diff options
author | Tad <tad@spotco.us> | 2019-03-20 20:27:01 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2019-03-20 20:27:01 -0400 |
commit | 807336ca7508d1e227bb542a709374e8ab2f5e00 (patch) | |
tree | c81114a7513f9b5004bf404f76336afdad4863ea | |
parent | Add a profile for DCSS (diff) | |
download | firejail-807336ca7508d1e227bb542a709374e8ab2f5e00.tar.gz firejail-807336ca7508d1e227bb542a709374e8ab2f5e00.tar.zst firejail-807336ca7508d1e227bb542a709374e8ab2f5e00.zip |
Four more game profiles
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 5 | ||||
-rw-r--r-- | etc/teeworlds.profile | 44 | ||||
-rw-r--r-- | etc/torcs.profile | 43 | ||||
-rw-r--r-- | etc/tremulous.profile | 44 | ||||
-rw-r--r-- | etc/warsow.profile | 49 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 4 |
8 files changed, 191 insertions, 1 deletions
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
102 | ## Current development version: 0.9.59 | 102 | ## Current development version: 0.9.59 |
103 | 103 | ||
104 | ## New profiles: | 104 | ## New profiles: |
105 | crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles | 105 | crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow |
@@ -8,6 +8,7 @@ firejail (0.9.59) baseline; urgency=low | |||
8 | * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings | 8 | * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings |
9 | * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag | 9 | * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag |
10 | * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles | 10 | * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles |
11 | * new profiles: teeworlds, torcs, tremulous, warsow | ||
11 | * memory-deny-write-execute now also blocks memfd_create | 12 | * memory-deny-write-execute now also blocks memfd_create |
12 | * drop support for flatpak/snap packages | 13 | * drop support for flatpak/snap packages |
13 | 14 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0237ad2ba..69ffb5d45 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -514,6 +514,7 @@ blacklist ${HOME}/.local/share/uzbl | |||
514 | blacklist ${HOME}/.local/share/vlc | 514 | blacklist ${HOME}/.local/share/vlc |
515 | blacklist ${HOME}/.local/share/vpltd | 515 | blacklist ${HOME}/.local/share/vpltd |
516 | blacklist ${HOME}/.local/share/vulkan | 516 | blacklist ${HOME}/.local/share/vulkan |
517 | blacklist ${HOME}/.local/share/warsow-2.1 | ||
517 | blacklist ${HOME}/.local/share/wesnoth | 518 | blacklist ${HOME}/.local/share/wesnoth |
518 | blacklist ${HOME}/.local/share/xplayer | 519 | blacklist ${HOME}/.local/share/xplayer |
519 | blacklist ${HOME}/.local/share/xreader | 520 | blacklist ${HOME}/.local/share/xreader |
@@ -569,11 +570,14 @@ blacklist ${HOME}/.sword | |||
569 | blacklist ${HOME}/.sylpheed-2.0 | 570 | blacklist ${HOME}/.sylpheed-2.0 |
570 | blacklist ${HOME}/.synfig | 571 | blacklist ${HOME}/.synfig |
571 | blacklist ${HOME}/.tconn | 572 | blacklist ${HOME}/.tconn |
573 | blacklist ${HOME}/.teeworlds | ||
572 | blacklist ${HOME}/.thunderbird | 574 | blacklist ${HOME}/.thunderbird |
573 | blacklist ${HOME}/.tilp | 575 | blacklist ${HOME}/.tilp |
574 | blacklist ${HOME}/.tooling | 576 | blacklist ${HOME}/.tooling |
575 | blacklist ${HOME}/.tor-browser-* | 577 | blacklist ${HOME}/.tor-browser-* |
576 | blacklist ${HOME}/.tor-browser_* | 578 | blacklist ${HOME}/.tor-browser_* |
579 | blacklist ${HOME}/.torcs | ||
580 | blacklist ${HOME}/.tremulous | ||
577 | blacklist ${HOME}/.ts3client | 581 | blacklist ${HOME}/.ts3client |
578 | blacklist ${HOME}/.tuxguitar* | 582 | blacklist ${HOME}/.tuxguitar* |
579 | blacklist ${HOME}/.unknown-horizons | 583 | blacklist ${HOME}/.unknown-horizons |
@@ -694,6 +698,7 @@ blacklist ${HOME}/.cache/transmission | |||
694 | blacklist ${HOME}/.cache/vivaldi | 698 | blacklist ${HOME}/.cache/vivaldi |
695 | blacklist ${HOME}/.cache/vivaldi-snapshot | 699 | blacklist ${HOME}/.cache/vivaldi-snapshot |
696 | blacklist ${HOME}/.cache/vlc | 700 | blacklist ${HOME}/.cache/vlc |
701 | blacklist ${HOME}/.cache/warsow-2.1 | ||
697 | blacklist ${HOME}/.cache/waterfox | 702 | blacklist ${HOME}/.cache/waterfox |
698 | blacklist ${HOME}/.cache/wesnoth | 703 | blacklist ${HOME}/.cache/wesnoth |
699 | blacklist ${HOME}/.cache/xmms2 | 704 | blacklist ${HOME}/.cache/xmms2 |
diff --git a/etc/teeworlds.profile b/etc/teeworlds.profile new file mode 100644 index 000000000..782f337d3 --- /dev/null +++ b/etc/teeworlds.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for teeworlds | ||
