abiword and more gnome-games

 - four-in-a-row
 - gnome-mahjongg
 - gnome-robots
 - gnome-sudoku
 - gnome-taquin
 - gnome-tetravex

harden gnome-chess

9 files changed, 146 insertions, 0 deletions

diff --git a/etc/abiword.profile b/etc/abiword.profile
new file mode 100644
index 000000000..748cda195
--- /dev/null
+++ b/etc/abiword.profile
@@ -0,0 +1,46 @@
+# Firejail profile for abiword
+# Description: flexible cross-platform word processor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include abiword.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/abiword
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+whitelist /usr/share/abiword-3.0
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+#nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+private-bin abiword
+private-cache
+private-dev
+private-etc fonts,gtk-3.0,passwd
+private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 15a62d4e2..5bb2f851a 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -119,6 +119,7 @@ blacklist ${HOME}/.config/Thunar
 blacklist ${HOME}/.config/VirtualBox
 blacklist ${HOME}/.config/Wire
 blacklist ${HOME}/.config/Zeal
+blacklist ${HOME}/.config/abiword
 blacklist ${HOME}/.config/agenda
 blacklist ${HOME}/.config/akonadi*
 blacklist ${HOME}/.config/akregatorrc
@@ -548,6 +549,7 @@ blacklist ${HOME}/.local/share/gnome-photos
 blacklist ${HOME}/.local/share/gnome-pomodoro
 blacklist ${HOME}/.local/share/gnome-recipes
 blacklist ${HOME}/.local/share/gnome-ring
+blacklist ${HOME}/.local/share/gnome-sudoku
 blacklist ${HOME}/.local/share/gnome-twitch
 blacklist ${HOME}/.local/share/godot
 blacklist ${HOME}/.local/share/gradio
diff --git a/etc/four-in-a-row.profile b/etc/four-in-a-row.profile
new file mode 100644
index 000000000..b468c3435
--- /dev/null
+++ b/etc/four-in-a-row.profile
@@ -0,0 +1,17 @@
+# Firejail profile for four-in-a-row
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include four-in-a-row.local
+# Persistent global definitions
+include globals.local
+
+ignore machine-id
+ignore nosound
+
+whitelist /usr/share/four-in-a-row
+
+private-bin four-in-a-row
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index e657293ac..a80e1ca6d 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -16,6 +16,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+whitelist /usr/share/gnuchess
+whitelist /usr/share/gnome-chess
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 apparmor
diff --git a/etc/gnome-mahjongg.profile b/etc/gnome-mahjongg.profile
new file mode 100644
index 000000000..653c5f949
--- /dev/null
+++ b/etc/gnome-mahjongg.profile
@@ -0,0 +1,14 @@
+# Firejail profile for gnome-mahjongg
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-mahjongg.local
+# Persistent global definitions
+include globals.local
+
+whitelist /usr/share/gnome-mahjongg
+
+private-bin gnome-mahjongg
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-robots.profile b/etc/gnome-robots.profile
new file mode 100644
index 000000000..888324a5c
--- /dev/null
+++ b/etc/gnome-robots.profile
@@ -0,0 +1,17 @@
+# Firejail profile for gnome-robots
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-robots.local
+# Persistent global definitions
+include globals.local
+
+ignore machine-id
+ignore nosound
+
+whitelist /usr/share/gnome-robots
+
+private-bin gnome-robots
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-sudoku.profile b/etc/gnome-sudoku.profile
new file mode 100644
index 000000000..b41bccd1e
--- /dev/null
+++ b/etc/gnome-sudoku.profile
@@ -0,0 +1,17 @@
+# Firejail profile for gnome-sudoku
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-sudoku.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/gnome-sudoku
+
+mkdir ${HOME}/.local/share/gnome-sudoku
+whitelist ${HOME}/.local/share/gnome-sudoku
+
+private-bin gnome-sudoku
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-taquin.profile b/etc/gnome-taquin.profile
new file mode 100644
index 000000000..efd64d455
--- /dev/null
+++ b/etc/gnome-taquin.profile
@@ -0,0 +1,17 @@
+# Firejail profile for gnome-taquin
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-taquin.local
+# Persistent global definitions
+include globals.local
+
+ignore machine-id
+ignore nosound
+
+whitelist /usr/share/gnome-taquin
+
+private-bin gnome-taquin
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-tetravex.profile b/etc/gnome-tetravex.profile
new file mode 100644
index 000000000..e9622539c
--- /dev/null
+++ b/etc/gnome-tetravex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for gnome-tetravex
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-tetravex.local
+# Persistent global definitions
+include globals.local
+
+private-bin gnome-tetravex
+
+# Redirect
+include gnome_games-common.profile