Add a profile for Terasology

author: Tad <tad@spotco.us> 2017-09-15 15:47:55 -0400
committer: Tad <tad@spotco.us> 2017-09-15 15:47:55 -0400
commit: 18e4e7aa36a94ef7c34a05dc42b7153788ff6bad (patch)
tree: 7915be764c5aa1e0b465d5ad86e32f2b7b7d6e15 /etc
parent: Merge pull request #1551 from smitsohu/KDEapps (diff)
download: firejail-18e4e7aa36a94ef7c34a05dc42b7153788ff6bad.tar.gz
firejail-18e4e7aa36a94ef7c34a05dc42b7153788ff6bad.tar.zst
firejail-18e4e7aa36a94ef7c34a05dc42b7153788ff6bad.zip
2 files changed, 43 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7e44d582e..ff750ecd9 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -318,6 +318,7 @@ blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/supertux2
 blacklist ${HOME}/.local/share/telepathy
+blacklist ${HOME}/.local/share/terasology
 blacklist ${HOME}/.local/share/torbrowser
 blacklist ${HOME}/.local/share/totem
 blacklist ${HOME}/.local/share/vpltd
diff --git a/etc/terasology.profile b/etc/terasology.profile
new file mode 100644
index 000000000..ca580c0d0
--- /dev/null
+++ b/etc/terasology.profile
@@ -0,0 +1,42 @@
+# Firejail profile for terasology
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/default.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/terasology
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.java
+mkdir ${HOME}/.local/share/terasology
+whitelist ${HOME}/.java
+whitelist ${HOME}/.local/share/terasology
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-dev
+private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk
+private-tmp
+noexec ${HOME}
author	Tad <tad@spotco.us>	2017-09-15 15:47:55 -0400
committer	Tad <tad@spotco.us>	2017-09-15 15:47:55 -0400
commit	18e4e7aa36a94ef7c34a05dc42b7153788ff6bad (patch)
tree	7915be764c5aa1e0b465d5ad86e32f2b7b7d6e15 /etc
parent	Merge pull request #1551 from smitsohu/KDEapps (diff)
download	firejail-18e4e7aa36a94ef7c34a05dc42b7153788ff6bad.tar.gz firejail-18e4e7aa36a94ef7c34a05dc42b7153788ff6bad.tar.zst firejail-18e4e7aa36a94ef7c34a05dc42b7153788ff6bad.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7e44d582e..ff750ecd9 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -318,6 +318,7 @@ blacklist ${HOME}/.local/share/spotify
318	blacklist ${HOME}/.local/share/steam	318	blacklist ${HOME}/.local/share/steam
319	blacklist ${HOME}/.local/share/supertux2	319	blacklist ${HOME}/.local/share/supertux2
320	blacklist ${HOME}/.local/share/telepathy	320	blacklist ${HOME}/.local/share/telepathy
		321	blacklist ${HOME}/.local/share/terasology
321	blacklist ${HOME}/.local/share/torbrowser	322	blacklist ${HOME}/.local/share/torbrowser
322	blacklist ${HOME}/.local/share/totem	323	blacklist ${HOME}/.local/share/totem
323	blacklist ${HOME}/.local/share/vpltd	324	blacklist ${HOME}/.local/share/vpltd


diff --git a/etc/terasology.profile b/etc/terasology.profile new file mode 100644 index 000000000..ca580c0d0 --- /dev/null +++ b/etc/terasology.profile
@@ -0,0 +1,42 @@
		1	# Firejail profile for terasology
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/default.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8
		9	noblacklist ${HOME}/.java
		10	noblacklist ${HOME}/.local/share/terasology
		11
		12	include /etc/firejail/disable-common.inc
		13	include /etc/firejail/disable-devel.inc
		14	include /etc/firejail/disable-passwdmgr.inc
		15	include /etc/firejail/disable-programs.inc
		16
		17	mkdir ${HOME}/.java
		18	mkdir ${HOME}/.local/share/terasology
		19	whitelist ${HOME}/.java
		20	whitelist ${HOME}/.local/share/terasology
		21	include /etc/firejail/whitelist-common.inc
		22
		23	caps.drop all
		24	ipc-namespace
		25	net none
		26	netfilter
		27	nodvd
		28	nogroups
		29	nonewprivs
		30	noroot
		31	notv
		32	novideo
		33	protocol unix,inet,inet6
		34	seccomp
		35	shell none
		36
		37	disable-mnt
		38	private-dev
		39	private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk
		40	private-tmp
		41
		42	noexec ${HOME}