From d417615be8a9a9bdbdd4dd21aea39b091b5e5fa3 Mon Sep 17 00:00:00 2001 From: "Adrian L. Shaw" Date: Thu, 6 Jan 2022 16:57:20 +0000 Subject: Add rpcs3 profile --- etc/inc/disable-programs.inc | 2 ++ etc/profile-m-z/rpcs3.profile | 62 +++++++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 65 insertions(+) create mode 100644 etc/profile-m-z/rpcs3.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 02407f54f..ca8820ab6 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -192,6 +192,7 @@ blacklist ${HOME}/.cache/qupzilla blacklist ${HOME}/.cache/qutebrowser blacklist ${HOME}/.cache/rednotebook blacklist ${HOME}/.cache/rhythmbox +blacklist ${HOME}/.cache/rpcs3 blacklist ${HOME}/.cache/shotwell blacklist ${HOME}/.cache/simple-scan blacklist ${HOME}/.cache/slimjet @@ -573,6 +574,7 @@ blacklist ${HOME}/.config/redshift blacklist ${HOME}/.config/redshift.conf blacklist ${HOME}/.config/remmina blacklist ${HOME}/.config/ristretto +blacklist ${HOME}/.config/rpcs3 blacklist ${HOME}/.config/rtv blacklist ${HOME}/.config/scribus blacklist ${HOME}/.config/scribusrc diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile new file mode 100644 index 000000000..147afb236 --- /dev/null +++ b/etc/profile-m-z/rpcs3.profile @@ -0,0 +1,62 @@ +# Firejail profile for RPCS3 emulator +# Description: RPCS3 emulator +# This file is overwritten after every install/update +# Persistent local customizations +include rpcs3.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/rpcs3 +noblacklist ${HOME}/.cache/rpcs3 +# Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise +# won't even start. +noblacklist /sbin +noblacklist /usr/sbin + +blacklist /usr/libexec + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc # disable if PPU compilation crashes +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/rpcs3 +mkdir ${HOME}/.config/rpcs3 +whitelist ${HOME}/.cache/rpcs3 +whitelist ${HOME}/.config/rpcs3 +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +netfilter +nodvd +nogroups +#noinput +nonewprivs +noroot +noprinters +notv +nou2f +novideo +protocol unix,netlink +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +#private-cache +#private-etc ca-certificates,crypto-policies,machine-id,pki,resolv.conf,ssl # seems to need awk +private-tmp + +dbus-user none +dbus-system none diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index bbbd1e063..e68c04b4c 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -702,6 +702,7 @@ riot-web ripperx ristretto rocketchat +rpcs3 rtorrent runenpass.sh sayonara -- cgit v1.2.3-70-g09d2