New profile for supertuxkart. (#2298)

* New profile supertuxkart * review fixes
author: rusty-snake <print_hello_world+GitHub@protonmail.com> 2018-12-16 20:43:07 +0000
committer: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2018-12-16 14:43:07 -0600
commit: 88304b63b5f0c31653ff1dbd3cab5a843e70da05 (patch)
tree: 6a00cde6e622c72876d8bfc8572e3813a516d681
parent: Merge pull request #2299 from glitsj16/man (diff)
download: firejail-88304b63b5f0c31653ff1dbd3cab5a843e70da05.tar.gz
firejail-88304b63b5f0c31653ff1dbd3cab5a843e70da05.tar.zst
firejail-88304b63b5f0c31653ff1dbd3cab5a843e70da05.zip
3 files changed, 59 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7e9d7be80..774852c2f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -233,6 +233,7 @@ blacklist ${HOME}/.config/smplayer
 blacklist ${HOME}/.config/smtube
 blacklist ${HOME}/.config/specialmailcollectionsrc
 blacklist ${HOME}/.config/spotify
+blacklist ${HOME}/.config/supertuxkart
 blacklist ${HOME}/.config/sqlitebrowser
 blacklist ${HOME}/.config/stellarium
 blacklist ${HOME}/.config/synfig
@@ -461,6 +462,7 @@ blacklist ${HOME}/.local/share/scribus
 blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/supertux2
+blacklist ${HOME}/.local/share/supertuxkart
 blacklist ${HOME}/.local/share/telepathy
 blacklist ${HOME}/.local/share/terasology
 blacklist ${HOME}/.local/share/torbrowser
@@ -617,6 +619,7 @@ blacklist ${HOME}/.cache/qutebrowser
 blacklist ${HOME}/.cache/simple-scan
 blacklist ${HOME}/.cache/slimjet
 blacklist ${HOME}/.cache/spotify
+blacklist ${HOME}/.cache/supertuxkart
 blacklist ${HOME}/.cache/systemsettings
 blacklist ${HOME}/.cache/telepathy
 blacklist ${HOME}/.cache/thunderbird
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile
new file mode 100644
index 000000000..9f65a2fa1
--- /dev/null
+++ b/etc/supertuxkart.profile
@@ -0,0 +1,55 @@
+# Firejail profile for supertuxkart
+# Description: Free kart racing game.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include supertuxkart.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/supertuxkart
+noblacklist ${HOME}/.cache/supertuxkart
+noblacklist ${HOME}/.local/share/supertuxkart
+include disable-common.inc
+include disable-devel.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include disable-interpreters.inc
+mkdir ${HOME}/.config/supertuxkart
+mkdir ${HOME}/.cache/supertuxkart
+mkdir ${HOME}/.local/share/supertuxkart
+whitelist ${HOME}/.config/supertuxkart
+whitelist ${HOME}/.cache/supertuxkart
+whitelist ${HOME}/.local/share/supertuxkart
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin supertuxkart
+private-cache
+private-dev
+private-etc resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux
+private-tmp
+private-opt none
+private-srv none
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index bfba93190..f36455c89 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -403,6 +403,7 @@ steam-native
 stellarium
 strings
 supertux2
+supertuxkart
 surf
 sylpheed
 synfigstudio
author	rusty-snake <print_hello_world+GitHub@protonmail.com>	2018-12-16 20:43:07 +0000
committer	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2018-12-16 14:43:07 -0600
commit	88304b63b5f0c31653ff1dbd3cab5a843e70da05 (patch)
tree	6a00cde6e622c72876d8bfc8572e3813a516d681
parent	Merge pull request #2299 from glitsj16/man (diff)
download	firejail-88304b63b5f0c31653ff1dbd3cab5a843e70da05.tar.gz firejail-88304b63b5f0c31653ff1dbd3cab5a843e70da05.tar.zst firejail-88304b63b5f0c31653ff1dbd3cab5a843e70da05.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7e9d7be80..774852c2f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -233,6 +233,7 @@ blacklist ${HOME}/.config/smplayer
