adrianlshaw/rpcs3.profile

## rpcs3.profile
# Firejail profile for RPCS3
# Description: PS3 emulator
# This file is overwritten after every install/update
# Persistent local customizations
include rpcs3.local
# Persistent global definitions
include globals.local # might be a problem

noblacklist ${HOME}/.config/rpcs3
noblacklist ${HOME}/.cache/rpcs3
#blacklist /usr/libexec # app uses this file

#include disable-common.inc # not working: needs ldconfig
include disable-devel.inc
include disable-exec.inc
#include disable-interpreters.inc
#include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc

mkdir ${HOME}/.cache/rpcs3
mkdir ${HOME}/.config/rpcs3
whitelist ${HOME}/.cache/rpcs3
whitelist ${HOME}/.config/rpcs3
whitelist ${DOWNLOADS}
include whitelist-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

apparmor
caps.drop all
ipc-namespace
net none
netfilter
nodvd
nogroups
#noinput
nonewprivs
noroot
notv
nou2f
#novideo
protocol unix,netlink
seccomp # seems to work
shell none
tracelog # seems to work

#disable-mnt
#private-cache
#private-dev # needed for controller support
#private-etc ca-certificates,crypto-policies,machine-id,pki,resolv.conf,ssl  # NEEDS AWK
private-opt none
private-tmp

dbus-user none
dbus-system none
	# Firejail profile for RPCS3
	# Description: PS3 emulator
	# This file is overwritten after every install/update
	# Persistent local customizations
	include rpcs3.local
	# Persistent global definitions
	include globals.local # might be a problem

	noblacklist ${HOME}/.config/rpcs3
	noblacklist ${HOME}/.cache/rpcs3
	#blacklist /usr/libexec # app uses this file

	#include disable-common.inc # not working: needs ldconfig
	include disable-devel.inc
	include disable-exec.inc
	#include disable-interpreters.inc
	#include disable-programs.inc
	include disable-shell.inc
	include disable-xdg.inc

	mkdir ${HOME}/.cache/rpcs3
	mkdir ${HOME}/.config/rpcs3
	whitelist ${HOME}/.cache/rpcs3
	whitelist ${HOME}/.config/rpcs3
	whitelist ${DOWNLOADS}
	include whitelist-common.inc
	include whitelist-runuser-common.inc
	include whitelist-usr-share-common.inc
	include whitelist-var-common.inc

	apparmor
	caps.drop all
	ipc-namespace
	net none
	netfilter
	nodvd
	nogroups
	#noinput
	nonewprivs
	noroot
	notv
	nou2f
	#novideo
	protocol unix,netlink
	seccomp # seems to work
	shell none
	tracelog # seems to work

	#disable-mnt
	#private-cache
	#private-dev # needed for controller support
	#private-etc ca-certificates,crypto-policies,machine-id,pki,resolv.conf,ssl # NEEDS AWK
	private-opt none
	private-tmp

	dbus-user none
	dbus-system none