summarylogtreecommitdiffstats
path: root/config.toml
blob: 6bb8c411fe8f5e34df7f0050f2df2ba375bad767 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# This is a Portable configuration, using TOML 1.1.0
# For syntax, check https://toml.io/en/v1.1.0

# The metadata section contains information of your sandbox.
[metadata]
# This is your Application ID, avoid conflict. Should be a reversed DNS name.
# If the author's DNS domain name contains hyphen/minus characters ('-'), which are not allowed in D-Bus interface names, they should be replaced by underscores. If the DNS domain name contains a digit immediately following a period ('.'), which is also not allowed in interface names), the interface name should add an underscore before that digit. For example, if the owner of 7-zip.org defined an interface for out-of-process plugins, it might be named org._7_zip.Plugin.
appID = "com.qq.weixin"

# This is a friendly name of an application. It should only contain ASCII characters and not spaces.
friendlyName = "WeChat"

# This is the state directory of your application, relative to "XDG_DATA_HOME".
stateDirectory = "WeChat_Data"

# The exec section defines how the underlying process is started.
[exec]
# target defines the program to start.
target = "/opt/wechat/wechat"

# arguments holds an array of arguments passed to the application, this is also used when starting secondary instances.
arguments = []

# D-Bus activation works by installing a service under /usr/share/dbus-1/services. It is used by UnifiedPush to process notifications without showing a window. You should modify the activation cmdline to call portable with "--dbus-activation".
[busActivation]
# Whether or not to enable D-Bus activation. Defaults to false.
enable = false

# target is the same as exec.target.
target = "gtk4-demo"

# arguments is the same as exec.arguments.
arguments = ["--gapplication-service"]

# The processes section defines how Portable tracks tasks.
[processes]
# Watch for spawned commands. When all of them exits, automatically terminate the sandbox. Defaults to true.
track = true

# The system section controls general permission.
[system]
# Whether or not an application can call Inhibit Portal to prevent automatic suspend. Defaults to false.
inhibitSuspend = false

# Whether or not an application can call GlobalShortcuts Portal to request shortcuts registration. Defaults to false.
globalShortcuts = false

# Whether or not to expose all GPUs and prefer discrete graphics card. By default, Portable blocks any GPU except the integrated one to improve user experience and power consumption on hybrid systems.
gameMode = false

# Inhibit suspend and idle on behalf of applications. Requires system.inhibitSuspend being true
inhibitOnBehalf = false

# The network section defines behaviour of Portable's network firewall. Requires netsock for filtering.
[network]
# Whether or not an application can use network interfaces. Defaults to true.
enable = true

# Whether or not to enable filtering on network packets. Defaults to false.
filter = false

# Destinations to deny. Only effective if netsock is running and listening on /run/netsock/control.sock. IP literals are resolved directly, while strings are mapped to IP addresses by the system resolver. A special string of "private" means private IPs. Note that :53 is allowed regardless to avoid breaking DNS. Defaults to none, meaning sandbox can connect to whatever address.
filterDest = ["private"]

# The privacy section defines several device exposure preference. By default, Portable does not allow apps to see physical devices. This includes discrete GPUs when gameMode is off, input devices, cameras, and all other PCI devices.
[privacy]
# When false, prevents application from connecting to X server on Wayland. Defaults to true.
x11 = true

# When false, prevents application from connecting to legacy notifications endpoint. Defaults to true.
classicNotifications = true

# When true, exposes camera devices in the sandbox. Defaults to false.
cameras = true

# When true, allows application to connect to PipeWire server. Note that a proxy is set up to prevent privileged actions. Defaults to false.
pipeWire = false

# When true, allows application to receive Input events, particularly useful for Games. Defaults to false.
input = false

# Do not use. May break apps.
[advanced]
zink = false
qt5Compat = true
mprisName = []
trayWake = true
kDEStatus = true
flatpakInfo = true

# Enables landlock for additional protection, breaks many apps.
landlock = true