From fb56a266a309aba75147b071a18fe4a3a84093dc Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 29 Nov 2020 19:58:25 -0500 Subject: Add a profile for dolphin-emu Games folder must be whitelisted in a dolphin-emu.local Its private-etc can likely be shortened --- README.md | 2 +- RELNOTES | 2 +- etc/inc/disable-programs.inc | 3 ++ etc/profile-a-l/dolphin-emu.profile | 63 +++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 5 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 etc/profile-a-l/dolphin-emu.profile diff --git a/README.md b/README.md index 9df16da7e..59c079d7f 100644 --- a/README.md +++ b/README.md @@ -194,4 +194,4 @@ Stats: ### New profiles: -spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris +spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu diff --git a/RELNOTES b/RELNOTES index 3d6fa5adb..74cbcf3dd 100644 --- a/RELNOTES +++ b/RELNOTES @@ -4,7 +4,7 @@ firejail (0.9.65) baseline; urgency=low * allow AF_BLUETOOTH via --protocol=bluetooth * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer - * new profiles: straw-viewer, lutris + * new profiles: straw-viewer, lutris, dolphin-emu -- netblue30 Wed, 21 Oct 2020 09:00:00 -0500 diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 942dbb2bc..a651a2171 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -200,6 +200,7 @@ blacklist ${HOME}/.config/discord blacklist ${HOME}/.config/discordcanary blacklist ${HOME}/.config/dkl blacklist ${HOME}/.config/dnox +blacklist ${HOME}/.config/dolphin-emu blacklist ${HOME}/.config/dolphinrc blacklist ${HOME}/.config/dragonplayerrc blacklist ${HOME}/.config/draw.io @@ -605,6 +606,7 @@ blacklist ${HOME}/.local/share/data/nomacs blacklist ${HOME}/.local/share/data/qBittorrent blacklist ${HOME}/.local/share/dino blacklist ${HOME}/.local/share/dolphin +blacklist ${HOME}/.local/share/dolphin-emu blacklist ${HOME}/.local/share/emailidentities blacklist ${HOME}/.local/share/epiphany blacklist ${HOME}/.local/share/evolution @@ -886,6 +888,7 @@ blacklist ${HOME}/.cache/deja-dup blacklist ${HOME}/.cache/discover blacklist ${HOME}/.cache/dnox blacklist ${HOME}/.cache/dolphin +blacklist ${HOME}/.cache/dolphin-emu blacklist ${HOME}/.cache/ephemeral blacklist ${HOME}/.cache/epiphany blacklist ${HOME}/.cache/evolution diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile new file mode 100644 index 000000000..13d830b55 --- /dev/null +++ b/etc/profile-a-l/dolphin-emu.profile @@ -0,0 +1,63 @@ +# Firejail profile for dolphin-emu +# Description: An emulator for Gamecube and Wii games +# This file is overwritten after every install/update +# Persistent local customizations +include dolphin-emu.local +# Persistent global definitions +include globals.local + +# Note: you must whitelist your games folder in a dolphin-emu.local + +noblacklist ${HOME}/.cache/dolphin-emu +noblacklist ${HOME}/.config/dolphin-emu +noblacklist ${HOME}/.local/share/dolphin-emu + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/dolphin-emu +mkdir ${HOME}/.config/dolphin-emu +mkdir ${HOME}/.local/share/dolphin-emu +whitelist ${HOME}/.cache/dolphin-emu +whitelist ${HOME}/.config/dolphin-emu +whitelist ${HOME}/.local/share/dolphin-emu +whitelist /usr/share/dolphin-emu +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +# uncomment the following line if you do not need NetPlay support +# net none +netfilter +# uncomment the following line if you do not need disc support +#nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6,netlink,bluetooth +seccomp +shell none +tracelog + +private-bin bash,dolphin-emu,dolphin-emu-x11,sh +private-cache +# uncomment the following line if you do not need controller support +#private-dev +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg +private-opt none +private-tmp + +dbus-user none +dbus-system none diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 7693107d7..b10ed26d7 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -173,6 +173,7 @@ dnox dnscrypt-proxy dnsmasq dolphin +dolphin-emu dooble dooble-qt4 dosbox -- cgit v1.2.3-70-g09d2