several kids programs

author: netblue30 <netblue30@protonmail.com> 2024-04-29 12:50:46 -0400
committer: netblue30 <netblue30@protonmail.com> 2024-04-29 12:50:46 -0400
commit: 4c5f558995acb202a4ae3aee08022da854b6ebb2 (patch)
tree: c4a3e9f202bcf828ba5bcd437f478ca4f1e6270b /etc/profile-a-l
parent: whitelisting /var/games by default (diff)
download: firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.gz
firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.zst
firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.zip
4 files changed, 212 insertions, 0 deletions
diff --git a/etc/profile-a-l/alienblaster.profile b/etc/profile-a-l/alienblaster.profile
new file mode 100644
index 000000000..0e0478a49
--- /dev/null
+++ b/etc/profile-a-l/alienblaster.profile
@@ -0,0 +1,55 @@
+# Firejail profile for alienblaster
+# Persistent local customizations
+include alienblaster.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.alienblaster
+noblacklist ${HOME}/.alienblaster_highscore
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkfile ${HOME}/.alienblaster_highscore
+whitelist ${HOME}/.alienblaster_highscore
+mkdir ${HOME}/.alienblaster
+whitelist ${HOME}/.alienblaster
+include whitelist-common.inc
+include whitelist-run-common.inc
+whitelist ${RUNUSER}/pulse
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/alienblaster
+whitelist /usr/share/timidity
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+net none
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+disable-mnt
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
diff --git a/etc/profile-a-l/geki2.profile b/etc/profile-a-l/geki2.profile
new file mode 100644
index 000000000..32ff9c8af
--- /dev/null
+++ b/etc/profile-a-l/geki2.profile
@@ -0,0 +1,49 @@
+# Firejail profile for geki2
+# Persistent local customizations
+include geki2.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/geki2
+include whitelist-usr-share-common.inc
+writable-var    # game scores stored under /var/games
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+disable-mnt
+private
+private-bin geki2
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
diff --git a/etc/profile-a-l/geki3.profile b/etc/profile-a-l/geki3.profile
new file mode 100644
index 000000000..de2167724
--- /dev/null
+++ b/etc/profile-a-l/geki3.profile
@@ -0,0 +1,49 @@
+# Firejail profile for geki3
+# Persistent local customizations
+include geki3.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/geki3
+include whitelist-usr-share-common.inc
+writable-var    # game scores stored under /var/games
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+disable-mnt
+private
+private-bin geki3
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
diff --git a/etc/profile-a-l/lbreakouthd.profile b/etc/profile-a-l/lbreakouthd.profile
new file mode 100644
index 000000000..095a3839c
--- /dev/null
+++ b/etc/profile-a-l/lbreakouthd.profile
@@ -0,0 +1,59 @@
+# Firejail profile for lbreakouthd
+# Persistent local customizations
+include lbreakouthd.local
+# Persistent global definitions
+include globals.local
+# Note: this profile requires the current user to be a member of games group
+noblacklist ${HOME}/.lbreakouthd
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.lbreakouthd
+whitelist ${HOME}/.lbreakouthd
+include whitelist-common.inc
+whitelist /run/udev/control
+whitelist /run/host/container-manager
+include whitelist-run-common.inc
+whitelist ${RUNUSER}/pulse
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/lbreakouthd
+include whitelist-usr-share-common.inc
+writable-var    # game scores stored under /var/games
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+disable-mnt
+private-bin lbreakouthd
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
author	netblue30 <netblue30@protonmail.com>	2024-04-29 12:50:46 -0400
committer	netblue30 <netblue30@protonmail.com>	2024-04-29 12:50:46 -0400
commit	4c5f558995acb202a4ae3aee08022da854b6ebb2 (patch)
tree	c4a3e9f202bcf828ba5bcd437f478ca4f1e6270b /etc/profile-a-l
parent	whitelisting /var/games by default (diff)
download	firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.gz firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.zst firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.zip

diff --git a/etc/profile-a-l/alienblaster.profile b/etc/profile-a-l/alienblaster.profile new file mode 100644 index 000000000..0e0478a49 --- /dev/null +++ b/etc/profile-a-l/alienblaster.profile
@@ -0,0 +1,55 @@
	1	# Firejail profile for alienblaster
	2	# Persistent local customizations
	3	include alienblaster.local
	4	# Persistent global definitions
	5	include globals.local
	6
	7	noblacklist ${HOME}/.alienblaster
	8	noblacklist ${HOME}/.alienblaster_highscore
	9
	10	include disable-common.inc
	11	include disable-devel.inc
	12	include disable-exec.inc
	13	include disable-interpreters.inc
	14	include disable-programs.inc
	15	include disable-xdg.inc
	16
	17	mkfile ${HOME}/.alienblaster_highscore
	18	whitelist ${HOME}/.alienblaster_highscore
	19	mkdir ${HOME}/.alienblaster
	20	whitelist ${HOME}/.alienblaster
	21	include whitelist-common.inc
	22	include whitelist-run-common.inc
	23	whitelist ${RUNUSER}/pulse
	24	include whitelist-runuser-common.inc
	25	whitelist /usr/share/games/alienblaster
	26	whitelist /usr/share/timidity
	27	include whitelist-usr-share-common.inc
	28	include whitelist-var-common.inc
	29
	30	apparmor
	31	caps.drop all
	32	ipc-namespace
	33	netfilter
	34	net none
	35	nodvd
	36	noinput
	37	nonewprivs
	38	noroot
	39	notv
	40	nou2f
	41	novideo
	42	protocol unix
	43	seccomp
	44	tracelog
	45
	46	disable-mnt
	47	private-dev
	48	private-etc @x11,@sound,@games
	49	private-tmp
	50
	51	dbus-user none
	52	dbus-system none
	53
	54	memory-deny-write-execute
	55	restrict-namespaces


