From 7e0f668bb2706f34dab0bbe8e2ce6785578ac1d4 Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 21 Apr 2018 21:12:47 -0400 Subject: Add a profile for ppsspp and scallion --- README.md | 2 +- RELNOTES | 2 +- etc/disable-programs.inc | 1 + etc/ppsspp.profile | 42 ++++++++++++++++++++++++++++++++++++++++++ etc/scallion.profile | 42 ++++++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 6 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 etc/ppsspp.profile create mode 100644 etc/scallion.profile diff --git a/README.md b/README.md index 7fca1e4b4..5c6b8d83d 100644 --- a/README.md +++ b/README.md @@ -369,4 +369,4 @@ tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asun gnome-recipes, akonadi_control, evince-previewer, evince-thumbnailer, blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, musixmatch, gunzip, bunzip2, enchant, enchant-2, enchant-lsmod, enchant-lsmod-2, Discord, -acat, adiff, als, apack, arepack, aunpack profiles +acat, adiff, als, apack, arepack, aunpack profiles, ppsspp, scallion diff --git a/RELNOTES b/RELNOTES index ef1f1323b..f48f0229c 100644 --- a/RELNOTES +++ b/RELNOTES @@ -42,7 +42,7 @@ firejail (0.9.53) baseline; urgency=low * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2 * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack - * new profiles: arepack, aunpack profiles + * new profiles: arepack, aunpack profiles, ppsspp, scallion -- netblue30 Thu, 1 Mar 2018 08:00:00 -0500 diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index b8c49b28a..d3dc87089 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -189,6 +189,7 @@ blacklist ${HOME}/.config/Pinta blacklist ${HOME}/.config/pitivi blacklist ${HOME}/.config/pix blacklist ${HOME}/.config/pluma +blacklist ${HOME}/.config/ppsspp blacklist ${HOME}/.config/psi+ blacklist ${HOME}/.config/qBittorrent blacklist ${HOME}/.config/qBittorrentrc diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile new file mode 100644 index 000000000..e19a7b42a --- /dev/null +++ b/etc/ppsspp.profile @@ -0,0 +1,42 @@ +# Firejail profile for ppsspp +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/ppsspp.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ${HOME}/.config/ppsspp +# with >=llvm-4 mesa drivers need llvm stuff +noblacklist /usr/lib/llvm* + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +include /etc/firejail/whitelist-var-common.inc + +caps.drop all +ipc-namespace +netfilter +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +novideo +protocol unix,netlink +seccomp +shell none + +# private-dev is disabled to allow controller support +#private-dev +private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies +private-opt ppsspp +private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/scallion.profile b/etc/scallion.profile new file mode 100644 index 000000000..645f0423c --- /dev/null +++ b/etc/scallion.profile @@ -0,0 +1,42 @@ +# Firejail profile for scallion +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include /etc/firejail/scallion.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ${PATH}/llvm* +noblacklist /usr/lib/llvm* +noblacklist ${PATH}/openssl +noblacklist ${PATH}/openssl-1.0 + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +include /etc/firejail/whitelist-var-common.inc + +caps.drop all +ipc-namespace +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol unix +seccomp +shell none + +disable-mnt +private +private-dev +private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e34ac786c..e306a2e8d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -306,6 +306,7 @@ pix playonlinux pluma polari +ppsspp psi-plus # pycharm-community - FB note: may enable later # pycharm-professional -- cgit v1.2.3-70-g09d2