From d0ab6e19fc38dc0cdab0f53e9f266ce29523d701 Mon Sep 17 00:00:00 2001 From: Syed Muhammad Shuja Haider Date: Sat, 30 Nov 2024 19:50:47 +0300 Subject: [PATCH 1/6] Create prismlauncher.profile --- etc/profile-m-z/prismlauncher.profile | 34 +++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 etc/profile-m-z/prismlauncher.profile diff --git a/etc/profile-m-z/prismlauncher.profile b/etc/profile-m-z/prismlauncher.profile new file mode 100644 index 0000000000..d7fe79a337 --- /dev/null +++ b/etc/profile-m-z/prismlauncher.profile @@ -0,0 +1,34 @@ +# Custom profile for prismlauncher + +# file system +include /etc/firejail/disable-common.inc +whitelist ~/.local/share/PrismLauncher +read-only ~/Downloads +include /etc/firejail/whitelist-common.inc +private-tmp +private-dev +disable-mnt +blacklist /mnt +blacklist /media +blacklist /sbin + +# network +net enp4s0f3u2u1u2 +netfilter +dns 8.8.8.8 +dns 1.1.1.1 + +# multimedia +nodvd +novideo +notv +notpm +noprinters +nodbus + +# kernel +seccomp +nonewprivs +caps.drop all +noroot +apparmor From eb0c6c4d8fc9b649c3be3bedcc07a250874f9c50 Mon Sep 17 00:00:00 2001 From: Syed Muhammad Shuja Haider Date: Sat, 30 Nov 2024 19:51:51 +0300 Subject: [PATCH 2/6] Update firecfg.config --- src/firecfg/firecfg.config | 1 + 1 file changed, 1 insertion(+) diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index bd06232bc6..d8511822ae 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -732,6 +732,7 @@ ppsspp pragha presentations18 presentations18free +prismlauncher profanity psi psi-plus From 0e038f8217894e4b1c8b4f8e39a211b35aadbed7 Mon Sep 17 00:00:00 2001 From: Syed Muhammad Shuja Haider Date: Sun, 1 Dec 2024 19:19:13 +0300 Subject: [PATCH 3/6] Make it like the template, also harden it --- etc/profile-m-z/prismlauncher.profile | 63 +++++++++++++++------------ 1 file changed, 35 insertions(+), 28 deletions(-) diff --git a/etc/profile-m-z/prismlauncher.profile b/etc/profile-m-z/prismlauncher.profile index d7fe79a337..08028cebf3 100644 --- a/etc/profile-m-z/prismlauncher.profile +++ b/etc/profile-m-z/prismlauncher.profile @@ -1,34 +1,41 @@ -# Custom profile for prismlauncher +# Firejail profile for PrismLauncher +# Description: An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods. +# This file is overwritten after every install/update -# file system -include /etc/firejail/disable-common.inc -whitelist ~/.local/share/PrismLauncher -read-only ~/Downloads -include /etc/firejail/whitelist-common.inc -private-tmp -private-dev -disable-mnt -blacklist /mnt -blacklist /media -blacklist /sbin +# Persistent local customizations +include PROFILE.local +# Persistent global definitions +include globals.local -# network -net enp4s0f3u2u1u2 -netfilter -dns 8.8.8.8 -dns 1.1.1.1 +include allow-java.inc -# multimedia -nodvd -novideo -notv -notpm -noprinters -nodbus +include disable-common.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-shell.inc -# kernel -seccomp -nonewprivs +whitelist ${HOME}/.local/share/PrismLauncher +whitelist ${HOME}/Downloads + +apparmor caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noprinters noroot -apparmor +notpm +notv +nou2f +protocol unix,inet,inet6 +seccomp + +disable-mnt +private-cache +private-dev +private-tmp + +dbus-system none + +restrict-namespaces From ecbb52b7c4c5debe5e28308f797bcd538749f50b Mon Sep 17 00:00:00 2001 From: Syed Muhammad Shuja Haider Date: Mon, 2 Dec 2024 15:19:56 +0300 Subject: [PATCH 4/6] Add seccomp.block-secondary --- etc/profile-m-z/prismlauncher.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/profile-m-z/prismlauncher.profile b/etc/profile-m-z/prismlauncher.profile index 08028cebf3..6dfd28966a 100644 --- a/etc/profile-m-z/prismlauncher.profile +++ b/etc/profile-m-z/prismlauncher.profile @@ -30,6 +30,7 @@ notv nou2f protocol unix,inet,inet6 seccomp +seccomp.block-secondary disable-mnt private-cache From 33f1c1669d590378b99459407ebbd23b8a6f14a6 Mon Sep 17 00:00:00 2001 From: Syed Muhammad Shuja Haider Date: Mon, 2 Dec 2024 15:21:03 +0300 Subject: [PATCH 5/6] Update etc/profile-m-z/prismlauncher.profile to add a local file Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> --- etc/profile-m-z/prismlauncher.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-m-z/prismlauncher.profile b/etc/profile-m-z/prismlauncher.profile index 6dfd28966a..b0e79b3d76 100644 --- a/etc/profile-m-z/prismlauncher.profile +++ b/etc/profile-m-z/prismlauncher.profile @@ -3,7 +3,7 @@ # This file is overwritten after every install/update # Persistent local customizations -include PROFILE.local +include prismlauncher.local # Persistent global definitions include globals.local From 21779e7d377219ae0a378d5042f9ab4cd54c2014 Mon Sep 17 00:00:00 2001 From: Syed Muhammad Shuja Haider Date: Mon, 2 Dec 2024 15:21:18 +0300 Subject: [PATCH 6/6] Remove extra whitespace Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> --- etc/profile-m-z/prismlauncher.profile | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/profile-m-z/prismlauncher.profile b/etc/profile-m-z/prismlauncher.profile index b0e79b3d76..14f5c0f6d5 100644 --- a/etc/profile-m-z/prismlauncher.profile +++ b/etc/profile-m-z/prismlauncher.profile @@ -1,7 +1,6 @@ # Firejail profile for PrismLauncher # Description: An Open Source Minecraft launcher with the ability to manage multiple instances, accounts and mods. # This file is overwritten after every install/update - # Persistent local customizations include prismlauncher.local # Persistent global definitions