diff options
Diffstat (limited to 'paradox-launcher.local')
-rw-r--r-- | paradox-launcher.local | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/paradox-launcher.local b/paradox-launcher.local new file mode 100644 index 0000000..2f7caca --- /dev/null +++ b/paradox-launcher.local @@ -0,0 +1,48 @@ +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +mkdir ${HOME}/.cache/paradox-launcher +whitelist ${HOME}/.cache/paradox-launcher +mkdir ${HOME}/.config/MonoGame +whitelist ${HOME}/.config/MonoGame +mkdir ${HOME}/.config/unity3d +whitelist ${HOME}/.config/unity3d +mkdir ${HOME}/.local/share/Colossal Order +whitelist ${HOME}/.local/share/Colossal Order +mkdir ${HOME}/.local/share/Paradox Interactive +whitelist ${HOME}/.local/share/Paradox Interactive +mkdir ${HOME}/.paradox-launcher +whitelist ${HOME}/.paradox-launcher +mkdir ${HOME}/.paradoxinteractive +whitelist ${HOME}/.paradoxinteractive +whitelist /opt/paradox-launcher + +caps.drop all +ipc-namespace +machine-id +# net none +netfilter +# no3d +nodvd +nogroups +nonewprivs +noroot +notv +novideo +# protocol unix +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +memory-deny-write-execute +disable-mnt +private-dev +private-etc asound.conf,machine-id,pulse,resolv.conf +private-tmp + +# noexec ${HOME} +# noexec /tmp |