2 | # Description: Online multi-player platform 2D shooter | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include teeworlds.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.teeworlds | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.teeworlds | ||
20 | whitelist ${HOME}/.teeworlds | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | netfilter | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix,inet,inet6 | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin teeworlds | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-tmp | ||
diff --git a/etc/torcs.profile b/etc/torcs.profile new file mode 100644 index 000000000..d9c59b276 --- /dev/null +++ b/etc/torcs.profile | |||
@@ -0,0 +1,43 @@ | |||
1 | # Firejail profile for torcs | ||
2 | # Description: The Open Racing Car Simulator | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include torcs.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.torcs | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.torcs | ||
20 | whitelist ${HOME}/.torcs | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | net none | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-cache | ||
42 | private-dev | ||
43 | private-tmp | ||
diff --git a/etc/tremulous.profile b/etc/tremulous.profile new file mode 100644 index 000000000..a56ac2c07 --- /dev/null +++ b/etc/tremulous.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for tremulous | ||
2 | # Description: First Person Shooter game based on the Quake 3 engine | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include tremulous.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.tremulous | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.tremulous | ||
20 | whitelist ${HOME}/.tremulous | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | netfilter | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix,inet,inet6 | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin tremulous,tremulous-wrapper,tremded | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-tmp | ||
diff --git a/etc/warsow.profile b/etc/warsow.profile new file mode 100644 index 000000000..e884ab07a --- /dev/null +++ b/etc/warsow.profile | |||
@@ -0,0 +1,49 @@ | |||
1 | # Firejail profile for warsow | ||
2 | # Description: Fast paced 3D first person shooter | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include warsow.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore noexec ${HOME} | ||
10 | |||
11 | noblacklist ${HOME}/.cache/warsow-2.1 | ||
12 | noblacklist ${HOME}/.local/share/warsow-2.1 | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | mkdir ${HOME}/.cache/warsow-2.1 | ||
23 | mkdir ${HOME}/.local/share/warsow-2.1 | ||
24 | whitelist ${HOME}/.cache/warsow-2.1 | ||
25 | whitelist ${HOME}/.local/share/warsow-2.1 | ||
26 | include whitelist-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | caps.drop all | ||
30 | ipc-namespace | ||
31 | netfilter | ||
32 | nodbus | ||
33 | nodvd | ||
34 | nogroups | ||
35 | nonewprivs | ||
36 | noroot | ||
37 | notv | ||
38 | nou2f | ||
39 | novideo | ||
40 | protocol unix,inet,inet6 | ||
41 | seccomp | ||
42 | shell none | ||
43 | tracelog | ||
44 | |||
45 | disable-mnt | ||
46 | private-bin warsow | ||
47 | private-cache | ||
48 | private-dev | ||
49 | private-tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 90dd07dea..a2edd7c3a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -486,6 +486,7 @@ synfigstudio | |||
486 | sysprof | 486 | sysprof |
487 | sysprof-cli | 487 | sysprof-cli |
488 | teamspeak3 | 488 | teamspeak3 |
489 | teeworlds | ||
489 | telegram | 490 | telegram |
490 | telegram-desktop | 491 | telegram-desktop |
491 | terasology | 492 | terasology |
@@ -525,6 +526,7 @@ tor-browser-vi | |||
525 | tor-browser-zh-cn | 526 | tor-browser-zh-cn |
526 | tor-browser-zh-tw | 527 | tor-browser-zh-tw |
527 | torbrowser-launcher | 528 | torbrowser-launcher |
529 | torcs | ||
528 | totem | 530 | totem |
529 | tracker | 531 | tracker |
530 | transgui | 532 | transgui |
@@ -538,6 +540,7 @@ transmission-remote | |||
538 | transmission-remote-cli | 540 | transmission-remote-cli |
539 | transmission-remote-gtk | 541 | transmission-remote-gtk |
540 | transmission-show | 542 | transmission-show |
543 | tremulous | ||
541 | truecraft | 544 | truecraft |
542 | tuxguitar | 545 | tuxguitar |
543 | uefitool | 546 | uefitool |
@@ -557,6 +560,7 @@ vlc | |||
557 | vscodium | 560 | vscodium |
558 | vym | 561 | vym |
559 | w3m | 562 | w3m |
563 | warsow | ||
560 | warzone2100 | 564 | warzone2100 |
561 | waterfox | 565 | waterfox |
562 | webstorm | 566 | webstorm |