diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-04-24 09:47:02 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-24 09:47:02 +0000 |
commit | a5e85788a940748b04f7b5ba96f42f81332db869 (patch) | |
tree | d8cdf99271db4587f5fc54f7e470f5e127202257 | |
parent | Merge pull request #4179 from jose1711/gnomeconnector (diff) | |
parent | Commons of opengl-game-wrapper.sh (diff) | |
download | firejail-a5e85788a940748b04f7b5ba96f42f81332db869.tar.gz firejail-a5e85788a940748b04f7b5ba96f42f81332db869.tar.zst firejail-a5e85788a940748b04f7b5ba96f42f81332db869.zip |
Merge pull request #4071 from rusty-snake/open-game-wrapper
Commons of opengl-game-wrapper.sh
27 files changed, 546 insertions, 7 deletions
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc new file mode 100644 index 000000000..b5ff1bd50 --- /dev/null +++ b/etc/inc/allow-opengl-game.inc | |||
@@ -0,0 +1,3 @@ | |||
1 | noblacklist ${PATH}/bash | ||
2 | whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh | ||
3 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity | ||
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 0ca8817cb..cf9ef44bf 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -52,6 +52,7 @@ blacklist ${HOME}/.atom | |||
52 | blacklist ${HOME}/.attic | 52 | blacklist ${HOME}/.attic |
53 | blacklist ${HOME}/.audacity-data | 53 | blacklist ${HOME}/.audacity-data |
54 | blacklist ${HOME}/.avidemux6 | 54 | blacklist ${HOME}/.avidemux6 |
55 | blacklist ${HOME}/.ballbuster.hs | ||
55 | blacklist ${HOME}/.balsa | 56 | blacklist ${HOME}/.balsa |
56 | blacklist ${HOME}/.bcast5 | 57 | blacklist ${HOME}/.bcast5 |
57 | blacklist ${HOME}/.bibletime | 58 | blacklist ${HOME}/.bibletime |
@@ -220,6 +221,7 @@ blacklist ${HOME}/.config/d-feet | |||
220 | blacklist ${HOME}/.config/electron-mail | 221 | blacklist ${HOME}/.config/electron-mail |
221 | blacklist ${HOME}/.config/emaildefaults | 222 | blacklist ${HOME}/.config/emaildefaults |
222 | blacklist ${HOME}/.config/emailidentities | 223 | blacklist ${HOME}/.config/emailidentities |
224 | blacklist ${HOME}/.config/emilia | ||
223 | blacklist ${HOME}/.config/enchant | 225 | blacklist ${HOME}/.config/enchant |
224 | blacklist ${HOME}/.config/eog | 226 | blacklist ${HOME}/.config/eog |
225 | blacklist ${HOME}/.config/epiphany | 227 | blacklist ${HOME}/.config/epiphany |
@@ -491,6 +493,8 @@ blacklist ${HOME}/.frozen-bubble | |||
491 | blacklist ${HOME}/.gimp* | 493 | blacklist ${HOME}/.gimp* |
492 | blacklist ${HOME}/.gist | 494 | blacklist ${HOME}/.gist |
493 | blacklist ${HOME}/.gitconfig | 495 | blacklist ${HOME}/.gitconfig |
496 | blacklist ${HOME}/.gl-117 | ||
497 | blacklist ${HOME}/.glaxiumrc | ||
494 | blacklist ${HOME}/.gnome/gnome-schedule | 498 | blacklist ${HOME}/.gnome/gnome-schedule |
495 | blacklist ${HOME}/.googleearth | 499 | blacklist ${HOME}/.googleearth |
496 | blacklist ${HOME}/.gradle | 500 | blacklist ${HOME}/.gradle |
@@ -638,6 +642,7 @@ blacklist ${HOME}/.local/share/cdprojektred | |||
638 | blacklist ${HOME}/.local/share/clipit | 642 | blacklist ${HOME}/.local/share/clipit |
639 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 643 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
640 | blacklist ${HOME}/.local/share/contacts | 644 | blacklist ${HOME}/.local/share/contacts |
645 | blacklist ${HOME}/.local/share/cor-games | ||
641 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. | 646 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. |
642 | blacklist ${HOME}/.local/share/data/Mumble | 647 | blacklist ${HOME}/.local/share/data/Mumble |
643 | blacklist ${HOME}/.local/share/data/MusE | 648 | blacklist ${HOME}/.local/share/data/MusE |
@@ -845,6 +850,7 @@ blacklist ${HOME}/.steampid | |||
845 | blacklist ${HOME}/.stellarium | 850 | blacklist ${HOME}/.stellarium |
846 | blacklist ${HOME}/.subversion | 851 | blacklist ${HOME}/.subversion |
847 | blacklist ${HOME}/.surf | 852 | blacklist ${HOME}/.surf |
853 | blacklist ${HOME}/.suve/colorful | ||
848 | blacklist ${HOME}/.swb.ini | 854 | blacklist ${HOME}/.swb.ini |
849 | blacklist ${HOME}/.sword | 855 | blacklist ${HOME}/.sword |
850 | blacklist ${HOME}/.sylpheed-2.0 | 856 | blacklist ${HOME}/.sylpheed-2.0 |
diff --git a/etc/profile-a-l/alienarena-wrapper.profile b/etc/profile-a-l/alienarena-wrapper.profile new file mode 100644 index 000000000..b31996cd2 --- /dev/null +++ b/etc/profile-a-l/alienarena-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for alienarena-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include alienarena-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin alienarena-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include alienarena.profile | ||
