summaryrefslogtreecommitdiff
path: root/paradox-launcher.local
diff options
context:
space:
mode:
Diffstat (limited to 'paradox-launcher.local')
-rw-r--r--paradox-launcher.local48
1 files changed, 48 insertions, 0 deletions
diff --git a/paradox-launcher.local b/paradox-launcher.local
new file mode 100644
index 0000000..2f7caca
--- /dev/null
+++ b/paradox-launcher.local
@@ -0,0 +1,48 @@
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.cache/paradox-launcher
+whitelist ${HOME}/.cache/paradox-launcher
+mkdir ${HOME}/.config/MonoGame
+whitelist ${HOME}/.config/MonoGame
+mkdir ${HOME}/.config/unity3d
+whitelist ${HOME}/.config/unity3d
+mkdir ${HOME}/.local/share/Colossal Order
+whitelist ${HOME}/.local/share/Colossal Order
+mkdir ${HOME}/.local/share/Paradox Interactive
+whitelist ${HOME}/.local/share/Paradox Interactive
+mkdir ${HOME}/.paradox-launcher
+whitelist ${HOME}/.paradox-launcher
+mkdir ${HOME}/.paradoxinteractive
+whitelist ${HOME}/.paradoxinteractive
+whitelist /opt/paradox-launcher
+
+caps.drop all
+ipc-namespace
+machine-id
+# net none
+netfilter
+# no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+# protocol unix
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+memory-deny-write-execute
+disable-mnt
+private-dev
+private-etc asound.conf,machine-id,pulse,resolv.conf
+private-tmp
+
+# noexec ${HOME}
+# noexec /tmp
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-01 07:34:40 +0000