include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

mkdir ${HOME}/.cache/paradox-launcher
whitelist ${HOME}/.cache/paradox-launcher
mkdir ${HOME}/.config/MonoGame
whitelist ${HOME}/.config/MonoGame
mkdir ${HOME}/.config/unity3d
whitelist ${HOME}/.config/unity3d
mkdir ${HOME}/.local/share/Colossal Order
whitelist ${HOME}/.local/share/Colossal Order
mkdir ${HOME}/.local/share/Paradox Interactive
whitelist ${HOME}/.local/share/Paradox Interactive
mkdir ${HOME}/.paradox-launcher
whitelist ${HOME}/.paradox-launcher
mkdir ${HOME}/.paradoxinteractive
whitelist ${HOME}/.paradoxinteractive
whitelist /opt/paradox-launcher
read-only /opt/paradox-launcher

caps.drop all
ipc-namespace
machine-id
# net none
netfilter
# no3d
nodvd
nogroups
nonewprivs
noroot
notv
novideo
# protocol unix
protocol unix,inet,inet6,netlink
# # seccomp temporarily disabled due to breakage
# seccomp
shell none
# tracelog

# memory-deny-write-execute
disable-mnt
private-dev
private-etc asound.conf,ca-certificates,machine-id,localtime,pulse,resolv.conf,ssl
private-tmp

# noexec ${HOME}
# noexec /tmp