diff options
Diffstat (limited to 'etc/itch.profile')
| -rw-r--r-- | etc/itch.profile | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/etc/itch.profile b/etc/itch.profile index c7a12dfee..7e8f0518d 100644 --- a/etc/itch.profile +++ b/etc/itch.profile | |||
| @@ -5,14 +5,18 @@ include /etc/firejail/itch.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | noblacklist ~/.config/itch | 8 | # itch.io has native firejail/sandboxing support bundled in |
| 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | ||
| 10 | |||
| 11 | noblacklist ${HOME}/.config/itch | ||
| 9 | 12 | ||
| 10 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
| 11 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
| 15 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 13 | 17 | ||
| 14 | whitelist ~/.config/itch | 18 | mkdir ${HOME}/.config/itch |
| 15 | 19 | whitelist ${HOME}/.config/itch | |
| 16 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
| 17 | 21 | ||
| 18 | caps.drop all | 22 | caps.drop all |
| @@ -22,6 +26,7 @@ nogroups | |||
| 22 | nonewprivs | 26 | nonewprivs |
| 23 | noroot | 27 | noroot |
| 24 | notv | 28 | notv |
| 29 | novideo | ||
| 25 | protocol unix,inet,inet6,netlink | 30 | protocol unix,inet,inet6,netlink |
| 26 | seccomp | 31 | seccomp |
| 27 | shell none | 32 | shell none |
| @@ -29,5 +34,4 @@ shell none | |||
| 29 | private-dev | 34 | private-dev |
| 30 | private-tmp | 35 | private-tmp |
| 31 | 36 | ||
| 32 | noexec ${HOME} | ||
| 33 | noexec /tmp | 37 | noexec /tmp |