diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-03-29 16:45:46 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-03-29 16:47:21 +0200 |
commit | 54d817c8a093b031d54b8ad92bd643e54802629d (patch) | |
tree | d645dd0ccc970802154a5038c96ff13be45d386b /etc | |
parent | Merge pull request #3296 from 0x7969/master (diff) | |
download | firejail-54d817c8a093b031d54b8ad92bd643e54802629d.tar.gz firejail-54d817c8a093b031d54b8ad92bd643e54802629d.tar.zst firejail-54d817c8a093b031d54b8ad92bd643e54802629d.zip |
abiword and more gnome-games
- four-in-a-row
- gnome-mahjongg
- gnome-robots
- gnome-sudoku
- gnome-taquin
- gnome-tetravex
harden gnome-chess
Diffstat (limited to 'etc')
-rw-r--r-- | etc/abiword.profile | 46 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/four-in-a-row.profile | 17 | ||||
-rw-r--r-- | etc/gnome-chess.profile | 4 | ||||
-rw-r--r-- | etc/gnome-mahjongg.profile | 14 | ||||
-rw-r--r-- | etc/gnome-robots.profile | 17 | ||||
-rw-r--r-- | etc/gnome-sudoku.profile | 17 | ||||
-rw-r--r-- | etc/gnome-taquin.profile | 17 | ||||
-rw-r--r-- | etc/gnome-tetravex.profile | 12 |
9 files changed, 146 insertions, 0 deletions
diff --git a/etc/abiword.profile b/etc/abiword.profile new file mode 100644 index 000000000..748cda195 --- /dev/null +++ b/etc/abiword.profile | |||
@@ -0,0 +1,46 @@ | |||
1 | # Firejail profile for abiword | ||
2 | # Description: flexible cross-platform word processor | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include abiword.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/abiword | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | |||
18 | whitelist /usr/share/abiword-3.0 | ||
19 | include whitelist-usr-share-common.inc | ||
20 | include whitelist-runuser-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | machine-id | ||
26 | net none | ||
27 | no3d | ||
28 | #nodbus | ||
29 | nodvd | ||
30 | nogroups | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | private-bin abiword | ||
43 | private-cache | ||
44 | private-dev | ||
45 | private-etc fonts,gtk-3.0,passwd | ||
46 | private-tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 15a62d4e2..5bb2f851a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -119,6 +119,7 @@ blacklist ${HOME}/.config/Thunar | |||
119 | blacklist ${HOME}/.config/VirtualBox | 119 | blacklist ${HOME}/.config/VirtualBox |
120 | blacklist ${HOME}/.config/Wire | 120 | blacklist ${HOME}/.config/Wire |
121 | blacklist ${HOME}/.config/Zeal | 121 | blacklist ${HOME}/.config/Zeal |
122 | blacklist ${HOME}/.config/abiword | ||
122 | blacklist ${HOME}/.config/agenda | 123 | blacklist ${HOME}/.config/agenda |
123 | blacklist ${HOME}/.config/akonadi* | 124 | blacklist ${HOME}/.config/akonadi* |
124 | blacklist ${HOME}/.config/akregatorrc | 125 | blacklist ${HOME}/.config/akregatorrc |
@@ -548,6 +549,7 @@ blacklist ${HOME}/.local/share/gnome-photos | |||
548 | blacklist ${HOME}/.local/share/gnome-pomodoro | 549 | blacklist ${HOME}/.local/share/gnome-pomodoro |
549 | blacklist ${HOME}/.local/share/gnome-recipes | 550 | blacklist ${HOME}/.local/share/gnome-recipes |
550 | blacklist ${HOME}/.local/share/gnome-ring | 551 | blacklist ${HOME}/.local/share/gnome-ring |
552 | blacklist ${HOME}/.local/share/gnome-sudoku | ||
551 | blacklist ${HOME}/.local/share/gnome-twitch | 553 | blacklist ${HOME}/.local/share/gnome-twitch |
552 | blacklist ${HOME}/.local/share/godot | 554 | blacklist ${HOME}/.local/share/godot |
553 | blacklist ${HOME}/.local/share/gradio | 555 | blacklist ${HOME}/.local/share/gradio |
diff --git a/etc/four-in-a-row.profile b/etc/four-in-a-row.profile new file mode 100644 index 000000000..b468c3435 --- /dev/null +++ b/etc/four-in-a-row.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for four-in-a-row | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include four-in-a-row.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore machine-id | ||
10 | ignore nosound | ||
11 | |||
12 | whitelist /usr/share/four-in-a-row | ||
13 | |||
14 | private-bin four-in-a-row | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index e657293ac..a80e1ca6d 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -16,6 +16,10 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/gnuchess | ||
20 | whitelist /usr/share/gnome-chess | ||
21 | include whitelist-runuser-common.inc | ||
22 | include whitelist-usr-share-common.inc | ||
19 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
20 | 24 | ||
21 | apparmor | 25 | apparmor |
diff --git a/etc/gnome-mahjongg.profile b/etc/gnome-mahjongg.profile new file mode 100644 index 000000000..653c5f949 --- /dev/null +++ b/etc/gnome-mahjongg.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # Firejail profile for gnome-mahjongg | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-mahjongg.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | whitelist /usr/share/gnome-mahjongg | ||
10 | |||
11 | private-bin gnome-mahjongg | ||
12 | |||
13 | # Redirect | ||
14 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-robots.profile b/etc/gnome-robots.profile new file mode 100644 index 000000000..888324a5c --- /dev/null +++ b/etc/gnome-robots.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for gnome-robots | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-robots.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore machine-id | ||
10 | ignore nosound | ||
11 | |||
12 | whitelist /usr/share/gnome-robots | ||
13 | |||
14 | private-bin gnome-robots | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-sudoku.profile b/etc/gnome-sudoku.profile new file mode 100644 index 000000000..b41bccd1e --- /dev/null +++ b/etc/gnome-sudoku.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for gnome-sudoku | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-sudoku.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.local/share/gnome-sudoku | ||
10 | |||
11 | mkdir ${HOME}/.local/share/gnome-sudoku | ||
12 | whitelist ${HOME}/.local/share/gnome-sudoku | ||
13 | |||
14 | private-bin gnome-sudoku | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-taquin.profile b/etc/gnome-taquin.profile new file mode 100644 index 000000000..efd64d455 --- /dev/null +++ b/etc/gnome-taquin.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Firejail profile for gnome-taquin | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-taquin.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | ignore machine-id | ||
10 | ignore nosound | ||
11 | |||
12 | whitelist /usr/share/gnome-taquin | ||
13 | |||
14 | private-bin gnome-taquin | ||
15 | |||
16 | # Redirect | ||
17 | include gnome_games-common.profile | ||
diff --git a/etc/gnome-tetravex.profile b/etc/gnome-tetravex.profile new file mode 100644 index 000000000..e9622539c --- /dev/null +++ b/etc/gnome-tetravex.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail profile for gnome-tetravex | ||
2 | # Description: Sliding tile puzzle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-tetravex.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | private-bin gnome-tetravex | ||
10 | |||
11 | # Redirect | ||
12 | include gnome_games-common.profile | ||