new profiles

author: netblue30 <netblue30@yahoo.com> 2017-07-29 07:52:17 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-07-29 07:52:17 -0400
commit: 348b875f3025988a336e365a3127f6d6b25bec18 (patch)
tree: 112a1247f397348633a4a95b247d030df0255446 /etc
parent: arp rework (diff)
download: firejail-348b875f3025988a336e365a3127f6d6b25bec18.tar.gz
firejail-348b875f3025988a336e365a3127f6d6b25bec18.tar.zst
firejail-348b875f3025988a336e365a3127f6d6b25bec18.zip
8 files changed, 291 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0a4d4c4cb..95d9b04a0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -186,9 +186,12 @@ blacklist ${HOME}/.elinks
 blacklist ${HOME}/.emacs
 blacklist ${HOME}/.emacs.d
 blacklist ${HOME}/.filezilla
+blacklist ${HOME}/.emacs
+blacklist ${HOME}/.etr
 blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.fltk
 blacklist ${HOME}/.FontForge
+blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.git-credential-cache
 blacklist ${HOME}/.gitconfig
@@ -301,6 +304,7 @@ blacklist ${HOME}/.local/share/qpdfview
 blacklist ${HOME}/.local/share/scribus
 blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
+blacklist ${HOME}/.local/share/supertux2
 blacklist ${HOME}/.local/share/telepathy
 blacklist ${HOME}/.local/share/torbrowser
 blacklist ${HOME}/.local/share/totem
@@ -325,16 +329,19 @@ blacklist ${HOME}/.mutt/muttrc
 blacklist ${HOME}/.muttrc
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.openinvaders
 blacklist ${HOME}/.openshot
 blacklist ${HOME}/.openshot_qt
 blacklist ${HOME}/.opera
 blacklist ${HOME}/.opera-beta
+blacklist ${HOME}/.pingus
 blacklist ${HOME}/.purple
 blacklist ${HOME}/.qemu-launcher
 blacklist ${HOME}/.remmina
 blacklist ${HOME}/.retroshare
 blacklist ${HOME}/.scribus
 blacklist ${HOME}/.scribusrc
+blacklist ${HOME}/.simutrans
 blacklist ${HOME}/.steam
 blacklist ${HOME}/.steampath
 blacklist ${HOME}/.steampid
@@ -347,6 +354,7 @@ blacklist ${HOME}/.tconn
 blacklist ${HOME}/.thunderbird
 blacklist ${HOME}/.tooling
 blacklist ${HOME}/.ts3client
+blacklist ${HOME}/.unknow-horizons
 blacklist ${HOME}/.viking
 blacklist ${HOME}/.viking-maps
 blacklist ${HOME}/.vst
diff --git a/etc/etr.profile b/etc/etr.profile
new file mode 100644
index 000000000..d7b747995
--- /dev/null
+++ b/etc/etr.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/etr.local
+################################
+# Extreme Tux Racer profile
+################################
+noblacklist ~/.etr
+mkdir ~/.etr
+whitelist ~/.etr
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin etr
+# private-etc none
+private-dev
+private-tmp
+# nosound
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
new file mode 100644
index 000000000..52f8e5b3e
--- /dev/null
+++ b/etc/frozen-bubble.profile
@@ -0,0 +1,38 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/frozen-bubble.local
+################################
+# Frozen Bubble profile
+################################
+noblacklist ~/.frozen-bubble
+mkdir ~/.frozen-bubble
+whitelist ~/.frozen-bubble
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin frozen-bubble
+# private-etc none
+private-dev
+private-tmp
+# nosound
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
new file mode 100644
index 000000000..f95b0f5a2
--- /dev/null
+++ b/etc/open-invaders.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/open-invaders.local
+################################
+# open-invaders profile
+################################
+noblacklist ~/.openinvaders
+mkdir ~/.openinvaders
+whitelist ~/.openinvaders
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin open-invaders
+# private-etc none
+private-dev
+private-tmp
+# nosound
diff --git a/etc/pingus.profile b/etc/pingus.profile
new file mode 100644
index 000000000..b3b479046
--- /dev/null
+++ b/etc/pingus.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/pingus.local
+################################
+# Pinugs profile
+################################
+noblacklist ~/.pingus
+mkdir ~/.pingus
+whitelist ~/.pingus
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin pingus
+# private-etc none
+private-dev
+private-tmp
+# nosound
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
new file mode 100644
index 000000000..b1df0ba28
--- /dev/null
+++ b/etc/simutrans.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/simutrans.local
+################################
+# simutrans profile
+################################
+noblacklist ~/.simutrans
+mkdir ~/.simutrans
+whitelist ~/.simutrans
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nonewprivs
+noroot
+protocol unix
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin simutrans
+# private-etc none
+private-dev
+private-tmp
+# nosound
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
