2 files changed, 58 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 3333dd0fa..3eb6c03d5 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -1078,6 +1078,7 @@ blacklist ${HOME}/.ostrichriders
 blacklist ${HOME}/.paradoxinteractive
 blacklist ${HOME}/.paradoxlauncher
 blacklist ${HOME}/.parallelrealities/blobwars
+blacklist ${HOME}/.parsec
 blacklist ${HOME}/.pcsxr
 blacklist ${HOME}/.penguin-command
 blacklist ${HOME}/.pine-crash
diff --git a/etc/profile-m-z/parsecd.profile b/etc/profile-m-z/parsecd.profile
new file mode 100644
index 000000000..249d475cf
--- /dev/null
+++ b/etc/profile-m-z/parsecd.profile
@@ -0,0 +1,57 @@
+# Firejail profile for Parsec
+# Description: Remote desktop application focused on gaming and other 3D applications
+# This file is overwritten after every install/update
+# Persistent local customizations
+include parsecd.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.parsec
+ignore noexec ${HOME}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.parsec
+whitelist ${HOME}/.parsec
+whitelist /usr/share/parsec
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+# Due to the nature of parsec, the following directives will not work:
+# - no3d
+# - novideo
+# - nosound
+# - noinput (it does remote passthrough stuff for gamepads)
+# - private-dev (because of the above)
+apparmor
+caps.drop all
+nodvd
+nogroups
+nonewprivs
+notv
+nou2f
+noroot
+# Will fail to start with mty_evdev_create: 'udev_monitor_new_from_netlink' failed without netlink
+protocol unix,inet,inet6,netlink
+seccomp !tgkill
+seccomp.block-secondary
+# Will not start with zenity missing
+private-bin parsecd,zenity
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 3333dd0fa..3eb6c03d5 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -1078,6 +1078,7 @@ blacklist ${HOME}/.ostrichriders
1078	blacklist ${HOME}/.paradoxinteractive	1078	blacklist ${HOME}/.paradoxinteractive
1079	blacklist ${HOME}/.paradoxlauncher	1079	blacklist ${HOME}/.paradoxlauncher
1080	blacklist ${HOME}/.parallelrealities/blobwars	1080	blacklist ${HOME}/.parallelrealities/blobwars
		1081	blacklist ${HOME}/.parsec
1081	blacklist ${HOME}/.pcsxr	1082	blacklist ${HOME}/.pcsxr
1082	blacklist ${HOME}/.penguin-command	1083	blacklist ${HOME}/.penguin-command
1083	blacklist ${HOME}/.pine-crash	1084	blacklist ${HOME}/.pine-crash


diff --git a/etc/profile-m-z/parsecd.profile b/etc/profile-m-z/parsecd.profile new file mode 100644 index 000000000..249d475cf --- /dev/null +++ b/etc/profile-m-z/parsecd.profile
@@ -0,0 +1,57 @@
		1	# Firejail profile for Parsec
		2	# Description: Remote desktop application focused on gaming and other 3D applications
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include parsecd.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.parsec
		10	ignore noexec ${HOME}
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-proc.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.parsec
		22	whitelist ${HOME}/.parsec
		23	whitelist /usr/share/parsec
		24	include whitelist-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-run-common.inc
		27	include whitelist-runuser-common.inc
		28	include whitelist-var-common.inc
		29
		30	# Due to the nature of parsec, the following directives will not work:
		31	# - no3d
		32	# - novideo
		33	# - nosound
		34	# - noinput (it does remote passthrough stuff for gamepads)
		35	# - private-dev (because of the above)
		36	apparmor
		37	caps.drop all
		38	nodvd
		39	nogroups
		40	nonewprivs
		41	notv
		42	nou2f
		43	noroot
		44	# Will fail to start with mty_evdev_create: 'udev_monitor_new_from_netlink' failed without netlink
		45	protocol unix,inet,inet6,netlink
		46	seccomp !tgkill
		47	seccomp.block-secondary
		48
		49	# Will not start with zenity missing
		50	private-bin parsecd,zenity
		51	private-tmp
		52
		53	dbus-user none
		54	dbus-system none
		55
		56	memory-deny-write-execute
		57	restrict-namespaces