diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-08 18:53:50 +0100 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-04-24 09:44:34 +0200 |
commit | 41f69f7a748f1533b7506f1e28529520d660b894 (patch) | |
tree | c06911619dfc8aff06c53ec5bc20a0f603e44163 | |
parent | Add profiles for alienarena, ballbuster, colorful… (diff) | |
download | firejail-41f69f7a748f1533b7506f1e28529520d660b894.tar.gz firejail-41f69f7a748f1533b7506f1e28529520d660b894.tar.zst firejail-41f69f7a748f1533b7506f1e28529520d660b894.zip |
Commons of opengl-game-wrapper.sh
[skip ci]
- Add allow-opengl-game.inc
- Add profiles for alienarena-wrapper, ballbuster-wrapper,
colorful-wrapper, etr-wrapper, gl-117-wrapper, glaxium-wrapper,
neverball-wrapper, neverputt-wrapper, pinball-wrapper,
supertuxkart-wrapper
- Use allow-opengl-game.inc in xonotic.profile and the profiles above
- xonotic.profile: simplify private-bin by using xonotic*
-rw-r--r-- | etc/inc/allow-opengl-game.inc | 3 | ||||
-rw-r--r-- | etc/profile-a-l/alienarena-wrapper.profile | 14 | ||||
-rw-r--r-- | etc/profile-a-l/ballbuster-wrapper.profile | 14 | ||||
-rw-r--r-- | etc/profile-a-l/colorful-wrapper.profile | 14 | ||||
-rw-r--r-- | etc/profile-a-l/etr-wrapper.profile | 14 | ||||
-rw-r--r-- | etc/profile-a-l/gl-117-wrapper.profie | 14 | ||||
-rw-r--r-- | etc/profile-a-l/glaxium-wrapper.profie | 14 | ||||
-rw-r--r-- | etc/profile-m-z/neverball-wrapper.profie | 14 | ||||
-rw-r--r-- | etc/profile-m-z/neverputt-wrapper.profie | 14 | ||||
-rw-r--r-- | etc/profile-m-z/pinball-wrapper.profie | 14 | ||||
-rw-r--r-- | etc/profile-m-z/scorched3d-wrapper.profile | 7 | ||||
-rw-r--r-- | etc/profile-m-z/scorched3d.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/supertuxkart-wrapper.profile | 14 | ||||
-rw-r--r-- | etc/profile-m-z/xonotic.profile | 6 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
15 files changed, 153 insertions, 7 deletions
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc new file mode 100644 index 000000000..b5ff1bd50 --- /dev/null +++ b/etc/inc/allow-opengl-game.inc | |||
@@ -0,0 +1,3 @@ | |||
1 | noblacklist ${PATH}/bash | ||
2 | whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh | ||
3 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity | ||
diff --git a/etc/profile-a-l/alienarena-wrapper.profile b/etc/profile-a-l/alienarena-wrapper.profile new file mode 100644 index 000000000..b31996cd2 --- /dev/null +++ b/etc/profile-a-l/alienarena-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for alienarena-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include alienarena-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin alienarena-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include alienarena.profile | ||
diff --git a/etc/profile-a-l/ballbuster-wrapper.profile b/etc/profile-a-l/ballbuster-wrapper.profile new file mode 100644 index 000000000..419dcaab5 --- /dev/null +++ b/etc/profile-a-l/ballbuster-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for ballbuster-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include ballbuster-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin ballbuster-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include ballbuster.profile | ||
diff --git a/etc/profile-a-l/colorful-wrapper.profile b/etc/profile-a-l/colorful-wrapper.profile new file mode 100644 index 000000000..4b762047d --- /dev/null +++ b/etc/profile-a-l/colorful-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for colorful-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include colorful-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin colorful-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include colorful.profile | ||
diff --git a/etc/profile-a-l/etr-wrapper.profile b/etc/profile-a-l/etr-wrapper.profile new file mode 100644 index 000000000..98f949918 --- /dev/null +++ b/etc/profile-a-l/etr-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for etr-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include etr-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin etr-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include etr.profile | ||
diff --git a/etc/profile-a-l/gl-117-wrapper.profie b/etc/profile-a-l/gl-117-wrapper.profie new file mode 100644 index 000000000..d783940f3 --- /dev/null +++ b/etc/profile-a-l/gl-117-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for gl-117-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include gl-117-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin gl-117-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include gl-117.profile | ||
diff --git a/etc/profile-a-l/glaxium-wrapper.profie b/etc/profile-a-l/glaxium-wrapper.profie new file mode 100644 index 000000000..7dc2cf65e --- /dev/null +++ b/etc/profile-a-l/glaxium-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for glaxium-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include glaxium-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin glaxium-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include glaxium.profile | ||
