Add profiles for alienarena, ballbuster, colorful…

…, gl-117, glaxium, pinball alienarena is missing in firecfg.config by intention, I didn't tested any online multiplayer.
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-04-23 17:01:25 +0200
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-04-24 09:44:34 +0200
commit: 18adb74645ab28b79bf06084955543adf3586080 (patch)
tree: c77ec90924449753914c990aadfc110c177f8f86
parent: file-roller:private-bin: add atool,bsdtar,xzdec,unzstd (diff)
download: firejail-18adb74645ab28b79bf06084955543adf3586080.tar.gz
firejail-18adb74645ab28b79bf06084955543adf3586080.tar.zst
firejail-18adb74645ab28b79bf06084955543adf3586080.zip
13 files changed, 393 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 8ccbae5ca..918403cdc 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -52,6 +52,7 @@ blacklist ${HOME}/.atom
 blacklist ${HOME}/.attic
 blacklist ${HOME}/.audacity-data
 blacklist ${HOME}/.avidemux6
+blacklist ${HOME}/.ballbuster.hs
 blacklist ${HOME}/.balsa
 blacklist ${HOME}/.bcast5
 blacklist ${HOME}/.bibletime
@@ -220,6 +221,7 @@ blacklist ${HOME}/.config/d-feet
 blacklist ${HOME}/.config/electron-mail
 blacklist ${HOME}/.config/emaildefaults
 blacklist ${HOME}/.config/emailidentities
+blacklist ${HOME}/.config/emilia
 blacklist ${HOME}/.config/enchant
 blacklist ${HOME}/.config/eog
 blacklist ${HOME}/.config/epiphany
@@ -490,6 +492,8 @@ blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.gist
 blacklist ${HOME}/.gitconfig
+blacklist ${HOME}/.gl-117
+blacklist ${HOME}/.glaxiumrc
 blacklist ${HOME}/.gnome/gnome-schedule
 blacklist ${HOME}/.googleearth
 blacklist ${HOME}/.gradle
@@ -637,6 +641,7 @@ blacklist ${HOME}/.local/share/cdprojektred
 blacklist ${HOME}/.local/share/clipit
 blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 blacklist ${HOME}/.local/share/contacts
+blacklist ${HOME}/.local/share/cor-games
 blacklist ${HOME}/.local/share/data/Mendeley Ltd.
 blacklist ${HOME}/.local/share/data/Mumble
 blacklist ${HOME}/.local/share/data/MusE
@@ -844,6 +849,7 @@ blacklist ${HOME}/.steampid
 blacklist ${HOME}/.stellarium
 blacklist ${HOME}/.subversion
 blacklist ${HOME}/.surf
+blacklist ${HOME}/.suve/colorful
 blacklist ${HOME}/.swb.ini
 blacklist ${HOME}/.sword
 blacklist ${HOME}/.sylpheed-2.0
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile
new file mode 100644
index 000000000..4048b66f8
--- /dev/null
+++ b/etc/profile-a-l/alienarena.profile
@@ -0,0 +1,52 @@
+# Firejail profile for alienarena
+# Description: Multiplayer retro sci-fi deathmatch game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include alienarena.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.local/share/cor-games
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.local/share/cor-games
+whitelist ${HOME}/.local/share/cor-games
+whitelist /usr/share/alienarena
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin alienarena
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile
new file mode 100644
index 000000000..1c137e6ae
--- /dev/null
+++ b/etc/profile-a-l/ballbuster.profile
@@ -0,0 +1,52 @@
+# Firejail profile for ballbuster
+# Description: Move the paddle to bounce the ball and break all the bricks
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ballbuster.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.ballbuster.hs
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkfile ${HOME}/.ballbuster.hs
+whitelist ${HOME}/.ballbuster.hs
+whitelist /usr/share/ballbuster
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin ballbuster
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile
new file mode 100644
index 000000000..4b8a5e477
--- /dev/null
+++ b/etc/profile-a-l/colorful.profile
@@ -0,0 +1,52 @@
+# Firejail profile for colorful
+# Description: simple 2D sideview shooter
+# This file is overwritten after every install/update
+# Persistent local customizations
+include colorful.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.suve/colorful
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.suve/colorful
+whitelist ${HOME}/.suve/colorful
+whitelist /usr/share/suve
