloads | ||
39 | whitelist ${HOME}/Games | ||
40 | whitelist ${HOME}/.cache/lutris | ||
41 | whitelist ${HOME}/.cache/winetricks | ||
42 | whitelist ${HOME}/.config/lutris | ||
43 | whitelist ${HOME}/.local/share/lutris | ||
44 | # whitelist ${HOME}/.wine | ||
45 | whitelist /usr/share/lutris | ||
46 | whitelist /usr/share/wine | ||
47 | include whitelist-common.inc | ||
48 | include whitelist-usr-share-common.inc | ||
49 | include whitelist-runuser-common.inc | ||
50 | include whitelist-var-common.inc | ||
51 | |||
52 | # allow-debuggers | ||
53 | # apparmor | ||
54 | caps.drop all | ||
55 | ipc-namespace | ||
56 | # net none | ||
57 | netfilter | ||
58 | nodvd | ||
59 | nogroups | ||
60 | nonewprivs | ||
61 | noroot | ||
62 | notv | ||
63 | nou2f | ||
64 | novideo | ||
65 | protocol unix,inet,inet6,netlink | ||
66 | seccomp | ||
67 | shell none | ||
68 | |||
69 | # comment the following line if you don't need controller support | ||
70 | # private-dev | ||
71 | private-tmp | ||
72 | |||
73 | dbus-user none | ||
74 | dbus-system none | ||
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index 901340052..6ac74b9da 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile | |||
@@ -6,6 +6,7 @@ include wine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/winetricks | ||
9 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
10 | noblacklist ${HOME}/.local/share/Steam | 11 | noblacklist ${HOME}/.local/share/Steam |
11 | noblacklist ${HOME}/.local/share/steam | 12 | noblacklist ${HOME}/.local/share/steam |
@@ -19,6 +20,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
21 | 22 | ||
23 | # whitelist /usr/share/wine | ||
24 | # include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
23 | 26 | ||
24 | # some applications don't need allow-debuggers, comment the next line | 27 | # some applications don't need allow-debuggers, comment the next line |