diff options
author | netblue30 <netblue30@yahoo.com> | 2017-07-29 07:52:17 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-07-29 07:52:17 -0400 |
commit | 348b875f3025988a336e365a3127f6d6b25bec18 (patch) | |
tree | 112a1247f397348633a4a95b247d030df0255446 /etc | |
parent | arp rework (diff) | |
download | firejail-348b875f3025988a336e365a3127f6d6b25bec18.tar.gz firejail-348b875f3025988a336e365a3127f6d6b25bec18.tar.zst firejail-348b875f3025988a336e365a3127f6d6b25bec18.zip |
new profiles
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 8 | ||||
-rw-r--r-- | etc/etr.profile | 41 | ||||
-rw-r--r-- | etc/frozen-bubble.profile | 38 | ||||
-rw-r--r-- | etc/open-invaders.profile | 41 | ||||
-rw-r--r-- | etc/pingus.profile | 41 | ||||
-rw-r--r-- | etc/simutrans.profile | 41 | ||||
-rw-r--r-- | etc/supertux2.profile | 41 | ||||
-rw-r--r-- | etc/unknown-horizons.profile | 40 |
8 files changed, 291 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0a4d4c4cb..95d9b04a0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -186,9 +186,12 @@ blacklist ${HOME}/.elinks | |||
186 | blacklist ${HOME}/.emacs | 186 | blacklist ${HOME}/.emacs |
187 | blacklist ${HOME}/.emacs.d | 187 | blacklist ${HOME}/.emacs.d |
188 | blacklist ${HOME}/.filezilla | 188 | blacklist ${HOME}/.filezilla |
189 | blacklist ${HOME}/.emacs | ||
190 | blacklist ${HOME}/.etr | ||
189 | blacklist ${HOME}/.flowblade | 191 | blacklist ${HOME}/.flowblade |
190 | blacklist ${HOME}/.fltk | 192 | blacklist ${HOME}/.fltk |
191 | blacklist ${HOME}/.FontForge | 193 | blacklist ${HOME}/.FontForge |
194 | blacklist ${HOME}/.frozen-bubble | ||
192 | blacklist ${HOME}/.gimp* | 195 | blacklist ${HOME}/.gimp* |
193 | blacklist ${HOME}/.git-credential-cache | 196 | blacklist ${HOME}/.git-credential-cache |
194 | blacklist ${HOME}/.gitconfig | 197 | blacklist ${HOME}/.gitconfig |
@@ -301,6 +304,7 @@ blacklist ${HOME}/.local/share/qpdfview | |||
301 | blacklist ${HOME}/.local/share/scribus | 304 | blacklist ${HOME}/.local/share/scribus |
302 | blacklist ${HOME}/.local/share/spotify | 305 | blacklist ${HOME}/.local/share/spotify |
303 | blacklist ${HOME}/.local/share/steam | 306 | blacklist ${HOME}/.local/share/steam |
307 | blacklist ${HOME}/.local/share/supertux2 | ||
304 | blacklist ${HOME}/.local/share/telepathy | 308 | blacklist ${HOME}/.local/share/telepathy |
305 | blacklist ${HOME}/.local/share/torbrowser | 309 | blacklist ${HOME}/.local/share/torbrowser |
306 | blacklist ${HOME}/.local/share/totem | 310 | blacklist ${HOME}/.local/share/totem |
@@ -325,16 +329,19 @@ blacklist ${HOME}/.mutt/muttrc | |||
325 | blacklist ${HOME}/.muttrc | 329 | blacklist ${HOME}/.muttrc |
326 | blacklist ${HOME}/.nv | 330 | blacklist ${HOME}/.nv |
327 | blacklist ${HOME}/.nylas-mail | 331 | blacklist ${HOME}/.nylas-mail |
332 | blacklist ${HOME}/.openinvaders | ||
328 | blacklist ${HOME}/.openshot | 333 | blacklist ${HOME}/.openshot |
329 | blacklist ${HOME}/.openshot_qt | 334 | blacklist ${HOME}/.openshot_qt |
330 | blacklist ${HOME}/.opera | 335 | blacklist ${HOME}/.opera |
331 | blacklist ${HOME}/.opera-beta | 336 | blacklist ${HOME}/.opera-beta |
337 | blacklist ${HOME}/.pingus | ||
332 | blacklist ${HOME}/.purple | 338 | blacklist ${HOME}/.purple |
333 | blacklist ${HOME}/.qemu-launcher | 339 | blacklist ${HOME}/.qemu-launcher |
334 | blacklist ${HOME}/.remmina | 340 | blacklist ${HOME}/.remmina |
335 | blacklist ${HOME}/.retroshare | 341 | blacklist ${HOME}/.retroshare |
336 | blacklist ${HOME}/.scribus | 342 | blacklist ${HOME}/.scribus |
337 | blacklist ${HOME}/.scribusrc | 343 | blacklist ${HOME}/.scribusrc |
344 | blacklist ${HOME}/.simutrans | ||
338 | blacklist ${HOME}/.steam | 345 | blacklist ${HOME}/.steam |
339 | blacklist ${HOME}/.steampath | 346 | blacklist ${HOME}/.steampath |
340 | blacklist ${HOME}/.steampid | 347 | blacklist ${HOME}/.steampid |
@@ -347,6 +354,7 @@ blacklist ${HOME}/.tconn | |||
347 | blacklist ${HOME}/.thunderbird | 354 | blacklist ${HOME}/.thunderbird |
348 | blacklist ${HOME}/.tooling | 355 | blacklist ${HOME}/.tooling |