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin colorful
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-a-l/gl-117-wrapper.profile b/etc/profile-a-l/gl-117-wrapper.profile
new file mode 100644
index 000000000..d783940f3
--- /dev/null
+++ b/etc/profile-a-l/gl-117-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for gl-117-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gl-117-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+include allow-opengl-game.inc
+private-bin gl-117-wrapper
+# Redirect
+include gl-117.profile
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile
new file mode 100644
index 000000000..87194843a
--- /dev/null
+++ b/etc/profile-a-l/gl-117.profile
@@ -0,0 +1,52 @@
+# Firejail profile for gl-117
+# Description: Action flight simulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gl-117.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.gl-117
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.gl-117
+whitelist ${HOME}/.gl-117
+whitelist /usr/share/gl-117
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin gl-117
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-a-l/glaxium-wrapper.profile b/etc/profile-a-l/glaxium-wrapper.profile
new file mode 100644
index 000000000..7dc2cf65e
--- /dev/null
+++ b/etc/profile-a-l/glaxium-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for glaxium-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include glaxium-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+include allow-opengl-game.inc
+private-bin glaxium-wrapper
+# Redirect
+include glaxium.profile
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile
new file mode 100644
index 000000000..ea5211e9e
--- /dev/null
+++ b/etc/profile-a-l/glaxium.profile
@@ -0,0 +1,52 @@
+# Firejail profile for glaxium
+# Description: 3d spaceship shoot-em-up
+# This file is overwritten after every install/update
+# Persistent local customizations
+include glaxium.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.glaxiumrc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkfile ${HOME}/.glaxiumrc
+whitelist ${HOME}/.glaxiumrc
+whitelist /usr/share/glaxium
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin glaxium
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/neverball-wrapper.profile b/etc/profile-m-z/neverball-wrapper.profile
new file mode 100644
index 000000000..534e41dd1
--- /dev/null
+++ b/etc/profile-m-z/neverball-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for neverball-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include neverball-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+include allow-opengl-game.inc
+private-bin neverball-wrapper
+# Redirect
+include neverball.profile
diff --git a/etc/profile-m-z/neverputt-wrapper.profile b/etc/profile-m-z/neverputt-wrapper.profile
new file mode 100644
index 000000000..dacd113cc
--- /dev/null
+++ b/etc/profile-m-z/neverputt-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for neverputt-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include neverputt-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+include allow-opengl-game.inc
+private-bin neverputt-wrapper
+# Redirect
+include neverputt.profile
diff --git a/etc/profile-m-z/pinball-wrapper.profile b/etc/profile-m-z/pinball-wrapper.profile
new file mode 100644
index 000000000..2b5ed6e27
--- /dev/null
+++ b/etc/profile-m-z/pinball-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for pinball-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pinball-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+include allow-opengl-game.inc
+private-bin pinball-wrapper
+# Redirect
+include pinball.profile
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile
new file mode 100644
index 000000000..feeed8184
--- /dev/null
+++ b/etc/profile-m-z/pinball.profile
@@ -0,0 +1,52 @@
+# Firejail profile for pinball
+# Description: Emilia 3D Pinball Game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pinball.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/emilia
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/emilia
+whitelist ${HOME}/.config/emilia
+whitelist /usr/share/pinball
