diff options
| author | Aqua-sama <aqua@iserlohn-fortress.net> | 2018-07-22 13:29:14 +0200 |
|---|---|---|
| committer | Aqua-sama <aqua@iserlohn-fortress.net> | 2018-07-22 13:29:14 +0200 |
| commit | f005690d55bbbfb9658693454ae45e3e53e914a3 (patch) | |
| tree | ee10944cdfa7bddab04ec357e156ae5ddca6cd50 | |
| parent | [paradox-launcher] Update pkgver (diff) | |
| download | paradox-launcher-f005690d55bbbfb9658693454ae45e3e53e914a3.tar.xz | |
Add firejail profile
| -rw-r--r-- | PKGBUILD | 17 | ||||
| -rw-r--r-- | paradox-launcher.local | 48 | ||||
| -rw-r--r-- | paradox-launcher.profile | 6 |
3 files changed, 67 insertions, 4 deletions
@@ -2,18 +2,23 @@ pkgname=paradox-launcher pkgver=1.0_beta_24 -pkgrel=1 +pkgrel=2 pkgdesc="Paradox Interactive Game Launcher" arch=('x86_64') url="https://play.paradoxplaza.com/" license=('custom') depends=("libxi" "xdg-utils" "freetype2" "libgl") -source=(${pkgname}-${pkgver}.zip::http://launcher.paradoxplaza.com/linux_launcher +optdepends=('firejail: launch a sandboxed instance') +source=(${pkgname}-${pkgver}.zip::https://launcher.paradoxplaza.com/linux_launcher ${pkgname} - ${pkgname}.desktop) + ${pkgname}.desktop + ${pkgname}.local + ${pkgname}.profile) sha256sums=('7b20c104d20daf418cd479275de0df1d3f4e08fa36faf6aba08ea0a321aeeaa5' '481ead5d9a16b532c93589c036a44b41ca7d85193c0f0158fc5ec957fc1e2c46' - '6687c73d211ae7e50a1658e7dd7900a5f5777fe54df3a89e4f96a5b8dc210a11') + '6687c73d211ae7e50a1658e7dd7900a5f5777fe54df3a89e4f96a5b8dc210a11' + '830972b3e79a85972ddac50e550458238b755c170dbd2370e22fb6cb283fa634' + '42e63fa3fb19d5e0be940d4b697ab688a958f709580cc3681279f98fc299e9b9') package() { cd "${srcdir}" @@ -25,4 +30,8 @@ package() { install -m644 -D "${pkgdir}/opt/${pkgname}/data/EULA" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" install -m644 -D "${srcdir}/${pkgname}.desktop" "${pkgdir}/usr/share/applications/${pkgname}.desktop" install -m755 -D "${srcdir}/${pkgname}" "${pkgdir}/usr/bin/${pkgname}" + + # firejail profile + install -m644 -D "$srcdir/$pkgname.local" "$pkgdir/etc/firejail/$pkgname.local" + install -m644 -D "$srcdir/$pkgname.profile" "$pkgdir/etc/firejail/$pkgname.profile" } diff --git a/paradox-launcher.local b/paradox-launcher.local new file mode 100644 index 0000000..2f7caca --- /dev/null +++ b/paradox-launcher.local @@ -0,0 +1,48 @@ +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +mkdir ${HOME}/.cache/paradox-launcher +whitelist ${HOME}/.cache/paradox-launcher +mkdir ${HOME}/.config/MonoGame +whitelist ${HOME}/.config/MonoGame +mkdir ${HOME}/.config/unity3d +whitelist ${HOME}/.config/unity3d +mkdir ${HOME}/.local/share/Colossal Order +whitelist ${HOME}/.local/share/Colossal Order +mkdir ${HOME}/.local/share/Paradox Interactive +whitelist ${HOME}/.local/share/Paradox Interactive +mkdir ${HOME}/.paradox-launcher +whitelist ${HOME}/.paradox-launcher +mkdir ${HOME}/.paradoxinteractive +whitelist ${HOME}/.paradoxinteractive +whitelist /opt/paradox-launcher + +caps.drop all +ipc-namespace +machine-id +# net none +netfilter +# no3d +nodvd +nogroups +nonewprivs +noroot +notv +novideo +# protocol unix +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +memory-deny-write-execute +disable-mnt +private-dev +private-etc asound.conf,machine-id,pulse,resolv.conf +private-tmp + +# noexec ${HOME} +# noexec /tmp diff --git a/paradox-launcher.profile b/paradox-launcher.profile new file mode 100644 index 0000000..03a2606 --- /dev/null +++ b/paradox-launcher.profile @@ -0,0 +1,6 @@ +# Persistent global definitions go here +include /etc/firejail/globals.local + +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/generic-game-networked.local |