From f005690d55bbbfb9658693454ae45e3e53e914a3 Mon Sep 17 00:00:00 2001 From: Aqua-sama Date: Sun, 22 Jul 2018 13:29:14 +0200 Subject: Add firejail profile --- PKGBUILD | 17 +++++++++++++---- paradox-launcher.local | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ paradox-launcher.profile | 6 ++++++ 3 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 paradox-launcher.local create mode 100644 paradox-launcher.profile diff --git a/PKGBUILD b/PKGBUILD index 2270f32..81bf223 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -2,18 +2,23 @@ pkgname=paradox-launcher pkgver=1.0_beta_24 -pkgrel=1 +pkgrel=2 pkgdesc="Paradox Interactive Game Launcher" arch=('x86_64') url="https://play.paradoxplaza.com/" license=('custom') depends=("libxi" "xdg-utils" "freetype2" "libgl") -source=(${pkgname}-${pkgver}.zip::http://launcher.paradoxplaza.com/linux_launcher +optdepends=('firejail: launch a sandboxed instance') +source=(${pkgname}-${pkgver}.zip::https://launcher.paradoxplaza.com/linux_launcher ${pkgname} - ${pkgname}.desktop) + ${pkgname}.desktop + ${pkgname}.local + ${pkgname}.profile) sha256sums=('7b20c104d20daf418cd479275de0df1d3f4e08fa36faf6aba08ea0a321aeeaa5' '481ead5d9a16b532c93589c036a44b41ca7d85193c0f0158fc5ec957fc1e2c46' - '6687c73d211ae7e50a1658e7dd7900a5f5777fe54df3a89e4f96a5b8dc210a11') + '6687c73d211ae7e50a1658e7dd7900a5f5777fe54df3a89e4f96a5b8dc210a11' + '830972b3e79a85972ddac50e550458238b755c170dbd2370e22fb6cb283fa634' + '42e63fa3fb19d5e0be940d4b697ab688a958f709580cc3681279f98fc299e9b9') package() { cd "${srcdir}" @@ -25,4 +30,8 @@ package() { install -m644 -D "${pkgdir}/opt/${pkgname}/data/EULA" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" install -m644 -D "${srcdir}/${pkgname}.desktop" "${pkgdir}/usr/share/applications/${pkgname}.desktop" install -m755 -D "${srcdir}/${pkgname}" "${pkgdir}/usr/bin/${pkgname}" + + # firejail profile + install -m644 -D "$srcdir/$pkgname.local" "$pkgdir/etc/firejail/$pkgname.local" + install -m644 -D "$srcdir/$pkgname.profile" "$pkgdir/etc/firejail/$pkgname.profile" } diff --git a/paradox-launcher.local b/paradox-launcher.local new file mode 100644 index 0000000..2f7caca --- /dev/null +++ b/paradox-launcher.local @@ -0,0 +1,48 @@ +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +mkdir ${HOME}/.cache/paradox-launcher +whitelist ${HOME}/.cache/paradox-launcher +mkdir ${HOME}/.config/MonoGame +whitelist ${HOME}/.config/MonoGame +mkdir ${HOME}/.config/unity3d +whitelist ${HOME}/.config/unity3d +mkdir ${HOME}/.local/share/Colossal Order +whitelist ${HOME}/.local/share/Colossal Order +mkdir ${HOME}/.local/share/Paradox Interactive +whitelist ${HOME}/.local/share/Paradox Interactive +mkdir ${HOME}/.paradox-launcher +whitelist ${HOME}/.paradox-launcher +mkdir ${HOME}/.paradoxinteractive +whitelist ${HOME}/.paradoxinteractive +whitelist /opt/paradox-launcher + +caps.drop all +ipc-namespace +machine-id +# net none +netfilter +# no3d +nodvd +nogroups +nonewprivs +noroot +notv +novideo +# protocol unix +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +memory-deny-write-execute +disable-mnt +private-dev +private-etc asound.conf,machine-id,pulse,resolv.conf +private-tmp + +# noexec ${HOME} +# noexec /tmp diff --git a/paradox-launcher.profile b/paradox-launcher.profile new file mode 100644 index 0000000..03a2606 --- /dev/null +++ b/paradox-launcher.profile @@ -0,0 +1,6 @@ +# Persistent global definitions go here +include /etc/firejail/globals.local + +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/generic-game-networked.local -- cgit v1.2.1