From 9fa9d088874427ebcf8e45e9334102bd337475be Mon Sep 17 00:00:00 2001 From: NetSysFire <59517351+NetSysFire@users.noreply.github.com> Date: Tue, 7 Feb 2023 11:35:47 +0100 Subject: New profile: parsecd --- etc/inc/disable-programs.inc | 1 + etc/profile-m-z/parsecd.profile | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 etc/profile-m-z/parsecd.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e2e97f458..2a7e1a898 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -1077,6 +1077,7 @@ blacklist ${HOME}/.ostrichriders blacklist ${HOME}/.paradoxinteractive blacklist ${HOME}/.paradoxlauncher blacklist ${HOME}/.parallelrealities/blobwars +blacklist ${HOME}/.parsec blacklist ${HOME}/.pcsxr blacklist ${HOME}/.penguin-command blacklist ${HOME}/.pine-crash diff --git a/etc/profile-m-z/parsecd.profile b/etc/profile-m-z/parsecd.profile new file mode 100644 index 000000000..398af7f80 --- /dev/null +++ b/etc/profile-m-z/parsecd.profile @@ -0,0 +1,44 @@ +# Firejail profile for Parsec +# Description: Remote desktop application focused on gaming and other 3D applications +# This file is overwritten after every install/update +# Persistent local customizations +include parsecd.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.parsec + +mkdir ${HOME}/.parsec +whitelist ${HOME}/.parsec +whitelist /usr/share/parsec +include whitelist-common.inc +include whitelist-usr-share-common.inc + +# Due to the nature of parsec, the following directives will not work: +# - no3d +# - novideo +# - nosound +# - noinput (it does remote passthrough stuff for gamepads) +# - private-dev (because of the above) +apparmor +caps.drop all +nodvd +nogroups +nonewprivs +notv +nou2f +noroot +# Will fail to start with mty_evdev_create: 'udev_monitor_new_from_netlink' failed without netlink +protocol unix,inet,inet6,netlink +seccomp !tgkill +seccomp.block-secondary + +# Will not start with zenity missing +private-bin parsecd,zenity +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces -- cgit v1.2.3-54-g00ecf