From b4641df763851190594d05e71b193e56cc7c082a Mon Sep 17 00:00:00 2001
From: Oneric <oneric@oneric.stub>
Date: Mon, 28 Feb 2022 17:38:30 +0100
Subject: steam.profile: fix Proton 5.13+

Starting with version 5.13 Proton internally uses bubblewrap to create a
container for the game. To make this work with firejail we need to allow
these 4 additional syscalls.

fixes: https://github.com/netblue30/firejail/issues/4366
fixes: https://github.com/netblue30/firejail/issues/4686
---
 etc/profile-m-z/steam.profile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index b0be8a517..e3f353416 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -143,7 +143,8 @@ novideo
 protocol unix,inet,inet6,netlink
 # seccomp sometimes causes issues (see #2951, #3267).
 # Add 'ignore seccomp' to your steam.local if you experience this.
-seccomp !ptrace
+# mount, name_to_handle_at, pivot_root and umount2 are used by Proton >= 5.13
+seccomp !mount,!name_to_handle_at,!pivot_root,!ptrace,!umount2
 shell none
 # tracelog breaks integrated browser
 #tracelog
-- 
cgit v1.2.3-70-g09d2


From aec46903ca5ca890e03f735b9c79ce456aafa1f3 Mon Sep 17 00:00:00 2001
From: Oneric <oneric@oneric.stub>
Date: Sun, 6 Mar 2022 22:47:56 +0100
Subject: steam.profile: fix black window

After the Steam cleint update of the 04th March 2022
the steamwebhelper process now needs to be able to do chroot
syscalls to render anything. If not all content tabs in the client will
just appear black.

fixes: https://github.com/netblue30/firejail/issues/5014
---
 etc/profile-m-z/steam.profile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index e3f353416..cc38bcb1d 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -144,7 +144,7 @@ protocol unix,inet,inet6,netlink
 # seccomp sometimes causes issues (see #2951, #3267).
 # Add 'ignore seccomp' to your steam.local if you experience this.
 # mount, name_to_handle_at, pivot_root and umount2 are used by Proton >= 5.13
-seccomp !mount,!name_to_handle_at,!pivot_root,!ptrace,!umount2
+seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!ptrace,!umount2
 shell none
 # tracelog breaks integrated browser
 #tracelog
-- 
cgit v1.2.3-70-g09d2