233	blacklist ${HOME}/.config/smtube	233	blacklist ${HOME}/.config/smtube
234	blacklist ${HOME}/.config/specialmailcollectionsrc	234	blacklist ${HOME}/.config/specialmailcollectionsrc
235	blacklist ${HOME}/.config/spotify	235	blacklist ${HOME}/.config/spotify
		236	blacklist ${HOME}/.config/supertuxkart
236	blacklist ${HOME}/.config/sqlitebrowser	237	blacklist ${HOME}/.config/sqlitebrowser
237	blacklist ${HOME}/.config/stellarium	238	blacklist ${HOME}/.config/stellarium
238	blacklist ${HOME}/.config/synfig	239	blacklist ${HOME}/.config/synfig
@@ -461,6 +462,7 @@ blacklist ${HOME}/.local/share/scribus
461	blacklist ${HOME}/.local/share/spotify	462	blacklist ${HOME}/.local/share/spotify
462	blacklist ${HOME}/.local/share/steam	463	blacklist ${HOME}/.local/share/steam
463	blacklist ${HOME}/.local/share/supertux2	464	blacklist ${HOME}/.local/share/supertux2
		465	blacklist ${HOME}/.local/share/supertuxkart
464	blacklist ${HOME}/.local/share/telepathy	466	blacklist ${HOME}/.local/share/telepathy
465	blacklist ${HOME}/.local/share/terasology	467	blacklist ${HOME}/.local/share/terasology
466	blacklist ${HOME}/.local/share/torbrowser	468	blacklist ${HOME}/.local/share/torbrowser
@@ -617,6 +619,7 @@ blacklist ${HOME}/.cache/qutebrowser
617	blacklist ${HOME}/.cache/simple-scan	619	blacklist ${HOME}/.cache/simple-scan
618	blacklist ${HOME}/.cache/slimjet	620	blacklist ${HOME}/.cache/slimjet
619	blacklist ${HOME}/.cache/spotify	621	blacklist ${HOME}/.cache/spotify
		622	blacklist ${HOME}/.cache/supertuxkart
620	blacklist ${HOME}/.cache/systemsettings	623	blacklist ${HOME}/.cache/systemsettings
621	blacklist ${HOME}/.cache/telepathy	624	blacklist ${HOME}/.cache/telepathy
622	blacklist ${HOME}/.cache/thunderbird	625	blacklist ${HOME}/.cache/thunderbird


diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile new file mode 100644 index 000000000..9f65a2fa1 --- /dev/null +++ b/etc/supertuxkart.profile
@@ -0,0 +1,55 @@
		1	# Firejail profile for supertuxkart
		2	# Description: Free kart racing game.
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include supertuxkart.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/supertuxkart
		10	noblacklist ${HOME}/.cache/supertuxkart
		11	noblacklist ${HOME}/.local/share/supertuxkart
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18	include disable-interpreters.inc
		19
		20	mkdir ${HOME}/.config/supertuxkart
		21	mkdir ${HOME}/.cache/supertuxkart
		22	mkdir ${HOME}/.local/share/supertuxkart
		23	whitelist ${HOME}/.config/supertuxkart
		24	whitelist ${HOME}/.cache/supertuxkart
		25	whitelist ${HOME}/.local/share/supertuxkart
		26	include whitelist-common.inc
		27	include whitelist-var-common.inc
		28
		29	apparmor
		30	caps.drop all
		31	netfilter
		32	nodbus
		33	nodvd
		34	nogroups
		35	nonewprivs
		36	noroot
		37	notv
		38	nou2f
		39	novideo
		40	protocol unix,inet,inet6
		41	seccomp
		42	shell none
		43	tracelog
		44
		45	disable-mnt
		46	private-bin supertuxkart
		47	private-cache
		48	private-dev
		49	private-etc resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux
		50	private-tmp
		51	private-opt none
		52	private-srv none
		53
		54	noexec ${HOME}
		55	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index bfba93190..f36455c89 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -403,6 +403,7 @@ steam-native
403	stellarium	403	stellarium
404	strings	404	strings
405	supertux2	405	supertux2
		406	supertuxkart
406	surf	407	surf
407	sylpheed	408	sylpheed
408	synfigstudio	409	synfigstudio