Five more game profiles

author: Tad <tad@spotco.us> 2019-03-28 14:32:02 -0400
committer: Tad <tad@spotco.us> 2019-03-28 14:32:02 -0400
commit: 8e5ad206ecd3b6def06ef9c36e0a02dd22f33625 (patch)
tree: d6c452d9ca914319ea931e766687dbc206738ad8 /etc/freecol.profile
parent: Add VCS support to meld (#2615) (diff)
download: firejail-8e5ad206ecd3b6def06ef9c36e0a02dd22f33625.tar.gz
firejail-8e5ad206ecd3b6def06ef9c36e0a02dd22f33625.tar.zst
firejail-8e5ad206ecd3b6def06ef9c36e0a02dd22f33625.zip
1 files changed, 60 insertions, 0 deletions
diff --git a/etc/freecol.profile b/etc/freecol.profile
new file mode 100644
index 000000000..7987cc076
--- /dev/null
+++ b/etc/freecol.profile
@@ -0,0 +1,60 @@
+# Firejail profile for freecol
+# Description: Turn-based multi-player strategy game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include freecol.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.freecol
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.cache/freecol
+noblacklist ${HOME}/.config/freecol
+noblacklist ${HOME}/.local/share/freecol
+# Allow access to java
+noblacklist ${PATH}/java
+noblacklist /usr/lib/java
+noblacklist /etc/java
+noblacklist /usr/share/java
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.java
+mkdir ${HOME}/.cache/freecol
+mkdir ${HOME}/.config/freecol
+mkdir ${HOME}/.local/share/freecol
+whitelist ${HOME}/.freecol
+whitelist ${HOME}/.java
+whitelist ${HOME}/.cache/freecol
+whitelist ${HOME}/.config/freecol
+whitelist ${HOME}/.local/share/freecol
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-tmp
author	Tad <tad@spotco.us>	2019-03-28 14:32:02 -0400
committer	Tad <tad@spotco.us>	2019-03-28 14:32:02 -0400
commit	8e5ad206ecd3b6def06ef9c36e0a02dd22f33625 (patch)
tree	d6c452d9ca914319ea931e766687dbc206738ad8 /etc/freecol.profile
parent	Add VCS support to meld (#2615) (diff)
download	firejail-8e5ad206ecd3b6def06ef9c36e0a02dd22f33625.tar.gz firejail-8e5ad206ecd3b6def06ef9c36e0a02dd22f33625.tar.zst firejail-8e5ad206ecd3b6def06ef9c36e0a02dd22f33625.zip

diff --git a/etc/freecol.profile b/etc/freecol.profile new file mode 100644 index 000000000..7987cc076 --- /dev/null +++ b/etc/freecol.profile
@@ -0,0 +1,60 @@
	1	# Firejail profile for freecol
	2	# Description: Turn-based multi-player strategy game
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include freecol.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.freecol
	10	noblacklist ${HOME}/.java
	11	noblacklist ${HOME}/.cache/freecol
	12	noblacklist ${HOME}/.config/freecol
	13	noblacklist ${HOME}/.local/share/freecol
	14
	15	# Allow access to java
	16	noblacklist ${PATH}/java
	17	noblacklist /usr/lib/java
	18	noblacklist /etc/java
	19	noblacklist /usr/share/java
	20
	21	include disable-common.inc
	22	include disable-devel.inc
	23	include disable-exec.inc
	24	include disable-interpreters.inc
	25	include disable-passwdmgr.inc
	26	include disable-programs.inc
	27	include disable-xdg.inc
	28
	29	mkdir ${HOME}/.java
	30	mkdir ${HOME}/.cache/freecol
	31	mkdir ${HOME}/.config/freecol
	32	mkdir ${HOME}/.local/share/freecol
	33	whitelist ${HOME}/.freecol
	34	whitelist ${HOME}/.java
	35	whitelist ${HOME}/.cache/freecol
	36	whitelist ${HOME}/.config/freecol
	37	whitelist ${HOME}/.local/share/freecol
	38	include whitelist-common.inc
	39	include whitelist-var-common.inc
	40
	41	caps.drop all
	42	ipc-namespace
	43	netfilter
	44	nodbus
	45	nodvd
	46	nogroups
	47	nonewprivs
	48	noroot
	49	notv
	50	nou2f
	51	novideo
	52	protocol unix,inet,inet6
	53	seccomp
	54	shell none
	55	tracelog
	56
	57	disable-mnt
	58	private-cache
	59	private-dev
	60	private-tmp