several kids programs

author: netblue30 <netblue30@protonmail.com> 2024-04-29 12:50:46 -0400
committer: netblue30 <netblue30@protonmail.com> 2024-04-29 12:50:46 -0400
commit: 4c5f558995acb202a4ae3aee08022da854b6ebb2 (patch)
tree: c4a3e9f202bcf828ba5bcd437f478ca4f1e6270b /etc/profile-m-z
parent: whitelisting /var/games by default (diff)
download: firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.gz
firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.zst
firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.zip
2 files changed, 104 insertions, 0 deletions
diff --git a/etc/profile-m-z/tuxtype.profile b/etc/profile-m-z/tuxtype.profile
new file mode 100644
index 000000000..51e514529
--- /dev/null
+++ b/etc/profile-m-z/tuxtype.profile
@@ -0,0 +1,56 @@
+# Firejail profile for tuxtype
+# Persistent local customizations
+include tuxtype.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.tuxtype
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.tuxtype
+whitelist ${HOME}/.tuxtype
+include whitelist-common.inc
+include whitelist-run-common.inc
+whitelist ${RUNUSER}/pulse
+include whitelist-runuser-common.inc
+whitelist /usr/share/tuxtype
+include whitelist-usr-share-common.inc
+writable-var    # game scores stored under /var/games
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+disable-mnt
+private-bin tuxtype
+private-dev
+private-etc @x11,@sound,@games,tuxtype
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
diff --git a/etc/profile-m-z/typespeed.profile b/etc/profile-m-z/typespeed.profile
new file mode 100644
index 000000000..08263ccb0
--- /dev/null
+++ b/etc/profile-m-z/typespeed.profile
@@ -0,0 +1,48 @@
+# Firejail profile for typespeed
+# Persistent local customizations
+include typespeed.local
+# Persistent global definitions
+include globals.local
+# Note: this profile requires the current user to be a member of games group
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/typespeed
+include whitelist-usr-share-common.inc
+writable-var    # game scores stored under /var/games
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+disable-mnt
+private
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
author	netblue30 <netblue30@protonmail.com>	2024-04-29 12:50:46 -0400
committer	netblue30 <netblue30@protonmail.com>	2024-04-29 12:50:46 -0400
commit	4c5f558995acb202a4ae3aee08022da854b6ebb2 (patch)
tree	c4a3e9f202bcf828ba5bcd437f478ca4f1e6270b /etc/profile-m-z
parent	whitelisting /var/games by default (diff)
download	firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.gz firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.tar.zst firejail-4c5f558995acb202a4ae3aee08022da854b6ebb2.zip

diff --git a/etc/profile-m-z/tuxtype.profile b/etc/profile-m-z/tuxtype.profile new file mode 100644 index 000000000..51e514529 --- /dev/null +++ b/etc/profile-m-z/tuxtype.profile
@@ -0,0 +1,56 @@
	1	# Firejail profile for tuxtype
	2	# Persistent local customizations
	3	include tuxtype.local
	4	# Persistent global definitions
	5	include globals.local
	6
	7	noblacklist ${HOME}/.tuxtype
	8
	9	include disable-common.inc
	10	include disable-devel.inc
	11	include disable-exec.inc
	12	include disable-interpreters.inc
	13	include disable-programs.inc
	14	include disable-shell.inc
	15	include disable-xdg.inc
	16
	17	mkdir ${HOME}/.tuxtype
	18	whitelist ${HOME}/.tuxtype
	19	include whitelist-common.inc
	20
	21
	22	include whitelist-run-common.inc
	23	whitelist ${RUNUSER}/pulse
	24	include whitelist-runuser-common.inc
	25	whitelist /usr/share/tuxtype
	26	include whitelist-usr-share-common.inc
	27	writable-var # game scores stored under /var/games
	28	include whitelist-var-common.inc
	29
	30	apparmor
	31	caps.drop all
	32	ipc-namespace
	33	net none
	34	netfilter
	35	nodvd
	36	noinput
	37	nonewprivs
	38	noroot
	39	notv
	40	nou2f
	41	novideo
	42	protocol unix
	43	seccomp
	44	tracelog
	45
	46	disable-mnt
	47	private-bin tuxtype
	48	private-dev
	49	private-etc @x11,@sound,@games,tuxtype
	50	private-tmp
	51
	52	dbus-user none
	53	dbus-system none
	54
	55	memory-deny-write-execute
	56	restrict-namespaces


diff --git a/etc/profile-m-z/typespeed.profile b/etc/profile-m-z/typespeed.profile new file mode 100644 index 000000000..08263ccb0 --- /dev/null +++ b/etc/profile-m-z/typespeed.profile
@@ -0,0 +1,48 @@
	1	# Firejail profile for typespeed
	2	# Persistent local customizations
	3	include typespeed.local
	4	# Persistent global definitions
	5	include globals.local
	6
	7	# Note: this profile requires the current user to be a member of games group
	8
	9	include disable-common.inc
	10	include disable-devel.inc
	11	include disable-exec.inc
	12	include disable-interpreters.inc
	13	include disable-programs.inc
	14	include disable-xdg.inc
	15
	16	include whitelist-run-common.inc
	17	include whitelist-runuser-common.inc
	18	whitelist /usr/share/typespeed
	19	include whitelist-usr-share-common.inc
	20	writable-var # game scores stored under /var/games
	21	include whitelist-var-common.inc
	22
	23	apparmor
	24	caps.drop all
	25	ipc-namespace
	26	netfilter
	27	nodvd
	28	noinput
	29	nonewprivs
	30	noroot
	31	notv
	32	nou2f
	33	novideo
	34	protocol unix,inet,inet6,netlink
	35	seccomp
	36	tracelog
	37
	38	disable-mnt
	39	private
	40	private-dev
	41	private-etc @x11,@sound,@games
	42	private-tmp
	43
	44	dbus-user none
	45	dbus-system none
	46
	47	memory-deny-write-execute
	48	restrict-namespaces