From 94edc7ef3f3d9f05310c7231bc8e607d685c2438 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 29 Aug 2017 03:04:01 -0400
Subject: Tweak itch.io profile

---
 etc/disable-programs.inc |  1 +
 etc/itch.profile         | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 736ac1e89..7ec842728 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/inox
+blacklist ${HOME}/.config/itch
 blacklist ${HOME}/.config/jd-gui.cfg
 blacklist ${HOME}/.config/k3brc
 blacklist ${HOME}/.config/katepartrc
diff --git a/etc/itch.profile b/etc/itch.profile
index c7a12dfee..7e8f0518d 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -5,14 +5,18 @@ include /etc/firejail/itch.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/itch
+# itch.io has native firejail/sandboxing support bundled in
+# See https://itch.io/docs/itch/using/sandbox/linux.html
+
+noblacklist ${HOME}/.config/itch
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-whitelist ~/.config/itch
-
+mkdir ${HOME}/.config/itch
+whitelist ${HOME}/.config/itch
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
@@ -22,6 +26,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
@@ -29,5 +34,4 @@ shell none
 private-dev
 private-tmp
 
-noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-54-g00ecf