From 94edc7ef3f3d9f05310c7231bc8e607d685c2438 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 29 Aug 2017 03:04:01 -0400
Subject: Tweak itch.io profile

---
 etc/itch.profile | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'etc/itch.profile')

diff --git a/etc/itch.profile b/etc/itch.profile
index c7a12dfee..7e8f0518d 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/itch
+# itch.io has native firejail/sandboxing support bundled in
+# See https://itch.io/docs/itch/using/sandbox/linux.html
+
+noblacklist ${HOME}/.config/itch
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-whitelist ~/.config/itch
-
+mkdir ${HOME}/.config/itch
+whitelist ${HOME}/.config/itch
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
@@ -22,6 +26,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
@@ -29,5 +34,4 @@ shell none
 private-dev
 private-tmp
 
-noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-70-g09d2