From 587af3dfdb9f8f98aa5f05ad61f7dd7faa20ffba Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Tue, 24 Jul 2018 01:17:59 -0700
Subject: Revised firejail profile | Modified launcher script to support
 firejail on first-run

---
 PKGBUILD               | 8 ++++----
 paradox-launcher       | 2 ++
 paradox-launcher.local | 9 +++++----
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index 1bb663d..8f9d4be 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
 
 pkgname=paradox-launcher
 pkgver=1.0_beta_24
-pkgrel=2
+pkgrel=3
 pkgdesc="Paradox Interactive Game Launcher"
 arch=('x86_64')
 url="https://play.paradoxplaza.com/"
@@ -20,10 +20,10 @@ source=(${pkgname}-${pkgver}.zip::https://launcher.paradoxplaza.com/linux_launch
         ${pkgname}.local
         ${pkgname}.profile)
 sha256sums=('7b20c104d20daf418cd479275de0df1d3f4e08fa36faf6aba08ea0a321aeeaa5'
-            '481ead5d9a16b532c93589c036a44b41ca7d85193c0f0158fc5ec957fc1e2c46'
+            '69f1b74b8fafd9af03d36652fff2806e5bac7270cca246d38043c868f998cfea'
             '6687c73d211ae7e50a1658e7dd7900a5f5777fe54df3a89e4f96a5b8dc210a11'
-            '830972b3e79a85972ddac50e550458238b755c170dbd2370e22fb6cb283fa634'
-            '42e63fa3fb19d5e0be940d4b697ab688a958f709580cc3681279f98fc299e9b9')
+            'b81409a887bc67ed210921009132ed7c7d82ab2724e4327124040aee7b96801b'
+            'cfa18c3bda9f2afb19e2d27de57f780c9019132f36db6359eebcb0d353d26c28')
 
 package() {
   cd "${srcdir}"
diff --git a/paradox-launcher b/paradox-launcher
index 186a3d8..9c82075 100644
--- a/paradox-launcher
+++ b/paradox-launcher
@@ -3,6 +3,8 @@
 DIR="${HOME}/.paradox-launcher"
 if [ ! -d "$DIR" ]; then
     mkdir -p "$DIR"
+fi
+if [ ! -d "$DIR"/data/ ]; then
     cp /opt/paradox-launcher/* "$DIR" -R
     chmod +x "$DIR"/data/bootstrapper/bootstrapper.sh
 fi
diff --git a/paradox-launcher.local b/paradox-launcher.local
index 2f7caca..6384ee8 100644
--- a/paradox-launcher.local
+++ b/paradox-launcher.local
@@ -19,6 +19,7 @@ whitelist ${HOME}/.paradox-launcher
 mkdir ${HOME}/.paradoxinteractive
 whitelist ${HOME}/.paradoxinteractive
 whitelist /opt/paradox-launcher
+read-only /opt/paradox-launcher
 
 caps.drop all
 ipc-namespace
@@ -33,15 +34,15 @@ noroot
 notv
 novideo
 # protocol unix
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
-tracelog
+# tracelog
 
-memory-deny-write-execute
+# memory-deny-write-execute
 disable-mnt
 private-dev
-private-etc asound.conf,machine-id,pulse,resolv.conf
+private-etc asound.conf,ca-certificates,machine-id,localtime,pulse,resolv.conf,ssl
 private-tmp
 
 # noexec ${HOME}
-- 
cgit v1.2.1