make polymc firejail config more restrictive

2024-06-18 11:18:49 +02:00 · 2023-06-10 14:30:09 +02:00 · 2023-06-10 14:30:09 +02:00 · 69a92fd2bb
parent 4e18fee757
commit 69a92fd2bb
1 changed files with 21 additions and 0 deletions
--- a/.config/firejail/polymc.profile.cgt
+++ b/.config/firejail/polymc.profile.cgt
@ -1,7 +1,28 @@
 include whitelist-common.inc
+
 dbus-user filter
 dbus-user.talk com.feralinteractive.GameMode
 dbus-system none
+
+mkdir ~/.local/share/PolyMC
+mkdir ~/.config/PolyMC
 whitelist ~/.local/share/PolyMC
 whitelist ~/.config/PolyMC
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+
+disable-mnt
+private-dev
+private-tmp
+
 <% opt.getDeviceConf "polymc-firejail.profile" %>