diff --git a/etc/profile-m-z/neverball-wrapper.profie b/etc/profile-m-z/neverball-wrapper.profie new file mode 100644 index 000000000..534e41dd1 --- /dev/null +++ b/etc/profile-m-z/neverball-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for neverball-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include neverball-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin neverball-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include neverball.profile | ||
diff --git a/etc/profile-m-z/neverputt-wrapper.profie b/etc/profile-m-z/neverputt-wrapper.profie new file mode 100644 index 000000000..dacd113cc --- /dev/null +++ b/etc/profile-m-z/neverputt-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for neverputt-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include neverputt-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin neverputt-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include neverputt.profile | ||
diff --git a/etc/profile-m-z/pinball-wrapper.profie b/etc/profile-m-z/pinball-wrapper.profie new file mode 100644 index 000000000..2b5ed6e27 --- /dev/null +++ b/etc/profile-m-z/pinball-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for pinball-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include pinball-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin pinball-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include pinball.profile | ||
diff --git a/etc/profile-m-z/scorched3d-wrapper.profile b/etc/profile-m-z/scorched3d-wrapper.profile index 507d0827e..e76caec1d 100644 --- a/etc/profile-m-z/scorched3d-wrapper.profile +++ b/etc/profile-m-z/scorched3d-wrapper.profile | |||
@@ -1,10 +1,11 @@ | |||
1 | # Firejail profile for scorched3d | 1 | # Firejail profile for scorched3d-wrapper |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include scorched3d-wrapper.local | 4 | include scorched3d-wrapper.local |
5 | 5 | ||
6 | whitelist /usr/share/opengl-games-utils | 6 | include allow-opengl-game.inc |
7 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity | 7 | |
8 | private-bin scorched3d-wrapper | ||
8 | 9 | ||
9 | # Redirect | 10 | # Redirect |
10 | include scorched3d.profile | 11 | include scorched3d.profile |
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index 6a1003c33..1808018d1 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile | |||
@@ -40,7 +40,7 @@ shell none | |||
40 | tracelog | 40 | tracelog |
41 | 41 | ||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin scorched3d,scorched3d-wrapper,scorched3dc,scorched3ds | 43 | private-bin scorched3d,scorched3dc,scorched3ds |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-tmp | 46 | private-tmp |
diff --git a/etc/profile-m-z/supertuxkart-wrapper.profile b/etc/profile-m-z/supertuxkart-wrapper.profile new file mode 100644 index 000000000..af8d73deb --- /dev/null +++ b/etc/profile-m-z/supertuxkart-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for supertuxkart-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include supertuxkart-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin supertuxkart-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include supertuxkart.profile | ||
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index aa8cc7d0e..df6c34fbb 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -8,12 +8,16 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.xonotic | 9 | noblacklist ${HOME}/.xonotic |
10 | 10 | ||
11 | include allow-bin-sh.inc | ||
12 | include allow-opengl-game.inc | ||
13 | |||
11 | include disable-common.inc | 14 | include disable-common.inc |
12 | include disable-devel.inc | 15 | include disable-devel.inc |
13 | include disable-exec.inc | 16 | include disable-exec.inc |
14 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-shell.inc | ||
17 | include disable-xdg.inc | 21 | include disable-xdg.inc |
18 | 22 | ||
19 | mkdir ${HOME}/.xonotic | 23 | mkdir ${HOME}/.xonotic |
@@ -41,7 +45,7 @@ tracelog | |||
41 | 45 | ||
42 | disable-mnt | 46 | disable-mnt |
43 | private-cache | 47 | private-cache |
44 | private-bin basename,bash,blind-id,cut,darkplaces-glx,darkplaces-sdl,dirname,glxinfo,grep,head,ldd,netstat,ps,readlink,sed,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl,xonotic-sdl-wrapper,zenity | 48 | private-bin blind-id,darkplaces-glx,darkplaces-sdl,dirname,ldd,netstat,ps,readlink,sh,uname,xonotic* |
45 | private-dev | 49 | private-dev |
46 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 50 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
47 | private-tmp | 51 | private-tmp |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 97c07eb7a..6639c2ee9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -678,7 +678,6 @@ runenpass.sh | |||
678 | sayonara | 678 | sayonara |
679 | scallion | 679 | scallion |
680 | scorched3d | 680 | scorched3d |
681 | scorched3d-wrapper | ||
682 | scorchwentbonkers | 681 | scorchwentbonkers |
683 | scribus | 682 | scribus |
684 | sdat2img | 683 | sdat2img |
@@ -872,7 +871,6 @@ xmr-stak | |||
872 | xonotic | 871 | xonotic |
873 | xonotic-glx | 872 | xonotic-glx |
874 | xonotic-sdl | 873 | xonotic-sdl |
875 | xonotic-sdl-wrapper | ||
876 | xournal | 874 | xournal |
877 | xournalpp | 875 | xournalpp |
878 | xpdf | 876 | xpdf |