Commit e9a3c77b authored by Amos Wenger's avatar Amos Wenger

Allow passing tempDir, and use it in firejail policy

parent bea24092
Pipeline #14882 passed with stage
in 48 seconds
......@@ -2,9 +2,6 @@ package policies
// This templates generates a sandbox policy file suitable for
// running relatively-untrusted apps via itch.
//
// TODO: figure a better way — blacklists aren't so good.
// whitelist doesn't seem to work with exclusions, though?
const FirejailTemplate = `
include /etc/firejail/itch_game_{{.Name}}.local
......@@ -12,6 +9,7 @@ include /etc/firejail/itch_games_globals.local
noblacklist {{.FullTargetPath}}
noblacklist {{.InstallFolder}}
noblacklist {{.TempDir}}
blacklist {{.InstallFolder}}/.itch
noblacklist ${HOME}/.config/itch/apps
......
......@@ -6,9 +6,9 @@ import (
"io"
"runtime"
"github.com/itchio/headway/state"
"github.com/itchio/ox"
"github.com/itchio/smaug/fuji"
"github.com/itchio/headway/state"
)
type RunnerParams struct {
......@@ -28,6 +28,7 @@ type RunnerParams struct {
Stderr io.Writer
InstallFolder string
TempDir string
Runtime *ox.Runtime
// runner-specific params
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment