aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Tad <tad@spotco.us>2019-03-20 21:27:20 -0400
committerLibravatar Tad <tad@spotco.us>2019-03-20 21:27:20 -0400
commit60f96a4ba942308ad204a48ba974034fd152f247 (patch)
tree0d7a4a1b68e0dc34a67aff6633947d2769577851
parentFour more game profiles (diff)
downloadfirejail-60f96a4ba942308ad204a48ba974034fd152f247.tar.gz
firejail-60f96a4ba942308ad204a48ba974034fd152f247.tar.zst
firejail-60f96a4ba942308ad204a48ba974034fd152f247.zip
Another five more game profiles
Diffstat
-rw-r--r--README.md2
-rw-r--r--RELNOTES3
-rw-r--r--etc/disable-programs.inc7
-rw-r--r--etc/lugaru.profile49
-rw-r--r--etc/manaplus.profile48
-rw-r--r--etc/pioneer.profile44
-rw-r--r--etc/scorched3d.profile44
-rw-r--r--etc/widelands.profile44
-rw-r--r--src/firecfg/firecfg.config4
9 files changed, 243 insertions, 2 deletions
diff --git a/README.md b/README.md
index 4a858f843..a0050d65f 100644
--- a/README.md
+++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102## Current development version: 0.9.59 102## Current development version: 0.9.59
103 103
104## New profiles: 104## New profiles:
105crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow 105crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands
diff --git a/RELNOTES b/RELNOTES
index dd9513931..d9411d808 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -8,7 +8,8 @@ firejail (0.9.59) baseline; urgency=low
8 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings 8 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
9 * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag 9 * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
10 * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles 10 * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
11 * new profiles: teeworlds, torcs, tremulous, warsow 11 * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
12 * new profiles: pioneer, scorched3d, widelands
12 * memory-deny-write-execute now also blocks memfd_create 13 * memory-deny-write-execute now also blocks memfd_create
13 * drop support for flatpak/snap packages 14 * drop support for flatpak/snap packages
14 15
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 69ffb5d45..faf8def79 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -203,8 +203,10 @@ blacklist ${HOME}/.config/ktorrentrc
203blacklist ${HOME}/.config/leafpad 203blacklist ${HOME}/.config/leafpad
204blacklist ${HOME}/.config/libreoffice 204blacklist ${HOME}/.config/libreoffice
205blacklist ${HOME}/.config/liferea 205blacklist ${HOME}/.config/liferea
206blacklist ${HOME}/.config/lugaru
206blacklist ${HOME}/.config/lximage-qt 207blacklist ${HOME}/.config/lximage-qt
207blacklist ${HOME}/.config/mailtransports 208blacklist ${HOME}/.config/mailtransports
209blacklist ${HOME}/.config/mana
208blacklist ${HOME}/.config/mate-calc 210blacklist ${HOME}/.config/mate-calc
209blacklist ${HOME}/.config/mate/eom 211blacklist ${HOME}/.config/mate/eom
210blacklist ${HOME}/.config/mate/mate-dictionary 212blacklist ${HOME}/.config/mate/mate-dictionary
@@ -477,6 +479,8 @@ blacklist ${HOME}/.local/share/kwrite
477blacklist ${HOME}/.local/share/liferea 479blacklist ${HOME}/.local/share/liferea
478blacklist ${HOME}/.local/share/local-mail 480blacklist ${HOME}/.local/share/local-mail
479blacklist ${HOME}/.local/share/lollypop 481blacklist ${HOME}/.local/share/lollypop
482blacklist ${HOME}/.local/share/lugaru
483blacklist ${HOME}/.local/share/mana
480blacklist ${HOME}/.local/share/maps-places.json 484blacklist ${HOME}/.local/share/maps-places.json
481blacklist ${HOME}/.local/share/meld 485blacklist ${HOME}/.local/share/meld
482blacklist ${HOME}/.local/share/midori 486blacklist ${HOME}/.local/share/midori
@@ -547,6 +551,7 @@ blacklist ${HOME}/.opera
547blacklist ${HOME}/.opera-beta 551blacklist ${HOME}/.opera-beta
548blacklist ${HOME}/.ostrichriders 552blacklist ${HOME}/.ostrichriders
549blacklist ${HOME}/.pingus 553blacklist ${HOME}/.pingus
554blacklist ${HOME}/.pioneer
550blacklist ${HOME}/.purple 555blacklist ${HOME}/.purple
551blacklist ${HOME}/.qemu-launcher 556blacklist ${HOME}/.qemu-launcher
552blacklist ${HOME}/.qmmp 557blacklist ${HOME}/.qmmp
@@ -556,6 +561,7 @@ blacklist ${HOME}/.remmina
556blacklist ${HOME}/.repo_.gitconfig.json 561blacklist ${HOME}/.repo_.gitconfig.json
557blacklist ${HOME}/.repoconfig 562blacklist ${HOME}/.repoconfig
558blacklist ${HOME}/.retroshare 563blacklist ${HOME}/.retroshare
564blacklist ${HOME}/.scorched3d
559blacklist ${HOME}/.scribus 565blacklist ${HOME}/.scribus
560blacklist ${HOME}/.scribusrc 566blacklist ${HOME}/.scribusrc
561blacklist ${HOME}/.simutrans 567blacklist ${HOME}/.simutrans
@@ -592,6 +598,7 @@ blacklist ${HOME}/.waterfox
592blacklist ${HOME}/.weechat 598blacklist ${HOME}/.weechat
593blacklist ${HOME}/.wget-hsts 599blacklist ${HOME}/.wget-hsts
594blacklist ${HOME}/.wgetrc 600blacklist ${HOME}/.wgetrc
601blacklist ${HOME}/.widelands
595blacklist ${HOME}/.wine 602blacklist ${HOME}/.wine
596blacklist ${HOME}/.wireshark 603blacklist ${HOME}/.wireshark
597blacklist ${HOME}/.wine64 604blacklist ${HOME}/.wine64
diff --git a/etc/lugaru.profile b/etc/lugaru.profile
new file mode 100644
index 000000000..d81441572
--- /dev/null
+++ b/etc/lugaru.profile
@@ -0,0 +1,49 @@
1# Firejail profile for lugaru
2# Description: Ninja rabbit fighting game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include lugaru.local
6# Persistent global definitions
7include globals.local
8
9# note: crashes after entering
10
11noblacklist ${HOME}/.config/lugaru
12noblacklist ${HOME}/.local/share/lugaru
13
14include disable-common.inc
15include disable-devel.inc
16include disable-exec.inc
17include disable-interpreters.inc
18include disable-passwdmgr.inc
19include disable-programs.inc
20include disable-xdg.inc
21
22mkdir ${HOME}/.config/lugaru
23mkdir ${HOME}/.local/share/lugaru
24whitelist ${HOME}/.config/lugaru
25whitelist ${HOME}/.local/share/lugaru
26include whitelist-common.inc
27include whitelist-var-common.inc
28
29caps.drop all
30ipc-namespace
31net none
32nodbus
33nodvd
34nogroups
35nonewprivs
36noroot
37notv
38nou2f
39novideo
40protocol unix,netlink
41seccomp
42shell none
43tracelog
44
45disable-mnt
46private-bin lugaru
47private-cache
48private-dev
49private-tmp
diff --git a/etc/manaplus.profile b/etc/manaplus.profile
new file mode 100644
index 000000000..93d409bf8
--- /dev/null
+++ b/etc/manaplus.profile
@@ -0,0 +1,48 @@
1# Firejail profile for manaplus
2# Description: 2D MMORPG client for Evol Online and The Mana World
3# This file is overwritten after every install/update
4# Persistent local customizations
5include manaplus.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/mana
10noblacklist ${HOME}/.local/share/mana
11
12include disable-common.inc
13include disable-devel.inc
14include disable-exec.inc
15include disable-interpreters.inc
16include disable-passwdmgr.inc
17include disable-programs.inc
18include disable-xdg.inc
19
20mkdir ${HOME}/.config/mana
21mkdir ${HOME}/.config/mana/mana
22mkdir ${HOME}/.local/share/mana
23whitelist ${HOME}/.config/mana
24whitelist ${HOME}/.local/share/mana
25include whitelist-common.inc
26include whitelist-var-common.inc
27
28caps.drop all