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile new file mode 100644 index 000000000..4048b66f8 --- /dev/null +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -0,0 +1,52 @@ | |||
1 | # Firejail profile for alienarena | ||
2 | # Description: Multiplayer retro sci-fi deathmatch game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include alienarena.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.local/share/cor-games | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.local/share/cor-games | ||
21 | whitelist ${HOME}/.local/share/cor-games | ||
22 | whitelist /usr/share/alienarena | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | netfilter | ||
31 | nodvd | ||
32 | nogroups | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix,inet,inet6 | ||
39 | seccomp | ||
40 | seccomp.block-secondary | ||
41 | shell none | ||
42 | tracelog | ||
43 | |||
44 | disable-mnt | ||
45 | private-bin alienarena | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11 | ||
49 | private-tmp | ||
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/profile-a-l/ballbuster-wrapper.profile b/etc/profile-a-l/ballbuster-wrapper.profile new file mode 100644 index 000000000..419dcaab5 --- /dev/null +++ b/etc/profile-a-l/ballbuster-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for ballbuster-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include ballbuster-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin ballbuster-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include ballbuster.profile | ||
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile new file mode 100644 index 000000000..1c137e6ae --- /dev/null +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -0,0 +1,52 @@ | |||
1 | # Firejail profile for ballbuster | ||
2 | # Description: Move the paddle to bounce the ball and break all the bricks | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include ballbuster.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.ballbuster.hs | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkfile ${HOME}/.ballbuster.hs | ||
21 | whitelist ${HOME}/.ballbuster.hs | ||
22 | whitelist /usr/share/ballbuster | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | net none | ||
31 | nodvd | ||
32 | nogroups | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix | ||
39 | seccomp | ||
40 | seccomp.block-secondary | ||
41 | shell none | ||
42 | tracelog | ||
43 | |||
44 | disable-mnt | ||
45 | private-bin ballbuster | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse | ||
49 | private-tmp | ||
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/profile-a-l/colorful-wrapper.profile b/etc/profile-a-l/colorful-wrapper.profile new file mode 100644 index 000000000..4b762047d --- /dev/null +++ b/etc/profile-a-l/colorful-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for colorful-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include colorful-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin colorful-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include colorful.profile | ||
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile new file mode 100644 index 000000000..4b8a5e477 --- /dev/null +++ b/etc/profile-a-l/colorful.profile | |||
@@ -0,0 +1,52 @@ | |||
1 | # Firejail profile for colorful | ||
2 | # Description: simple 2D sideview shooter | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include colorful.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.suve/colorful | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.suve/colorful | ||
21 | whitelist ${HOME}/.suve/colorful | ||
22 | whitelist /usr/share/suve | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | net none | ||
31 | nodvd | ||
32 | nogroups | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix | ||
39 | seccomp | ||
40 | seccomp.block-secondary | ||
41 | shell none | ||
42 | tracelog | ||
43 | |||
44 | disable-mnt | ||
45 | private-bin colorful | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse | ||
49 | private-tmp | ||
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/profile-a-l/etr-wrapper.profile b/etc/profile-a-l/etr-wrapper.profile new file mode 100644 index 000000000..98f949918 --- /dev/null +++ b/etc/profile-a-l/etr-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for etr-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include etr-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin etr-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include etr.profile | ||
diff --git a/etc/profile-a-l/gl-117-wrapper.profie b/etc/profile-a-l/gl-117-wrapper.profie new file mode 100644 index 000000000..d783940f3 --- /dev/null +++ b/etc/profile-a-l/gl-117-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for gl-117-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include gl-117-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin gl-117-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include gl-117.profile | ||
diff --git a/etc/profile-a-l/gl-117-wrapper.profile b/etc/profile-a-l/gl-117-wrapper.profile new file mode 100644 index 000000000..d783940f3 --- /dev/null +++ b/etc/profile-a-l/gl-117-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for gl-117-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include gl-117-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin gl-117-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include gl-117.profile | ||
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile new file mode 100644 index 000000000..87194843a --- /dev/null +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -0,0 +1,52 @@ | |||
1 | # Firejail profile for gl-117 | ||
2 | # Description: Action flight simulator | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gl-117.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.gl-117 | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.gl-117 | ||
21 | whitelist ${HOME}/.gl-117 | ||
22 | whitelist /usr/share/gl-117 | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | net none | ||
31 | nodvd | ||
32 | nogroups | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix | ||
39 | seccomp | ||
40 | seccomp.block-secondary | ||
41 | shell none | ||
42 | tracelog | ||
43 | |||
44 | disable-mnt | ||
45 | private-bin gl-117 | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse | ||
49 | private-tmp | ||
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/profile-a-l/glaxium-wrapper.profie b/etc/profile-a-l/glaxium-wrapper.profie new file mode 100644 index 000000000..7dc2cf65e --- /dev/null +++ b/etc/profile-a-l/glaxium-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for glaxium-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include glaxium-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin glaxium-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include glaxium.profile | ||
diff --git a/etc/profile-a-l/glaxium-wrapper.profile b/etc/profile-a-l/glaxium-wrapper.profile new file mode 100644 index 000000000..7dc2cf65e --- /dev/null +++ b/etc/profile-a-l/glaxium-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for glaxium-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include glaxium-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin glaxium-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include glaxium.profile | ||
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile new file mode 100644 index 000000000..ea5211e9e --- /dev/null +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -0,0 +1,52 @@ | |||
1 | # Firejail profile for glaxium | ||
2 | # Description: 3d spaceship shoot-em-up | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include glaxium.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.glaxiumrc | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkfile ${HOME}/.glaxiumrc | ||
21 | whitelist ${HOME}/.glaxiumrc | ||
22 | whitelist /usr/share/glaxium | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | net none | ||
31 | nodvd | ||
32 | nogroups | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix | ||
39 | seccomp | ||
40 | seccomp.block-secondary | ||
41 | shell none | ||
42 | tracelog | ||
43 | |||
44 | disable-mnt | ||
45 | private-bin glaxium | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse | ||
49 | private-tmp | ||
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/profile-m-z/neverball-wrapper.profie b/etc/profile-m-z/neverball-wrapper.profie new file mode 100644 index 000000000..534e41dd1 --- /dev/null +++ b/etc/profile-m-z/neverball-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for neverball-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include neverball-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin neverball-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include neverball.profile | ||
