New profiles: Maelstrom and ostrichrider

author: Tad <tad@spotco.us> 2019-03-20 03:07:43 -0400
committer: Tad <tad@spotco.us> 2019-03-20 03:07:43 -0400
commit: d7435c29e35cf7114b57e35d7708a1b864c07f00 (patch)
tree: 3582d4b8a99c0ae5120b32883e71bb8b002a0690 /etc
parent: Harden easystroke (#2606) (diff)
download: firejail-d7435c29e35cf7114b57e35d7708a1b864c07f00.tar.gz
firejail-d7435c29e35cf7114b57e35d7708a1b864c07f00.tar.zst
firejail-d7435c29e35cf7114b57e35d7708a1b864c07f00.zip
3 files changed, 91 insertions, 0 deletions
diff --git a/etc/Maelstrom.profile b/etc/Maelstrom.profile
new file mode 100644
index 000000000..cee49111e
--- /dev/null
+++ b/etc/Maelstrom.profile
@@ -0,0 +1,43 @@
+# Firejail profile for Maelstrom
+# Description: A space combat game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include Maelstrom.local
+# Persistent global definitions
+include globals.local
+noblacklist /var/lib/games/Maelstrom-Scores
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist /var/lib/games
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+#nonewprivs
+#noroot
+notv
+nou2f
+novideo
+#protocol unix
+#seccomp
+shell none
+tracelog
+disable-mnt
+private-bin Maelstrom
+private-cache
+private-dev
+private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 976c3610e..b8ecd4b13 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -538,6 +538,7 @@ blacklist ${HOME}/.openshot
 blacklist ${HOME}/.openshot_qt
 blacklist ${HOME}/.opera
 blacklist ${HOME}/.opera-beta
+blacklist ${HOME}/.ostrichriders
 blacklist ${HOME}/.pingus
 blacklist ${HOME}/.purple
 blacklist ${HOME}/.qemu-launcher
@@ -695,3 +696,4 @@ blacklist ${HOME}/.cache/yandex-browser
 blacklist ${HOME}/.cache/yandex-browser-beta
 blacklist /var/games/nethack
+blacklist /var/lib/games/Maelstrom-Scores
diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile
new file mode 100644
index 000000000..4eedddefd
--- /dev/null
+++ b/etc/ostrichriders.profile
@@ -0,0 +1,46 @@
+# Firejail profile for ostrichriders
+# Description: Knights flying on ostriches compete against other riders
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ostrichriders.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.ostrichriders
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.ostrichriders
+whitelist ${HOME}/.ostrichriders
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+# protocol seems to have a huge impact on performance
+#protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin ostrichriders
+private-cache
+# private-dev should be commented for controllers
+private-dev
+private-tmp
author	Tad <tad@spotco.us>	2019-03-20 03:07:43 -0400
committer	Tad <tad@spotco.us>	2019-03-20 03:07:43 -0400
commit	d7435c29e35cf7114b57e35d7708a1b864c07f00 (patch)
tree	3582d4b8a99c0ae5120b32883e71bb8b002a0690 /etc
parent	Harden easystroke (#2606) (diff)
download	firejail-d7435c29e35cf7114b57e35d7708a1b864c07f00.tar.gz firejail-d7435c29e35cf7114b57e35d7708a1b864c07f00.tar.zst firejail-d7435c29e35cf7114b57e35d7708a1b864c07f00.zip

diff --git a/etc/Maelstrom.profile b/etc/Maelstrom.profile new file mode 100644 index 000000000..cee49111e --- /dev/null +++ b/etc/Maelstrom.profile
@@ -0,0 +1,43 @@
		1	# Firejail profile for Maelstrom
		2	# Description: A space combat game
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include Maelstrom.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist /var/lib/games/Maelstrom-Scores
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	whitelist /var/lib/games
		20	include whitelist-common.inc
		21	include whitelist-var-common.inc
		22
		23	caps.drop all
		24	ipc-namespace
		25	net none
		26	nodbus
		27	nodvd
		28	nogroups
		29	#nonewprivs
		30	#noroot
		31	notv
		32	nou2f
		33	novideo
		34	#protocol unix
		35	#seccomp
		36	shell none
		37	tracelog
		38
		39	disable-mnt
		40	private-bin Maelstrom
		41	private-cache
		42	private-dev
		43	private-tmp


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 976c3610e..b8ecd4b13 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -538,6 +538,7 @@ blacklist ${HOME}/.openshot
538	blacklist ${HOME}/.openshot_qt	538	blacklist ${HOME}/.openshot_qt
539	blacklist ${HOME}/.opera	539	blacklist ${HOME}/.opera
540	blacklist ${HOME}/.opera-beta	540	blacklist ${HOME}/.opera-beta
		541	blacklist ${HOME}/.ostrichriders
541	blacklist ${HOME}/.pingus	542	blacklist ${HOME}/.pingus
542	blacklist ${HOME}/.purple	543	blacklist ${HOME}/.purple
543	blacklist ${HOME}/.qemu-launcher	544	blacklist ${HOME}/.qemu-launcher
@@ -695,3 +696,4 @@ blacklist ${HOME}/.cache/yandex-browser
695	blacklist ${HOME}/.cache/yandex-browser-beta	696	blacklist ${HOME}/.cache/yandex-browser-beta
696		697
697	blacklist /var/games/nethack	698	blacklist /var/games/nethack
		699	blacklist /var/lib/games/Maelstrom-Scores


diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile new file mode 100644 index 000000000..4eedddefd --- /dev/null +++ b/etc/ostrichriders.profile
@@ -0,0 +1,46 @@
		1	# Firejail profile for ostrichriders
		2	# Description: Knights flying on ostriches compete against other riders
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include ostrichriders.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.ostrichriders
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	mkdir ${HOME}/.ostrichriders
		20	whitelist ${HOME}/.ostrichriders
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
		24	caps.drop all
		25	ipc-namespace
		26	net none
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	novideo
		35	# protocol seems to have a huge impact on performance
		36	#protocol unix
		37	seccomp
		38	shell none
		39	tracelog
		40
		41	disable-mnt
		42	private-bin ostrichriders
		43	private-cache
		44	# private-dev should be commented for controllers
		45	private-dev
		46	private-tmp