29ipc-namespace
30netfilter
31nodbus
32nodvd
33nogroups
34nonewprivs
35noroot
36notv
37nou2f
38novideo
39protocol unix,inet,inet6
40seccomp
41shell none
42tracelog
43
44disable-mnt
45private-bin manaplus
46private-cache
47private-dev
48private-tmp
diff --git a/etc/pioneer.profile b/etc/pioneer.profile
new file mode 100644
index 000000000..a240aa5fc
--- /dev/null
+++ b/etc/pioneer.profile
@@ -0,0 +1,44 @@
1# Firejail profile for pioneer
2# Description: A game of lonely space adventure
3# This file is overwritten after every install/update
4# Persistent local customizations
5include pioneer.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.pioneer
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.pioneer
20whitelist ${HOME}/.pioneer
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26net none
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix,netlink
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin pioneer,modelcompiler,savegamedump
42private-cache
43private-dev
44private-tmp
diff --git a/etc/scorched3d.profile b/etc/scorched3d.profile
new file mode 100644
index 000000000..e94d436cf
--- /dev/null
+++ b/etc/scorched3d.profile
@@ -0,0 +1,44 @@
1# Firejail profile for scorched3d
2# Description: Game based loosely on the classic DOS game Scorched Earth
3# This file is overwritten after every install/update
4# Persistent local customizations
5include scorched3d.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.scorched3d
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.scorched3d
20whitelist ${HOME}/.scorched3d
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26netfilter
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix,inet,inet6
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin scorched3d,scorched3d-wrapper,scorched3dc,scorched3ds
42private-cache
43private-dev
44private-tmp
diff --git a/etc/widelands.profile b/etc/widelands.profile
new file mode 100644
index 000000000..c6b5f27da
--- /dev/null
+++ b/etc/widelands.profile
@@ -0,0 +1,44 @@
1# Firejail profile for widelands
2# Description: Open source realtime-strategy game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include widelands.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.widelands
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.widelands
20whitelist ${HOME}/.widelands
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26netfilter
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix,inet,inet6,netlink
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin widelands
42private-cache
43private-dev
44private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index a2edd7c3a..4a1bcb4e1 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -321,6 +321,7 @@ lximage-qt
321lxmusic 321lxmusic
322lynx 322lynx
323macrofusion 323macrofusion
324manaplus
324masterpdfeditor 325masterpdfeditor
325masterpdfeditor4 326masterpdfeditor4
326masterpdfeditor5 327masterpdfeditor5
@@ -403,6 +404,7 @@ pidgin
403#ping - disabled until we fix #1912 404#ping - disabled until we fix #1912
404pingus 405pingus
405pinta 406pinta
407pioneer
406pithos 408pithos
407pitivi 409pitivi
408pix 410pix
@@ -441,6 +443,7 @@ rtorrent
441runenpass.sh 443runenpass.sh
442sayonara 444sayonara
443scallion 445scallion
446scorched3d
444scribus 447scribus
445sdat2img 448sdat2img
446seahorse 449seahorse
@@ -569,6 +572,7 @@ weechat-curses
569wesnoth 572wesnoth
570wget 573wget
571whois 574whois
575widelands
572wine 576wine
573wire-desktop 577wire-desktop
574wireshark 578wireshark
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-27 15:26:17 +0000