OpenArena profile

author: netblue30 <netblue30@yahoo.com> 2019-06-13 08:38:16 -0400
committer: netblue30 <netblue30@yahoo.com> 2019-06-13 08:38:16 -0400
commit: 4a5449b4c6869835b743a6a4566d89d84df3ce67 (patch)
tree: 7ecb5653d57c235466d9e8e5199fc04d068fd4cd /etc
parent: hardening & fixing (diff)
download: firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.gz
firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.zst
firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.zip
2 files changed, 52 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 9d3f3ab68..7684aefff 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -575,6 +575,7 @@ blacklist ${HOME}/.neverball
 blacklist ${HOME}/.newsboat
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.openarena
 blacklist ${HOME}/.opencity
 blacklist ${HOME}/.openinvaders
 blacklist ${HOME}/.openshot
diff --git a/etc/openarena.profile b/etc/openarena.profile
new file mode 100644
index 000000000..f36d3270f
--- /dev/null
+++ b/etc/openarena.profile
@@ -0,0 +1,51 @@
+# Firejail profile for OpenArena
+# Description: deathmatch FPS game based on GPL idTech3 technology
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openarena.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.openarena
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+# ipc-namespace
+# machine-id
+# net none
+# netfilter
+# no3d
+# nodbus
+# nodvd
+# nogroups
+nonewprivs
+noroot
+# nosound
+notv
+# nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+# tracelog
+# disable-mnt
+# private
+# private-bin openarena
+private-cache
+private-dev
+# private-etc machine-id,xdg,openal,udev,drirc,passwd,selinux
+# private-lib
+private-tmp
+# memory-deny-write-execute
author	netblue30 <netblue30@yahoo.com>	2019-06-13 08:38:16 -0400
committer	netblue30 <netblue30@yahoo.com>	2019-06-13 08:38:16 -0400
commit	4a5449b4c6869835b743a6a4566d89d84df3ce67 (patch)
tree	7ecb5653d57c235466d9e8e5199fc04d068fd4cd /etc
parent	hardening & fixing (diff)
download	firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.gz firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.tar.zst firejail-4a5449b4c6869835b743a6a4566d89d84df3ce67.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 9d3f3ab68..7684aefff 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -575,6 +575,7 @@ blacklist ${HOME}/.neverball
575	blacklist ${HOME}/.newsboat	575	blacklist ${HOME}/.newsboat
576	blacklist ${HOME}/.nv	576	blacklist ${HOME}/.nv
577	blacklist ${HOME}/.nylas-mail	577	blacklist ${HOME}/.nylas-mail
		578	blacklist ${HOME}/.openarena
578	blacklist ${HOME}/.opencity	579	blacklist ${HOME}/.opencity
579	blacklist ${HOME}/.openinvaders	580	blacklist ${HOME}/.openinvaders
580	blacklist ${HOME}/.openshot	581	blacklist ${HOME}/.openshot


diff --git a/etc/openarena.profile b/etc/openarena.profile new file mode 100644 index 000000000..f36d3270f --- /dev/null +++ b/etc/openarena.profile
@@ -0,0 +1,51 @@
		1	# Firejail profile for OpenArena
		2	# Description: deathmatch FPS game based on GPL idTech3 technology
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include openarena.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.openarena
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	include whitelist-var-common.inc
		20
		21	apparmor
		22	caps.drop all
		23	# ipc-namespace
		24	# machine-id
		25	# net none
		26	# netfilter
		27	# no3d
		28	# nodbus
		29	# nodvd
		30	# nogroups
		31	nonewprivs
		32	noroot
		33	# nosound
		34	notv
		35	# nou2f
		36	novideo
		37	protocol unix,inet,inet6,netlink
		38	seccomp
		39	shell none
		40	# tracelog
		41
		42	# disable-mnt
		43	# private
		44	# private-bin openarena
		45	private-cache
		46	private-dev
		47	# private-etc machine-id,xdg,openal,udev,drirc,passwd,selinux
		48	# private-lib
		49	private-tmp
		50
		51	# memory-deny-write-execute