diff options
Diffstat (limited to 'etc/itch.profile')
-rw-r--r-- | etc/itch.profile | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/etc/itch.profile b/etc/itch.profile index c7a12dfee..7e8f0518d 100644 --- a/etc/itch.profile +++ b/etc/itch.profile | |||
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/itch | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | ||
10 | |||
11 | noblacklist ${HOME}/.config/itch | ||
9 | 12 | ||
10 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
13 | 17 | ||
14 | whitelist ~/.config/itch | 18 | mkdir ${HOME}/.config/itch |
15 | 19 | whitelist ${HOME}/.config/itch | |
16 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
17 | 21 | ||
18 | caps.drop all | 22 | caps.drop all |
@@ -22,6 +26,7 @@ nogroups | |||
22 | nonewprivs | 26 | nonewprivs |
23 | noroot | 27 | noroot |
24 | notv | 28 | notv |
29 | novideo | ||
25 | protocol unix,inet,inet6,netlink | 30 | protocol unix,inet,inet6,netlink |
26 | seccomp | 31 | seccomp |
27 | shell none | 32 | shell none |
@@ -29,5 +34,4 @@ shell none | |||
29 | private-dev | 34 | private-dev |
30 | private-tmp | 35 | private-tmp |
31 | 36 | ||
32 | noexec ${HOME} | ||
33 | noexec /tmp | 37 | noexec /tmp |