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin pinball
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id,pulse
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index be50d5f44..97c07eb7a 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -74,6 +74,7 @@ autokey-run
 autokey-shell
 avidemux3_qt5
 aweather
+ballbuster
 baloo_file
 baloo_filemetadata_temp_extractor
 balsa
@@ -147,6 +148,7 @@ cmus
 code
 code-oss
 cola
+colorful
 com.github.bleakgrey.tootle
 com.github.dahenson.agenda
 com.github.johnfactotum.Foliate
@@ -293,6 +295,8 @@ git-cola
 github-desktop
 gitter
 # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102
+gl-117
+glaxium
 globaltime
 gmpc
 gnome-2048
@@ -615,6 +619,7 @@ penguin-command
 photoflare
 picard
 pidgin
+pinball
 #ping - disabled until we fix  #1912
 pingus
 pinta
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-04-23 17:01:25 +0200
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-04-24 09:44:34 +0200
commit	18adb74645ab28b79bf06084955543adf3586080 (patch)
tree	c77ec90924449753914c990aadfc110c177f8f86
parent	file-roller:private-bin: add atool,bsdtar,xzdec,unzstd (diff)
download	firejail-18adb74645ab28b79bf06084955543adf3586080.tar.gz firejail-18adb74645ab28b79bf06084955543adf3586080.tar.zst firejail-18adb74645ab28b79bf06084955543adf3586080.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 8ccbae5ca..918403cdc 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -52,6 +52,7 @@ blacklist ${HOME}/.atom
52	blacklist ${HOME}/.attic	52	blacklist ${HOME}/.attic
53	blacklist ${HOME}/.audacity-data	53	blacklist ${HOME}/.audacity-data
54	blacklist ${HOME}/.avidemux6	54	blacklist ${HOME}/.avidemux6
		55	blacklist ${HOME}/.ballbuster.hs
55	blacklist ${HOME}/.balsa	56	blacklist ${HOME}/.balsa
56	blacklist ${HOME}/.bcast5	57	blacklist ${HOME}/.bcast5
57	blacklist ${HOME}/.bibletime	58	blacklist ${HOME}/.bibletime
@@ -220,6 +221,7 @@ blacklist ${HOME}/.config/d-feet
220	blacklist ${HOME}/.config/electron-mail	221	blacklist ${HOME}/.config/electron-mail
221	blacklist ${HOME}/.config/emaildefaults	222	blacklist ${HOME}/.config/emaildefaults
222	blacklist ${HOME}/.config/emailidentities	223	blacklist ${HOME}/.config/emailidentities
		224	blacklist ${HOME}/.config/emilia
223	blacklist ${HOME}/.config/enchant	225	blacklist ${HOME}/.config/enchant
224	blacklist ${HOME}/.config/eog	226	blacklist ${HOME}/.config/eog
225	blacklist ${HOME}/.config/epiphany	227	blacklist ${HOME}/.config/epiphany
@@ -490,6 +492,8 @@ blacklist ${HOME}/.frozen-bubble
490	blacklist ${HOME}/.gimp*	492	blacklist ${HOME}/.gimp*
491	blacklist ${HOME}/.gist	493	blacklist ${HOME}/.gist
492	blacklist ${HOME}/.gitconfig	494	blacklist ${HOME}/.gitconfig
		495	blacklist ${HOME}/.gl-117
		496	blacklist ${HOME}/.glaxiumrc
493	blacklist ${HOME}/.gnome/gnome-schedule	497	blacklist ${HOME}/.gnome/gnome-schedule
494	blacklist ${HOME}/.googleearth	498	blacklist ${HOME}/.googleearth
495	blacklist ${HOME}/.gradle	499	blacklist ${HOME}/.gradle
@@ -637,6 +641,7 @@ blacklist ${HOME}/.local/share/cdprojektred
637	blacklist ${HOME}/.local/share/clipit	641	blacklist ${HOME}/.local/share/clipit
638	blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate	642	blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
639	blacklist ${HOME}/.local/share/contacts	643	blacklist ${HOME}/.local/share/contacts
		644	blacklist ${HOME}/.local/share/cor-games
640	blacklist ${HOME}/.local/share/data/Mendeley Ltd.	645	blacklist ${HOME}/.local/share/data/Mendeley Ltd.
641	blacklist ${HOME}/.local/share/data/Mumble	646	blacklist ${HOME}/.local/share/data/Mumble
642	blacklist ${HOME}/.local/share/data/MusE	647	blacklist ${HOME}/.local/share/data/MusE
@@ -844,6 +849,7 @@ blacklist ${HOME}/.steampid
844	blacklist ${HOME}/.stellarium	849	blacklist ${HOME}/.stellarium
845	blacklist ${HOME}/.subversion	850	blacklist ${HOME}/.subversion
846	blacklist ${HOME}/.surf	851	blacklist ${HOME}/.surf
		852	blacklist ${HOME}/.suve/colorful
847	blacklist ${HOME}/.swb.ini	853	blacklist ${HOME}/.swb.ini
848	blacklist ${HOME}/.sword	854	blacklist ${HOME}/.sword
849	blacklist ${HOME}/.sylpheed-2.0	855	blacklist ${HOME}/.sylpheed-2.0


diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile new file mode 100644 index 000000000..4048b66f8 --- /dev/null +++ b/etc/profile-a-l/alienarena.profile
@@ -0,0 +1,52 @@
		1	# Firejail profile for alienarena
		2	# Description: Multiplayer retro sci-fi deathmatch game
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include alienarena.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.local/share/cor-games
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkdir ${HOME}/.local/share/cor-games
		21	whitelist ${HOME}/.local/share/cor-games
		22	whitelist /usr/share/alienarena
		23	include whitelist-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	netfilter
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix,inet,inet6
		39	seccomp
		40	seccomp.block-secondary
		41	shell none
		42	tracelog
		43
		44	disable-mnt
		45	private-bin alienarena
		46	private-cache
		47	private-dev
		48	private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11
		49	private-tmp
		50
		51	dbus-user none
		52	dbus-system none


diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile new file mode 100644 index 000000000..1c137e6ae --- /dev/null +++ b/etc/profile-a-l/ballbuster.profile
@@ -0,0 +1,52 @@
		1	# Firejail profile for ballbuster
		2	# Description: Move the paddle to bounce the ball and break all the bricks
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include ballbuster.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.ballbuster.hs
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkfile ${HOME}/.ballbuster.hs
		21	whitelist ${HOME}/.ballbuster.hs
		22	whitelist /usr/share/ballbuster
		23	include whitelist-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	net none
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	seccomp.block-secondary
		41	shell none
		42	tracelog
		43
		44	disable-mnt
		45	private-bin ballbuster
		46	private-cache
		47	private-dev
		48	private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
		49	private-tmp
		50
		51	dbus-user none
		52	dbus-system none


diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile new file mode 100644 index 000000000..4b8a5e477 --- /dev/null +++ b/etc/profile-a-l/colorful.profile
@@ -0,0 +1,52 @@
		1	# Firejail profile for colorful
		2	# Description: simple 2D sideview shooter
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include colorful.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.suve/colorful
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkdir ${HOME}/.suve/colorful
		21	whitelist ${HOME}/.suve/colorful
		22	whitelist /usr/share/suve
		23	include whitelist-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	net none
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	seccomp.block-secondary
		41	shell none
		42	tracelog
		43
		44	disable-mnt
		45	private-bin colorful
		46	private-cache
		47	private-dev
		48	private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
		49	private-tmp
		50
		51	dbus-user none
		52	dbus-system none


diff --git a/etc/profile-a-l/gl-117-wrapper.profile b/etc/profile-a-l/gl-117-wrapper.profile new file mode 100644 index 000000000..d783940f3 --- /dev/null +++ b/etc/profile-a-l/gl-117-wrapper.profile
@@ -0,0 +1,14 @@
		1	# Firejail profile for gl-117-wrapper
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include gl-117-wrapper.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	include allow-opengl-game.inc
		10
		11	private-bin gl-117-wrapper
		12
		13	# Redirect
		14	include gl-117.profile


diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile new file mode 100644 index 000000000..87194843a --- /dev/null +++ b/etc/profile-a-l/gl-117.profile
@@ -0,0 +1,52 @@
		1	# Firejail profile for gl-117
		2	# Description: Action flight simulator
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gl-117.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.gl-117
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkdir ${HOME}/.gl-117
		21	whitelist ${HOME}/.gl-117
		22	whitelist /usr/share/gl-117
		23	include whitelist-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	net none
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	seccomp.block-secondary
		41	shell none
		42	tracelog
		43
		44	disable-mnt
		45	private-bin gl-117
		46	private-cache
		47	private-dev
		48	private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
		49	private-tmp
		50
		51	dbus-user none
		52	dbus-system none


diff --git a/etc/profile-a-l/glaxium-wrapper.profile b/etc/profile-a-l/glaxium-wrapper.profile new file mode 100644 index 000000000..7dc2cf65e --- /dev/null +++ b/etc/profile-a-l/glaxium-wrapper.profile
@@ -0,0 +1,14 @@
		1	# Firejail profile for glaxium-wrapper
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include glaxium-wrapper.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	include allow-opengl-game.inc
		10
		11	private-bin glaxium-wrapper
		12
		13	# Redirect
		14	include glaxium.profile


diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile new file mode 100644 index 000000000..ea5211e9e --- /dev/null +++ b/etc/profile-a-l/glaxium.profile
@@ -0,0 +1,52 @@
		1	# Firejail profile for glaxium
		2	# Description: 3d spaceship shoot-em-up
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include glaxium.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.glaxiumrc
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkfile ${HOME}/.glaxiumrc
		21	whitelist ${HOME}/.glaxiumrc
		22	whitelist /usr/share/glaxium
		23	include whitelist-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	net none
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	seccomp.block-secondary
		41	shell none
		42	tracelog
		43
		44	disable-mnt
		45	private-bin glaxium
		46	private-cache
		47	private-dev
		48	private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
		49	private-tmp
		50
		51	dbus-user none
		52	dbus-system none


diff --git a/etc/profile-m-z/neverball-wrapper.profile b/etc/profile-m-z/neverball-wrapper.profile new file mode 100644 index 000000000..534e41dd1 --- /dev/null +++ b/etc/profile-m-z/neverball-wrapper.profile
@@ -0,0 +1,14 @@
		1	# Firejail profile for neverball-wrapper
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include neverball-wrapper.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	include allow-opengl-game.inc
		10
		11	private-bin neverball-wrapper
		12
		13	# Redirect
		14	include neverball.profile


diff --git a/etc/profile-m-z/neverputt-wrapper.profile b/etc/profile-m-z/neverputt-wrapper.profile new file mode 100644 index 000000000..dacd113cc --- /dev/null +++ b/etc/profile-m-z/neverputt-wrapper.profile
@@ -0,0 +1,14 @@
		1	# Firejail profile for neverputt-wrapper
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include neverputt-wrapper.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	include allow-opengl-game.inc
		10
		11	private-bin neverputt-wrapper
		12
		13	# Redirect
		14	include neverputt.profile


diff --git a/etc/profile-m-z/pinball-wrapper.profile b/etc/profile-m-z/pinball-wrapper.profile new file mode 100644 index 000000000..2b5ed6e27 --- /dev/null +++ b/etc/profile-m-z/pinball-wrapper.profile
@@ -0,0 +1,14 @@
		1	# Firejail profile for pinball-wrapper
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include pinball-wrapper.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	include allow-opengl-game.inc
		10
		11	private-bin pinball-wrapper
		12
		13	# Redirect
		14	include pinball.profile


diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile new file mode 100644 index 000000000..feeed8184 --- /dev/null +++ b/etc/profile-m-z/pinball.profile
@@ -0,0 +1,52 @@
		1	# Firejail profile for pinball
		2	# Description: Emilia 3D Pinball Game
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include pinball.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/emilia
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkdir ${HOME}/.config/emilia
		21	whitelist ${HOME}/.config/emilia
		22	whitelist /usr/share/pinball
		23	include whitelist-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	net none
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	seccomp.block-secondary
		41	shell none
		42	tracelog
		43
		44	disable-mnt
		45	private-bin pinball
		46	private-cache
		47	private-dev
		48	private-etc alsa,alternatives,asound.conf,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id,pulse
		49	private-tmp
		50
		51	dbus-user none
		52	dbus-system none


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index be50d5f44..97c07eb7a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -74,6 +74,7 @@ autokey-run
74	autokey-shell	74	autokey-shell
75	avidemux3_qt5	75	avidemux3_qt5
76	aweather	76	aweather
		77	ballbuster
77	baloo_file	78	baloo_file
78	baloo_filemetadata_temp_extractor	79	baloo_filemetadata_temp_extractor
79	balsa	80	balsa
@@ -147,6 +148,7 @@ cmus
147	code	148	code
148	code-oss	149	code-oss
149	cola	150	cola
		151	colorful
150	com.github.bleakgrey.tootle	152	com.github.bleakgrey.tootle
151	com.github.dahenson.agenda	153	com.github.dahenson.agenda
152	com.github.johnfactotum.Foliate	154	com.github.johnfactotum.Foliate
@@ -293,6 +295,8 @@ git-cola
293	github-desktop	295	github-desktop
294	gitter	296	gitter
295	# gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102	297	# gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102
		298	gl-117
		299	glaxium
296	globaltime	300	globaltime
297	gmpc	301	gmpc
298	gnome-2048	302	gnome-2048
@@ -615,6 +619,7 @@ penguin-command
615	photoflare	619	photoflare
616	picard	620	picard
617	pidgin	621	pidgin
		622	pinball
618	#ping - disabled until we fix #1912	623	#ping - disabled until we fix #1912
619	pingus	624	pingus
620	pinta	625	pinta