new file mode 100644
index 000000000..276e91b05
--- /dev/null
+++ b/etc/supertux2.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/supertux2.local
+################################
+# SuperTux profile
+################################
+noblacklist ~/.local/share/supertux2
+mkdir ~/.local/share/supertux2
+whitelist ~/.local/share/supertux2
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin supertux2
+# private-etc none
+private-dev
+private-tmp
+# nosound
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
new file mode 100644
index 000000000..c4e535070
--- /dev/null
+++ b/etc/unknown-horizons.profile
@@ -0,0 +1,40 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/unknown-horizons.local
+################################
+# Extreme Tux Racer profile
+################################
+noblacklist ~/.unknown-horizons
+mkdir ~/.unknown-horizons
+whitelist ~/.unknown-horizons
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink,inet,inet6
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+nogroups
+shell none
+#private-bin unknown-horizons
+# private-etc none
+private-dev
+private-tmp
+# nosound
author	netblue30 <netblue30@yahoo.com>	2017-07-29 07:52:17 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-07-29 07:52:17 -0400
commit	348b875f3025988a336e365a3127f6d6b25bec18 (patch)
tree	112a1247f397348633a4a95b247d030df0255446 /etc
parent	arp rework (diff)
download	firejail-348b875f3025988a336e365a3127f6d6b25bec18.tar.gz firejail-348b875f3025988a336e365a3127f6d6b25bec18.tar.zst firejail-348b875f3025988a336e365a3127f6d6b25bec18.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0a4d4c4cb..95d9b04a0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -186,9 +186,12 @@ blacklist ${HOME}/.elinks
186	blacklist ${HOME}/.emacs	186	blacklist ${HOME}/.emacs
187	blacklist ${HOME}/.emacs.d	187	blacklist ${HOME}/.emacs.d
188	blacklist ${HOME}/.filezilla	188	blacklist ${HOME}/.filezilla
		189	blacklist ${HOME}/.emacs
		190	blacklist ${HOME}/.etr
189	blacklist ${HOME}/.flowblade	191	blacklist ${HOME}/.flowblade
190	blacklist ${HOME}/.fltk	192	blacklist ${HOME}/.fltk
191	blacklist ${HOME}/.FontForge	193	blacklist ${HOME}/.FontForge
		194	blacklist ${HOME}/.frozen-bubble
192	blacklist ${HOME}/.gimp*	195	blacklist ${HOME}/.gimp*
193	blacklist ${HOME}/.git-credential-cache	196	blacklist ${HOME}/.git-credential-cache
194	blacklist ${HOME}/.gitconfig	197	blacklist ${HOME}/.gitconfig
@@ -301,6 +304,7 @@ blacklist ${HOME}/.local/share/qpdfview
301	blacklist ${HOME}/.local/share/scribus	304	blacklist ${HOME}/.local/share/scribus
302	blacklist ${HOME}/.local/share/spotify	305	blacklist ${HOME}/.local/share/spotify
303	blacklist ${HOME}/.local/share/steam	306	blacklist ${HOME}/.local/share/steam
		307	blacklist ${HOME}/.local/share/supertux2
304	blacklist ${HOME}/.local/share/telepathy	308	blacklist ${HOME}/.local/share/telepathy
305	blacklist ${HOME}/.local/share/torbrowser	309	blacklist ${HOME}/.local/share/torbrowser
306	blacklist ${HOME}/.local/share/totem	310	blacklist ${HOME}/.local/share/totem
@@ -325,16 +329,19 @@ blacklist ${HOME}/.mutt/muttrc
325	blacklist ${HOME}/.muttrc	329	blacklist ${HOME}/.muttrc
326	blacklist ${HOME}/.nv	330	blacklist ${HOME}/.nv
327	blacklist ${HOME}/.nylas-mail	331	blacklist ${HOME}/.nylas-mail
		332	blacklist ${HOME}/.openinvaders
328	blacklist ${HOME}/.openshot	333	blacklist ${HOME}/.openshot
329	blacklist ${HOME}/.openshot_qt	334	blacklist ${HOME}/.openshot_qt
330	blacklist ${HOME}/.opera	335	blacklist ${HOME}/.opera
331	blacklist ${HOME}/.opera-beta	336	blacklist ${HOME}/.opera-beta
		337	blacklist ${HOME}/.pingus
332	blacklist ${HOME}/.purple	338	blacklist ${HOME}/.purple
333	blacklist ${HOME}/.qemu-launcher	339	blacklist ${HOME}/.qemu-launcher
334	blacklist ${HOME}/.remmina	340	blacklist ${HOME}/.remmina
335	blacklist ${HOME}/.retroshare	341	blacklist ${HOME}/.retroshare
336	blacklist ${HOME}/.scribus	342	blacklist ${HOME}/.scribus
337	blacklist ${HOME}/.scribusrc	343	blacklist ${HOME}/.scribusrc
		344	blacklist ${HOME}/.simutrans
338	blacklist ${HOME}/.steam	345	blacklist ${HOME}/.steam
339	blacklist ${HOME}/.steampath	346	blacklist ${HOME}/.steampath
340	blacklist ${HOME}/.steampid	347	blacklist ${HOME}/.steampid
@@ -347,6 +354,7 @@ blacklist ${HOME}/.tconn
347	blacklist ${HOME}/.thunderbird	354	blacklist ${HOME}/.thunderbird
348	blacklist ${HOME}/.tooling	355	blacklist ${HOME}/.tooling
349	blacklist ${HOME}/.ts3client	356	blacklist ${HOME}/.ts3client
		357	blacklist ${HOME}/.unknow-horizons
350	blacklist ${HOME}/.viking	358	blacklist ${HOME}/.viking
351	blacklist ${HOME}/.viking-maps	359	blacklist ${HOME}/.viking-maps
352	blacklist ${HOME}/.vst	360	blacklist ${HOME}/.vst


