summaryrefslogtreecommitdiff
path: root/.config/firejail
diff options
context:
space:
mode:
Diffstat (limited to '.config/firejail')
-rw-r--r--.config/firejail/steam.profile95
1 files changed, 95 insertions, 0 deletions
diff --git a/.config/firejail/steam.profile b/.config/firejail/steam.profile
new file mode 100644
index 0000000..b29c801
--- /dev/null
+++ b/.config/firejail/steam.profile
@@ -0,0 +1,95 @@
1# Firejail profile for steam
2# Description: Valve's Steam digital software delivery system
3# This file is overwritten after every install/update
4# Persistent local customizations
5include steam.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.local/share/aspyr-media
10noblacklist ${HOME}/.local/share/feral-interactive
11noblacklist ${HOME}/.local/share/Paradox Interactive
12noblacklist ${HOME}/.local/share/Steam
13noblacklist ${HOME}/.local/share/vulkan
14noblacklist ${HOME}/.paradoxinteractive
15noblacklist ${HOME}/.paradoxlauncher
16noblacklist ${HOME}/.steam
17noblacklist ${HOME}/.steampath
18noblacklist ${HOME}/.steampid
19# needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work
20noblacklist /sbin
21noblacklist /usr/sbin
22
23# Allow java (blacklisted by disable-devel.inc)
24include allow-java.inc
25
26# Allow python (blacklisted by disable-interpreters.inc)
27include allow-python2.inc
28include allow-python3.inc
29
30include disable-common.inc
31include disable-devel.inc
32include disable-interpreters.inc
33include disable-passwdmgr.inc
34include disable-programs.inc
35
36mkdir ${HOME}/.local/share/aspyr-media
37mkdir ${HOME}/.local/share/feral-interactive
38mkdir ${HOME}/.local/share/Paradox Interactive
39mkdir ${HOME}/.local/share/Steam
40mkdir ${HOME}/.local/share/vulkan
41mkdir ${HOME}/.paradoxinteractive
42mkdir ${HOME}/.paradoxlauncher
43mkdir ${HOME}/.steam
44mkfile ${HOME}/.steampath
45mkfile ${HOME}/.steampid
46whitelist ${HOME}/.local/share/aspyr-media
47whitelist ${HOME}/.local/share/feral-interactive
48whitelist ${HOME}/.local/share/Paradox Interactive
49whitelist ${HOME}/.local/share/Steam
50whitelist ${HOME}/.local/share/vulkan
51whitelist ${HOME}/.paradoxinteractive
52whitelist ${HOME}/.paradoxlauncher
53whitelist ${HOME}/.steam
54whitelist ${HOME}/.steampath
55whitelist ${HOME}/.steampid
56include whitelist-common.inc
57include whitelist-var-common.inc
58
59caps.drop all
60#ipc-namespace
61netfilter
62nodvd
63# nVidia users may need to comment / ignore nogroups and noroot
64nogroups
65nonewprivs
66noroot
67notv
68nou2f
69# novideo should be commented for VR
70novideo
71net none
72#protocol unix,inet,inet6,netlink
73# seccomp sometimes causes issues (see #2951, #3267),
74# comment it or add 'ignore seccomp' to steam.local if so.
75# seccomp
76shell none
77# tracelog breaks integrated browser
78#tracelog
79
80# private-bin is disabled while in testing, but has been tested working with multiple games
81private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity
82# extra programs are available which might be needed for select games
83#private-bin java,java-config,mono
84# picture viewers are needed for viewing screenshots
85#private-bin eog,eom,gthumb,pix,viewnior,xviewer
86
87# comment the following line if you need controller support
88private-dev
89# private-etc breaks a small selection of games on some systems, comment to support those
90private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl
91private-tmp
92
93# breaks appindicator support
94dbus-user none
95dbus-system none