349 | blacklist ${HOME}/.ts3client | 356 | blacklist ${HOME}/.ts3client |
357 | blacklist ${HOME}/.unknow-horizons | ||
350 | blacklist ${HOME}/.viking | 358 | blacklist ${HOME}/.viking |
351 | blacklist ${HOME}/.viking-maps | 359 | blacklist ${HOME}/.viking-maps |
352 | blacklist ${HOME}/.vst | 360 | blacklist ${HOME}/.vst |
diff --git a/etc/etr.profile b/etc/etr.profile new file mode 100644 index 000000000..d7b747995 --- /dev/null +++ b/etc/etr.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/etr.local | ||
7 | |||
8 | ################################ | ||
9 | # Extreme Tux Racer profile | ||
10 | ################################ | ||
11 | |||
12 | noblacklist ~/.etr | ||
13 | mkdir ~/.etr | ||
14 | whitelist ~/.etr | ||
15 | include /etc/firejail/whitelist-common.inc | ||
16 | |||
17 | include /etc/firejail/disable-common.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | include /etc/firejail/disable-passwdmgr.inc | ||
20 | |||
21 | caps.drop all | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | protocol unix,netlink | ||
25 | seccomp | ||
26 | |||
27 | # | ||
28 | # depending on your usage, you can enable some of the commands below: | ||
29 | # | ||
30 | net none | ||
31 | nogroups | ||
32 | shell none | ||
33 | #private-bin etr | ||
34 | # private-etc none | ||
35 | private-dev | ||
36 | private-tmp | ||
37 | # nosound | ||
38 | |||
39 | |||
40 | |||
41 | |||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile new file mode 100644 index 000000000..52f8e5b3e --- /dev/null +++ b/etc/frozen-bubble.profile | |||
@@ -0,0 +1,38 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/frozen-bubble.local | ||
7 | |||
8 | ################################ | ||
9 | # Frozen Bubble profile | ||
10 | ################################ | ||
11 | |||
12 | noblacklist ~/.frozen-bubble | ||
13 | mkdir ~/.frozen-bubble | ||
14 | whitelist ~/.frozen-bubble | ||
15 | include /etc/firejail/whitelist-common.inc | ||
16 | |||
17 | include /etc/firejail/disable-common.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | include /etc/firejail/disable-passwdmgr.inc | ||
20 | |||
21 | caps.drop all | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | protocol unix,netlink | ||
25 | seccomp | ||
26 | |||
27 | # | ||
28 | # depending on your usage, you can enable some of the commands below: | ||
29 | # | ||
30 | net none | ||
31 | nogroups | ||
32 | shell none | ||
33 | #private-bin frozen-bubble | ||
34 | # private-etc none | ||
35 | private-dev | ||
36 | private-tmp | ||
37 | # nosound | ||
38 | |||
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile new file mode 100644 index 000000000..f95b0f5a2 --- /dev/null +++ b/etc/open-invaders.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/open-invaders.local | ||
7 | |||
8 | ################################ | ||
9 | # open-invaders profile | ||
10 | ################################ | ||
11 | |||
12 | noblacklist ~/.openinvaders | ||
13 | mkdir ~/.openinvaders | ||
14 | whitelist ~/.openinvaders | ||
15 | include /etc/firejail/whitelist-common.inc | ||
16 | |||
17 | include /etc/firejail/disable-common.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | include /etc/firejail/disable-passwdmgr.inc | ||
20 | |||
21 | caps.drop all | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | protocol unix,netlink | ||
25 | seccomp | ||
26 | |||
27 | # | ||
28 | # depending on your usage, you can enable some of the commands below: | ||
29 | # | ||
30 | net none | ||
31 | nogroups | ||
32 | shell none | ||
33 | #private-bin open-invaders | ||
34 | # private-etc none | ||
35 | private-dev | ||
36 | private-tmp | ||
37 | # nosound | ||
38 | |||
39 | |||
40 | |||
41 | |||
diff --git a/etc/pingus.profile b/etc/pingus.profile new file mode 100644 index 000000000..b3b479046 --- /dev/null +++ b/etc/pingus.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/pingus.local | ||
7 | |||
8 | ################################ | ||
9 | # Pinugs profile | ||
10 | ################################ | ||
11 | |||
12 | noblacklist ~/.pingus | ||
13 | mkdir ~/.pingus | ||
14 | whitelist ~/.pingus | ||
