5 files changed, 44 insertions, 2 deletions
diff --git a/README.md b/README.md
index fd715f8c9..2aeea656c 100644
--- a/README.md
+++ b/README.md
@@ -176,4 +176,4 @@ Run ./profstats -h for help.
 ### New profiles:
 gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,
-gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer
+gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index bd0213135..5b3fe475c 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -645,6 +645,7 @@ blacklist ${HOME}/.openttd
 blacklist ${HOME}/.opera
 blacklist ${HOME}/.opera-beta
 blacklist ${HOME}/.ostrichriders
+blacklist ${HOME}/.penguin-command
 blacklist ${HOME}/.pingus
 blacklist ${HOME}/.pioneer
 blacklist ${HOME}/.purple
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 0ba9451d8..1f214b7f5 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -35,6 +35,6 @@ protocol unix,netlink
 seccomp
 shell none
-# private-bin open-invaders
+private-bin open-invaders
 private-dev
 private-tmp
diff --git a/etc/penguin-command.profile b/etc/penguin-command.profile
new file mode 100644
index 000000000..33e0651d4
--- /dev/null
+++ b/etc/penguin-command.profile
@@ -0,0 +1,40 @@
+# Firejail profile for open-invaders
+# Description: Space Invaders clone
+# This file is overwritten after every install/update
+# Persistent local customizations
+include open-invaders.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.penguin-command
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+mkdir ${HOME}/.openinvaders
+whitelist ${HOME}/.openinvaders
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+private-bin penguin-command
+private-dev
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index a79c48f50..e836d8d39 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -510,6 +510,7 @@ pdfmod
 pdfsam
 pdftotext
 peek
+penguin-command
 picard
 pidgin
 #ping - disabled until we fix  #1912

diff --git a/README.md b/README.md index fd715f8c9..2aeea656c 100644 --- a/README.md +++ b/README.md
@@ -176,4 +176,4 @@ Run ./profstats -h for help.
176	### New profiles:	176	### New profiles:
177		177
178	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,	178	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,
179	gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer	179	gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index bd0213135..5b3fe475c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -645,6 +645,7 @@ blacklist ${HOME}/.openttd
645	blacklist ${HOME}/.opera	645	blacklist ${HOME}/.opera
646	blacklist ${HOME}/.opera-beta	646	blacklist ${HOME}/.opera-beta
647	blacklist ${HOME}/.ostrichriders	647	blacklist ${HOME}/.ostrichriders
		648	blacklist ${HOME}/.penguin-command
648	blacklist ${HOME}/.pingus	649	blacklist ${HOME}/.pingus
649	blacklist ${HOME}/.pioneer	650	blacklist ${HOME}/.pioneer
650	blacklist ${HOME}/.purple	651	blacklist ${HOME}/.purple


diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 0ba9451d8..1f214b7f5 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile
@@ -35,6 +35,6 @@ protocol unix,netlink
35	seccomp	35	seccomp
36	shell none	36	shell none
37		37
38	# private-bin open-invaders	38	private-bin open-invaders
39	private-dev	39	private-dev
40	private-tmp	40	private-tmp


diff --git a/etc/penguin-command.profile b/etc/penguin-command.profile new file mode 100644 index 000000000..33e0651d4 --- /dev/null +++ b/etc/penguin-command.profile
@@ -0,0 +1,40 @@
		1	# Firejail profile for open-invaders
		2	# Description: Space Invaders clone
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include open-invaders.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.penguin-command
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17
		18	mkdir ${HOME}/.openinvaders
		19	whitelist ${HOME}/.openinvaders
		20	include whitelist-common.inc
		21	include whitelist-var-common.inc
		22
		23	apparmor
		24	caps.drop all
		25	net none
		26	nodbus
		27	nodvd
		28	nogroups
		29	nonewprivs
		30	noroot
		31	notv
		32	nou2f
		33	novideo
		34	protocol unix,netlink
		35	seccomp
		36	shell none
		37
		38	private-bin penguin-command
		39	private-dev
		40	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a79c48f50..e836d8d39 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -510,6 +510,7 @@ pdfmod
510	pdfsam	510	pdfsam
511	pdftotext	511	pdftotext
512	peek	512	peek
		513	penguin-command
513	picard	514	picard
514	pidgin	515	pidgin
515	#ping - disabled until we fix #1912	516	#ping - disabled until we fix #1912