diff --git a/etc/profile-a-l/geki2.profile b/etc/profile-a-l/geki2.profile new file mode 100644 index 000000000..32ff9c8af --- /dev/null +++ b/etc/profile-a-l/geki2.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for geki2
	2	# Persistent local customizations
	3	include geki2.local
	4	# Persistent global definitions
	5	include globals.local
	6
	7	include disable-common.inc
	8	include disable-devel.inc
	9	include disable-exec.inc
	10	include disable-interpreters.inc
	11	include disable-programs.inc
	12	include disable-shell.inc
	13	include disable-xdg.inc
	14
	15	include whitelist-run-common.inc
	16	include whitelist-runuser-common.inc
	17	whitelist /usr/share/games/geki2
	18	include whitelist-usr-share-common.inc
	19	writable-var # game scores stored under /var/games
	20	include whitelist-var-common.inc
	21
	22	apparmor
	23	caps.drop all
	24	ipc-namespace
	25	net none
	26	netfilter
	27	nodvd
	28	noinput
	29	nonewprivs
	30	noroot
	31	notv
	32	nou2f
	33	novideo
	34	protocol unix
	35	seccomp
	36	tracelog
	37
	38	disable-mnt
	39	private
	40	private-bin geki2
	41	private-dev
	42	private-etc @x11,@sound,@games
	43	private-tmp
	44
	45	dbus-user none
	46	dbus-system none
	47
	48	memory-deny-write-execute
	49	restrict-namespaces


diff --git a/etc/profile-a-l/geki3.profile b/etc/profile-a-l/geki3.profile new file mode 100644 index 000000000..de2167724 --- /dev/null +++ b/etc/profile-a-l/geki3.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for geki3
	2	# Persistent local customizations
	3	include geki3.local
	4	# Persistent global definitions
	5	include globals.local
	6
	7	include disable-common.inc
	8	include disable-devel.inc
	9	include disable-exec.inc
	10	include disable-interpreters.inc
	11	include disable-programs.inc
	12	include disable-shell.inc
	13	include disable-xdg.inc
	14
	15	include whitelist-run-common.inc
	16	include whitelist-runuser-common.inc
	17	whitelist /usr/share/games/geki3
	18	include whitelist-usr-share-common.inc
	19	writable-var # game scores stored under /var/games
	20	include whitelist-var-common.inc
	21
	22	apparmor
	23	caps.drop all
	24	ipc-namespace
	25	net none
	26	netfilter
	27	nodvd
	28	noinput
	29	nonewprivs
	30	noroot
	31	notv
	32	nou2f
	33	novideo
	34	protocol unix
	35	seccomp
	36	tracelog
	37
	38	disable-mnt
	39	private
	40	private-bin geki3
	41	private-dev
	42	private-etc @x11,@sound,@games
	43	private-tmp
	44
	45	dbus-user none
	46	dbus-system none
	47
	48	memory-deny-write-execute
	49	restrict-namespaces


diff --git a/etc/profile-a-l/lbreakouthd.profile b/etc/profile-a-l/lbreakouthd.profile new file mode 100644 index 000000000..095a3839c --- /dev/null +++ b/etc/profile-a-l/lbreakouthd.profile
@@ -0,0 +1,59 @@
	1	# Firejail profile for lbreakouthd
	2	# Persistent local customizations
	3	include lbreakouthd.local
	4	# Persistent global definitions
	5	include globals.local
	6
	7	# Note: this profile requires the current user to be a member of games group
	8
	9	noblacklist ${HOME}/.lbreakouthd
	10
	11	include disable-common.inc
	12	include disable-devel.inc
	13	include disable-exec.inc
	14	include disable-interpreters.inc
	15	include disable-programs.inc
	16	include disable-shell.inc
	17	include disable-xdg.inc
	18
	19	mkdir ${HOME}/.lbreakouthd
	20	whitelist ${HOME}/.lbreakouthd
	21	include whitelist-common.inc
	22
	23	whitelist /run/udev/control
	24	whitelist /run/host/container-manager
	25	include whitelist-run-common.inc
	26	whitelist ${RUNUSER}/pulse
	27	include whitelist-runuser-common.inc
	28	whitelist /usr/share/games/lbreakouthd
	29	include whitelist-usr-share-common.inc
	30	writable-var # game scores stored under /var/games
	31	include whitelist-var-common.inc
	32
	33	apparmor
	34	caps.drop all
	35	ipc-namespace
	36	net none
	37	netfilter
	38	nodvd
	39	noinput
	40	nonewprivs
	41	noroot
	42	notv
	43	nou2f
	44	novideo
	45	protocol unix
	46	seccomp
	47	tracelog
	48
	49	disable-mnt
	50	private-bin lbreakouthd
	51	private-dev
	52	private-etc @x11,@sound,@games
	53	private-tmp
	54
	55	dbus-user none
	56	dbus-system none
	57
	58	memory-deny-write-execute
	59	restrict-namespaces