diff --git a/etc/profile-m-z/neverball-wrapper.profile b/etc/profile-m-z/neverball-wrapper.profile new file mode 100644 index 000000000..534e41dd1 --- /dev/null +++ b/etc/profile-m-z/neverball-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for neverball-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include neverball-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin neverball-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include neverball.profile | ||
diff --git a/etc/profile-m-z/neverputt-wrapper.profie b/etc/profile-m-z/neverputt-wrapper.profie new file mode 100644 index 000000000..dacd113cc --- /dev/null +++ b/etc/profile-m-z/neverputt-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for neverputt-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include neverputt-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin neverputt-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include neverputt.profile | ||
diff --git a/etc/profile-m-z/neverputt-wrapper.profile b/etc/profile-m-z/neverputt-wrapper.profile new file mode 100644 index 000000000..dacd113cc --- /dev/null +++ b/etc/profile-m-z/neverputt-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for neverputt-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include neverputt-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin neverputt-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include neverputt.profile | ||
diff --git a/etc/profile-m-z/pinball-wrapper.profie b/etc/profile-m-z/pinball-wrapper.profie new file mode 100644 index 000000000..2b5ed6e27 --- /dev/null +++ b/etc/profile-m-z/pinball-wrapper.profie | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for pinball-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include pinball-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin pinball-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include pinball.profile | ||
diff --git a/etc/profile-m-z/pinball-wrapper.profile b/etc/profile-m-z/pinball-wrapper.profile new file mode 100644 index 000000000..2b5ed6e27 --- /dev/null +++ b/etc/profile-m-z/pinball-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for pinball-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include pinball-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin pinball-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include pinball.profile | ||
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile new file mode 100644 index 000000000..feeed8184 --- /dev/null +++ b/etc/profile-m-z/pinball.profile | |||
@@ -0,0 +1,52 @@ | |||
1 | # Firejail profile for pinball | ||
2 | # Description: Emilia 3D Pinball Game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include pinball.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/emilia | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.config/emilia | ||
21 | whitelist ${HOME}/.config/emilia | ||
22 | whitelist /usr/share/pinball | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | net none | ||
31 | nodvd | ||
32 | nogroups | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix | ||
39 | seccomp | ||
40 | seccomp.block-secondary | ||
41 | shell none | ||
42 | tracelog | ||
43 | |||
44 | disable-mnt | ||
45 | private-bin pinball | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc alsa,alternatives,asound.conf,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id,pulse | ||
49 | private-tmp | ||
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/profile-m-z/scorched3d-wrapper.profile b/etc/profile-m-z/scorched3d-wrapper.profile index 507d0827e..e76caec1d 100644 --- a/etc/profile-m-z/scorched3d-wrapper.profile +++ b/etc/profile-m-z/scorched3d-wrapper.profile | |||
@@ -1,10 +1,11 @@ | |||
1 | # Firejail profile for scorched3d | 1 | # Firejail profile for scorched3d-wrapper |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include scorched3d-wrapper.local | 4 | include scorched3d-wrapper.local |
5 | 5 | ||
6 | whitelist /usr/share/opengl-games-utils | 6 | include allow-opengl-game.inc |
7 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity | 7 | |
8 | private-bin scorched3d-wrapper | ||
8 | 9 | ||
9 | # Redirect | 10 | # Redirect |
10 | include scorched3d.profile | 11 | include scorched3d.profile |
