OpenArena profile

author: netblue30 <netblue30@yahoo.com> 2019-06-13 08:38:16 -0400
committer: netblue30 <netblue30@yahoo.com> 2019-06-13 08:38:16 -0400
commit: 4a5449b4c6869835b743a6a4566d89d84df3ce67 (patch)
tree: 7ecb5653d57c235466d9e8e5199fc04d068fd4cd
parent: hardening & fixing (diff)
download: firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.gz
firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.zst
firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.zip
4 files changed, 54 insertions, 1 deletions
diff --git a/README.md b/README.md
index e6c3ecaca..c677a2cbb 100644
--- a/README.md
+++ b/README.md
@@ -111,4 +111,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles:
-klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks
+klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks. OpenArena
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 9d3f3ab68..7684aefff 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -575,6 +575,7 @@ blacklist ${HOME}/.neverball
 blacklist ${HOME}/.newsboat
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.openarena
 blacklist ${HOME}/.opencity
 blacklist ${HOME}/.openinvaders
 blacklist ${HOME}/.openshot
diff --git a/etc/openarena.profile b/etc/openarena.profile
new file mode 100644
index 000000000..f36d3270f
--- /dev/null
+++ b/etc/openarena.profile
@@ -0,0 +1,51 @@
+# Firejail profile for OpenArena
+# Description: deathmatch FPS game based on GPL idTech3 technology
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openarena.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.openarena
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+# ipc-namespace
+# machine-id
+# net none
+# netfilter
+# no3d
+# nodbus
+# nodvd
+# nogroups
+nonewprivs
+noroot
+# nosound
+notv
+# nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+# tracelog
+# disable-mnt
+# private
+# private-bin openarena
+private-cache
+private-dev
+# private-etc machine-id,xdg,openal,udev,drirc,passwd,selinux
+# private-lib
+private-tmp
+# memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index d21abbc9a..ad8b99270 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -416,6 +416,7 @@ oggsplt
 okular
 onionshare-gui
 open-invaders
+openarena
 opencity
 openshot
 openshot-qt
author	netblue30 <netblue30@yahoo.com>	2019-06-13 08:38:16 -0400
committer	netblue30 <netblue30@yahoo.com>	2019-06-13 08:38:16 -0400
commit	4a5449b4c6869835b743a6a4566d89d84df3ce67 (patch)
tree	7ecb5653d57c235466d9e8e5199fc04d068fd4cd
parent	hardening & fixing (diff)
download	firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.gz firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.zst firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.zip

diff --git a/README.md b/README.md index e6c3ecaca..c677a2cbb 100644 --- a/README.md +++ b/README.md
@@ -111,4 +111,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
111		111
112	## New profiles:	112	## New profiles:
113		113
114	klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks	114	klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks. OpenArena


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 9d3f3ab68..7684aefff 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -575,6 +575,7 @@ blacklist ${HOME}/.neverball
575	blacklist ${HOME}/.newsboat	575	blacklist ${HOME}/.newsboat
576	blacklist ${HOME}/.nv	576	blacklist ${HOME}/.nv
577	blacklist ${HOME}/.nylas-mail	577	blacklist ${HOME}/.nylas-mail
		578	blacklist ${HOME}/.openarena
578	blacklist ${HOME}/.opencity	579	blacklist ${HOME}/.opencity
579	blacklist ${HOME}/.openinvaders	580	blacklist ${HOME}/.openinvaders
580	blacklist ${HOME}/.openshot	581	blacklist ${HOME}/.openshot


diff --git a/etc/openarena.profile b/etc/openarena.profile new file mode 100644 index 000000000..f36d3270f --- /dev/null +++ b/etc/openarena.profile
@@ -0,0 +1,51 @@
		1	# Firejail profile for OpenArena
		2	# Description: deathmatch FPS game based on GPL idTech3 technology
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include openarena.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.openarena
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	include whitelist-var-common.inc
		20
		21	apparmor
		22	caps.drop all
		23	# ipc-namespace
		24	# machine-id
		25	# net none
		26	# netfilter
		27	# no3d
		28	# nodbus
		29	# nodvd
		30	# nogroups
		31	nonewprivs
		32	noroot
		33	# nosound
		34	notv
		35	# nou2f
		36	novideo
		37	protocol unix,inet,inet6,netlink
		38	seccomp
		39	shell none
		40	# tracelog
		41
		42	# disable-mnt
		43	# private
		44	# private-bin openarena
		45	private-cache
		46	private-dev
		47	# private-etc machine-id,xdg,openal,udev,drirc,passwd,selinux
		48	# private-lib
		49	private-tmp
		50
		51	# memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d21abbc9a..ad8b99270 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -416,6 +416,7 @@ oggsplt
416	okular	416	okular
417	onionshare-gui	417	onionshare-gui
418	open-invaders	418	open-invaders
		419	openarena
419	opencity	420	opencity
420	openshot	421	openshot
421	openshot-qt	422	openshot-qt