15 | include /etc/firejail/whitelist-common.inc | ||
16 | |||
17 | include /etc/firejail/disable-common.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | include /etc/firejail/disable-passwdmgr.inc | ||
20 | |||
21 | caps.drop all | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | protocol unix,netlink | ||
25 | seccomp | ||
26 | |||
27 | # | ||
28 | # depending on your usage, you can enable some of the commands below: | ||
29 | # | ||
30 | net none | ||
31 | nogroups | ||
32 | shell none | ||
33 | #private-bin pingus | ||
34 | # private-etc none | ||
35 | private-dev | ||
36 | private-tmp | ||
37 | # nosound | ||
38 | |||
39 | |||
40 | |||
41 | |||
diff --git a/etc/simutrans.profile b/etc/simutrans.profile new file mode 100644 index 000000000..b1df0ba28 --- /dev/null +++ b/etc/simutrans.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/simutrans.local | ||
7 | |||
8 | ################################ | ||
9 | # simutrans profile | ||
10 | ################################ | ||
11 | |||
12 | noblacklist ~/.simutrans | ||
13 | mkdir ~/.simutrans | ||
14 | whitelist ~/.simutrans | ||
15 | include /etc/firejail/whitelist-common.inc | ||
16 | |||
17 | include /etc/firejail/disable-common.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | include /etc/firejail/disable-passwdmgr.inc | ||
20 | |||
21 | caps.drop all | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | protocol unix | ||
25 | seccomp | ||
26 | |||
27 | # | ||
28 | # depending on your usage, you can enable some of the commands below: | ||
29 | # | ||
30 | net none | ||
31 | nogroups | ||
32 | shell none | ||
33 | #private-bin simutrans | ||
34 | # private-etc none | ||
35 | private-dev | ||
36 | private-tmp | ||
37 | # nosound | ||
38 | |||
39 | |||
40 | |||
41 | |||
diff --git a/etc/supertux2.profile b/etc/supertux2.profile new file mode 100644 index 000000000..276e91b05 --- /dev/null +++ b/etc/supertux2.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/supertux2.local | ||
7 | |||
8 | ################################ | ||
9 | # SuperTux profile | ||
10 | ################################ | ||
11 | |||
12 | noblacklist ~/.local/share/supertux2 | ||
13 | mkdir ~/.local/share/supertux2 | ||
14 | whitelist ~/.local/share/supertux2 | ||
15 | include /etc/firejail/whitelist-common.inc | ||
16 | |||
17 | include /etc/firejail/disable-common.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | include /etc/firejail/disable-passwdmgr.inc | ||
20 | |||
21 | caps.drop all | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | protocol unix,netlink | ||
25 | seccomp | ||
26 | |||
27 | # | ||
28 | # depending on your usage, you can enable some of the commands below: | ||
29 | # | ||
30 | net none | ||
31 | nogroups | ||
32 | shell none | ||
33 | #private-bin supertux2 | ||
34 | # private-etc none | ||
35 | private-dev | ||
36 | private-tmp | ||
37 | # nosound | ||
38 | |||
39 | |||
40 | |||
41 | |||
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile new file mode 100644 index 000000000..c4e535070 --- /dev/null +++ b/etc/unknown-horizons.profile | |||
@@ -0,0 +1,40 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/unknown-horizons.local | ||
7 | |||
8 | ################################ | ||
9 | # Extreme Tux Racer profile | ||
10 | ################################ | ||
11 | |||
12 | noblacklist ~/.unknown-horizons | ||
13 | mkdir ~/.unknown-horizons | ||
14 | whitelist ~/.unknown-horizons | ||
15 | include /etc/firejail/whitelist-common.inc | ||
16 | |||
17 | include /etc/firejail/disable-common.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | include /etc/firejail/disable-passwdmgr.inc | ||
20 | |||
21 | caps.drop all | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | protocol unix,netlink,inet,inet6 | ||
25 | seccomp | ||
26 | |||
27 | # | ||
28 | # depending on your usage, you can enable some of the commands below: | ||
29 | # | ||
30 | nogroups | ||
31 | shell none | ||
32 | #private-bin unknown-horizons | ||
33 | # private-etc none | ||
34 | private-dev | ||
35 | private-tmp | ||
36 | # nosound | ||
37 | |||
38 | |||
39 | |||
40 | |||