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index 6a1003c33..1808018d1 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile | |||
@@ -40,7 +40,7 @@ shell none | |||
40 | tracelog | 40 | tracelog |
41 | 41 | ||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin scorched3d,scorched3d-wrapper,scorched3dc,scorched3ds | 43 | private-bin scorched3d,scorched3dc,scorched3ds |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-tmp | 46 | private-tmp |
diff --git a/etc/profile-m-z/supertuxkart-wrapper.profile b/etc/profile-m-z/supertuxkart-wrapper.profile new file mode 100644 index 000000000..af8d73deb --- /dev/null +++ b/etc/profile-m-z/supertuxkart-wrapper.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for supertuxkart-wrapper | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include supertuxkart-wrapper.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include allow-opengl-game.inc | ||
10 | |||
11 | private-bin supertuxkart-wrapper | ||
12 | |||
13 | # Redirect | ||
14 | include supertuxkart.profile | ||
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index aa8cc7d0e..df6c34fbb 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -8,12 +8,16 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.xonotic | 9 | noblacklist ${HOME}/.xonotic |
10 | 10 | ||
11 | include allow-bin-sh.inc | ||
12 | include allow-opengl-game.inc | ||
13 | |||
11 | include disable-common.inc | 14 | include disable-common.inc |
12 | include disable-devel.inc | 15 | include disable-devel.inc |
13 | include disable-exec.inc | 16 | include disable-exec.inc |
14 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-shell.inc | ||
17 | include disable-xdg.inc | 21 | include disable-xdg.inc |
18 | 22 | ||
19 | mkdir ${HOME}/.xonotic | 23 | mkdir ${HOME}/.xonotic |
@@ -41,7 +45,7 @@ tracelog | |||
41 | 45 | ||
42 | disable-mnt | 46 | disable-mnt |
43 | private-cache | 47 | private-cache |
44 | private-bin basename,bash,blind-id,cut,darkplaces-glx,darkplaces-sdl,dirname,glxinfo,grep,head,ldd,netstat,ps,readlink,sed,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl,xonotic-sdl-wrapper,zenity | 48 | private-bin blind-id,darkplaces-glx,darkplaces-sdl,dirname,ldd,netstat,ps,readlink,sh,uname,xonotic* |
45 | private-dev | 49 | private-dev |
46 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 50 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
47 | private-tmp | 51 | private-tmp |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 667631c17..35954cfb8 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -74,6 +74,7 @@ autokey-run | |||
74 | autokey-shell | 74 | autokey-shell |
75 | avidemux3_qt5 | 75 | avidemux3_qt5 |
76 | aweather | 76 | aweather |
77 | ballbuster | ||
77 | baloo_file | 78 | baloo_file |
78 | baloo_filemetadata_temp_extractor | 79 | baloo_filemetadata_temp_extractor |
79 | balsa | 80 | balsa |
@@ -147,6 +148,7 @@ cmus | |||
147 | code | 148 | code |
148 | code-oss | 149 | code-oss |
149 | cola | 150 | cola |
151 | colorful | ||
150 | com.github.bleakgrey.tootle | 152 | com.github.bleakgrey.tootle |
151 | com.github.dahenson.agenda | 153 | com.github.dahenson.agenda |
152 | com.github.johnfactotum.Foliate | 154 | com.github.johnfactotum.Foliate |
@@ -294,6 +296,8 @@ git-cola | |||
294 | github-desktop | 296 | github-desktop |
295 | gitter | 297 | gitter |
296 | # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 | 298 | # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 |
299 | gl-117 | ||
300 | glaxium | ||
297 | globaltime | 301 | globaltime |
298 | gmpc | 302 | gmpc |
299 | gnome-2048 | 303 | gnome-2048 |
@@ -616,6 +620,7 @@ penguin-command | |||
616 | photoflare | 620 | photoflare |
617 | picard | 621 | picard |
618 | pidgin | 622 | pidgin |
623 | pinball | ||
619 | #ping - disabled until we fix #1912 | 624 | #ping - disabled until we fix #1912 |
620 | pingus | 625 | pingus |
621 | pinta | 626 | pinta |
@@ -674,7 +679,6 @@ runenpass.sh | |||
674 | sayonara | 679 | sayonara |
675 | scallion | 680 | scallion |
676 | scorched3d | 681 | scorched3d |
677 | scorched3d-wrapper | ||
678 | scorchwentbonkers | 682 | scorchwentbonkers |
679 | scribus | 683 | scribus |
680 | sdat2img | 684 | sdat2img |
@@ -868,7 +872,6 @@ xmr-stak | |||
868 | xonotic | 872 | xonotic |
869 | xonotic-glx | 873 | xonotic-glx |
870 | xonotic-sdl | 874 | xonotic-sdl |
871 | xonotic-sdl-wrapper | ||
872 | xournal | 875 | xournal |
873 | xournalpp | 876 | xournalpp |
874 | xpdf | 877 | xpdf |