diff --git a/etc/etr.profile b/etc/etr.profile new file mode 100644 index 000000000..d7b747995 --- /dev/null +++ b/etc/etr.profile
@@ -0,0 +1,41 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/etr.local
		7
		8	################################
		9	# Extreme Tux Racer profile
		10	################################
		11
		12	noblacklist ~/.etr
		13	mkdir ~/.etr
		14	whitelist ~/.etr
		15	include /etc/firejail/whitelist-common.inc
		16
		17	include /etc/firejail/disable-common.inc
		18	include /etc/firejail/disable-programs.inc
		19	include /etc/firejail/disable-passwdmgr.inc
		20
		21	caps.drop all
		22	nonewprivs
		23	noroot
		24	protocol unix,netlink
		25	seccomp
		26
		27	#
		28	# depending on your usage, you can enable some of the commands below:
		29	#
		30	net none
		31	nogroups
		32	shell none
		33	#private-bin etr
		34	# private-etc none
		35	private-dev
		36	private-tmp
		37	# nosound
		38
		39
		40
		41


diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile new file mode 100644 index 000000000..52f8e5b3e --- /dev/null +++ b/etc/frozen-bubble.profile
@@ -0,0 +1,38 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/frozen-bubble.local
		7
		8	################################
		9	# Frozen Bubble profile
		10	################################
		11
		12	noblacklist ~/.frozen-bubble
		13	mkdir ~/.frozen-bubble
		14	whitelist ~/.frozen-bubble
		15	include /etc/firejail/whitelist-common.inc
		16
		17	include /etc/firejail/disable-common.inc
		18	include /etc/firejail/disable-programs.inc
		19	include /etc/firejail/disable-passwdmgr.inc
		20
		21	caps.drop all
		22	nonewprivs
		23	noroot
		24	protocol unix,netlink
		25	seccomp
		26
		27	#
		28	# depending on your usage, you can enable some of the commands below:
		29	#
		30	net none
		31	nogroups
		32	shell none
		33	#private-bin frozen-bubble
		34	# private-etc none
		35	private-dev
		36	private-tmp
		37	# nosound
		38


diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile new file mode 100644 index 000000000..f95b0f5a2 --- /dev/null +++ b/etc/open-invaders.profile
@@ -0,0 +1,41 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/open-invaders.local
		7
		8	################################
		9	# open-invaders profile
		10	################################
		11
		12	noblacklist ~/.openinvaders
		13	mkdir ~/.openinvaders
		14	whitelist ~/.openinvaders
		15	include /etc/firejail/whitelist-common.inc
		16
		17	include /etc/firejail/disable-common.inc
		18	include /etc/firejail/disable-programs.inc
		19	include /etc/firejail/disable-passwdmgr.inc
		20
		21	caps.drop all
		22	nonewprivs
		23	noroot
		24	protocol unix,netlink
		25	seccomp
		26
		27	#
		28	# depending on your usage, you can enable some of the commands below:
		29	#
		30	net none
		31	nogroups
		32	shell none
		33	#private-bin open-invaders
		34	# private-etc none
		35	private-dev
		36	private-tmp
		37	# nosound
		38
		39
		40
		41


