diff options
author | netblue30 <netblue30@yahoo.com> | 2020-03-23 14:54:06 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-03-23 14:54:06 -0400 |
commit | 65c8a6bf66c937ec54690a8339e196a325dc388c (patch) | |
tree | 9f615ec7dd82e724e4203fc3ff5364a9de70657e | |
parent | apparmor (diff) | |
download | firejail-65c8a6bf66c937ec54690a8339e196a325dc388c.tar.gz firejail-65c8a6bf66c937ec54690a8339e196a325dc388c.tar.zst firejail-65c8a6bf66c937ec54690a8339e196a325dc388c.zip |
penguin-commad
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/open-invaders.profile | 2 | ||||
-rw-r--r-- | etc/penguin-command.profile | 40 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
5 files changed, 44 insertions, 2 deletions
@@ -176,4 +176,4 @@ Run ./profstats -h for help. | |||
176 | ### New profiles: | 176 | ### New profiles: |
177 | 177 | ||
178 | gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, | 178 | gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, |
179 | gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer | 179 | gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index bd0213135..5b3fe475c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -645,6 +645,7 @@ blacklist ${HOME}/.openttd | |||
645 | blacklist ${HOME}/.opera | 645 | blacklist ${HOME}/.opera |
646 | blacklist ${HOME}/.opera-beta | 646 | blacklist ${HOME}/.opera-beta |
647 | blacklist ${HOME}/.ostrichriders | 647 | blacklist ${HOME}/.ostrichriders |
648 | blacklist ${HOME}/.penguin-command | ||
648 | blacklist ${HOME}/.pingus | 649 | blacklist ${HOME}/.pingus |
649 | blacklist ${HOME}/.pioneer | 650 | blacklist ${HOME}/.pioneer |
650 | blacklist ${HOME}/.purple | 651 | blacklist ${HOME}/.purple |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 0ba9451d8..1f214b7f5 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -35,6 +35,6 @@ protocol unix,netlink | |||
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | # private-bin open-invaders | 38 | private-bin open-invaders |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/penguin-command.profile b/etc/penguin-command.profile new file mode 100644 index 000000000..33e0651d4 --- /dev/null +++ b/etc/penguin-command.profile | |||
@@ -0,0 +1,40 @@ | |||
1 | # Firejail profile for open-invaders | ||
2 | # Description: Space Invaders clone | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include open-invaders.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.penguin-command | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | |||
18 | mkdir ${HOME}/.openinvaders | ||
19 | whitelist ${HOME}/.openinvaders | ||
20 | include whitelist-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | net none | ||
26 | nodbus | ||
27 | nodvd | ||
28 | nogroups | ||
29 | nonewprivs | ||
30 | noroot | ||
31 | notv | ||
32 | nou2f | ||
33 | novideo | ||
34 | protocol unix,netlink | ||
35 | seccomp | ||
36 | shell none | ||
37 | |||
38 | private-bin penguin-command | ||
39 | private-dev | ||
40 | private-tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a79c48f50..e836d8d39 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -510,6 +510,7 @@ pdfmod | |||
510 | pdfsam | 510 | pdfsam |
511 | pdftotext | 511 | pdftotext |
512 | peek | 512 | peek |
513 | penguin-command | ||
513 | picard | 514 | picard |
514 | pidgin | 515 | pidgin |
515 | #ping - disabled until we fix #1912 | 516 | #ping - disabled until we fix #1912 |