diff --git a/etc/pingus.profile b/etc/pingus.profile new file mode 100644 index 000000000..b3b479046 --- /dev/null +++ b/etc/pingus.profile
@@ -0,0 +1,41 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/pingus.local
		7
		8	################################
		9	# Pinugs profile
		10	################################
		11
		12	noblacklist ~/.pingus
		13	mkdir ~/.pingus
		14	whitelist ~/.pingus
		15	include /etc/firejail/whitelist-common.inc
		16
		17	include /etc/firejail/disable-common.inc
		18	include /etc/firejail/disable-programs.inc
		19	include /etc/firejail/disable-passwdmgr.inc
		20
		21	caps.drop all
		22	nonewprivs
		23	noroot
		24	protocol unix,netlink
		25	seccomp
		26
		27	#
		28	# depending on your usage, you can enable some of the commands below:
		29	#
		30	net none
		31	nogroups
		32	shell none
		33	#private-bin pingus
		34	# private-etc none
		35	private-dev
		36	private-tmp
		37	# nosound
		38
		39
		40
		41


diff --git a/etc/simutrans.profile b/etc/simutrans.profile new file mode 100644 index 000000000..b1df0ba28 --- /dev/null +++ b/etc/simutrans.profile
@@ -0,0 +1,41 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/simutrans.local
		7
		8	################################
		9	# simutrans profile
		10	################################
		11
		12	noblacklist ~/.simutrans
		13	mkdir ~/.simutrans
		14	whitelist ~/.simutrans
		15	include /etc/firejail/whitelist-common.inc
		16
		17	include /etc/firejail/disable-common.inc
		18	include /etc/firejail/disable-programs.inc
		19	include /etc/firejail/disable-passwdmgr.inc
		20
		21	caps.drop all
		22	nonewprivs
		23	noroot
		24	protocol unix
		25	seccomp
		26
		27	#
		28	# depending on your usage, you can enable some of the commands below:
		29	#
		30	net none
		31	nogroups
		32	shell none
		33	#private-bin simutrans
		34	# private-etc none
		35	private-dev
		36	private-tmp
		37	# nosound
		38
		39
		40
		41


diff --git a/etc/supertux2.profile b/etc/supertux2.profile new file mode 100644 index 000000000..276e91b05 --- /dev/null +++ b/etc/supertux2.profile
@@ -0,0 +1,41 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/supertux2.local
		7
		8	################################
		9	# SuperTux profile
		10	################################
		11
		12	noblacklist ~/.local/share/supertux2
		13	mkdir ~/.local/share/supertux2
		14	whitelist ~/.local/share/supertux2
		15	include /etc/firejail/whitelist-common.inc
		16
		17	include /etc/firejail/disable-common.inc
		18	include /etc/firejail/disable-programs.inc
		19	include /etc/firejail/disable-passwdmgr.inc
		20
		21	caps.drop all
		22	nonewprivs
		23	noroot
		24	protocol unix,netlink
		25	seccomp
		26
		27	#
		28	# depending on your usage, you can enable some of the commands below:
		29	#
		30	net none
		31	nogroups
		32	shell none
		33	#private-bin supertux2
		34	# private-etc none
		35	private-dev
		36	private-tmp
		37	# nosound
		38
		39
		40
		41


diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile new file mode 100644 index 000000000..c4e535070 --- /dev/null +++ b/etc/unknown-horizons.profile
@@ -0,0 +1,40 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/unknown-horizons.local
		7
		8	################################
		9	# Extreme Tux Racer profile
		10	################################
		11
		12	noblacklist ~/.unknown-horizons
		13	mkdir ~/.unknown-horizons
		14	whitelist ~/.unknown-horizons
		15	include /etc/firejail/whitelist-common.inc
		16
		17	include /etc/firejail/disable-common.inc
		18	include /etc/firejail/disable-programs.inc
		19	include /etc/firejail/disable-passwdmgr.inc
		20
		21	caps.drop all
		22	nonewprivs
		23	noroot
		24	protocol unix,netlink,inet,inet6
		25	seccomp
		26
		27	#
		28	# depending on your usage, you can enable some of the commands below:
		29	#
		30	nogroups
		31	shell none
		32	#private-bin unknown-horizons
		33	# private-etc none
		34	private-dev
		35	private-tmp
		36	# nosound
		37
		38
		39
		40