diff options
-rw-r--r-- | etc/inc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/profile-a-l/alienblaster.profile | 55 | ||||
-rw-r--r-- | etc/profile-a-l/geki2.profile | 49 | ||||
-rw-r--r-- | etc/profile-a-l/geki3.profile | 49 | ||||
-rw-r--r-- | etc/profile-a-l/lbreakouthd.profile | 59 | ||||
-rw-r--r-- | etc/profile-m-z/tuxtype.profile | 56 | ||||
-rw-r--r-- | etc/profile-m-z/typespeed.profile | 48 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 6 |
8 files changed, 326 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index a44ad340b..1f373279c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -28,6 +28,8 @@ blacklist ${HOME}/.ZAP | |||
28 | blacklist ${HOME}/.aMule | 28 | blacklist ${HOME}/.aMule |
29 | blacklist ${HOME}/.abook | 29 | blacklist ${HOME}/.abook |
30 | blacklist ${HOME}/.addressbook | 30 | blacklist ${HOME}/.addressbook |
31 | blacklist ${HOME}/.alienblaster | ||
32 | blacklist ${HOME}/.alienblaster_highscore | ||
31 | blacklist ${HOME}/.alpine-smime | 33 | blacklist ${HOME}/.alpine-smime |
32 | blacklist ${HOME}/.ammonite | 34 | blacklist ${HOME}/.ammonite |
33 | blacklist ${HOME}/.android | 35 | blacklist ${HOME}/.android |
@@ -851,6 +853,7 @@ blacklist ${HOME}/.klatexformula | |||
851 | blacklist ${HOME}/.klei | 853 | blacklist ${HOME}/.klei |
852 | blacklist ${HOME}/.kodi | 854 | blacklist ${HOME}/.kodi |
853 | blacklist ${HOME}/.lastpass | 855 | blacklist ${HOME}/.lastpass |
856 | blacklist ${HOME}/.lbreakouthd | ||
854 | blacklist ${HOME}/.lettura | 857 | blacklist ${HOME}/.lettura |
855 | blacklist ${HOME}/.librewolf | 858 | blacklist ${HOME}/.librewolf |
856 | blacklist ${HOME}/.lincity-ng | 859 | blacklist ${HOME}/.lincity-ng |
@@ -1187,6 +1190,7 @@ blacklist ${HOME}/.torcs | |||
1187 | blacklist ${HOME}/.tremulous | 1190 | blacklist ${HOME}/.tremulous |
1188 | blacklist ${HOME}/.ts3client | 1191 | blacklist ${HOME}/.ts3client |
1189 | blacklist ${HOME}/.tuxguitar* | 1192 | blacklist ${HOME}/.tuxguitar* |
1193 | blacklist ${HOME}/.tuxtype | ||
1190 | blacklist ${HOME}/.tvbrowser | 1194 | blacklist ${HOME}/.tvbrowser |
1191 | blacklist ${HOME}/.unknown-horizons | 1195 | blacklist ${HOME}/.unknown-horizons |
1192 | blacklist ${HOME}/.viking | 1196 | blacklist ${HOME}/.viking |
diff --git a/etc/profile-a-l/alienblaster.profile b/etc/profile-a-l/alienblaster.profile new file mode 100644 index 000000000..0e0478a49 --- /dev/null +++ b/etc/profile-a-l/alienblaster.profile | |||
@@ -0,0 +1,55 @@ | |||
1 | # Firejail profile for alienblaster | ||
2 | # Persistent local customizations | ||
3 | include alienblaster.local | ||
4 | # Persistent global definitions | ||
5 | include globals.local | ||
6 | |||
7 | noblacklist ${HOME}/.alienblaster | ||
8 | noblacklist ${HOME}/.alienblaster_highscore | ||
9 | |||
10 | include disable-common.inc | ||
11 | include disable-devel.inc | ||
12 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | mkfile ${HOME}/.alienblaster_highscore | ||
18 | whitelist ${HOME}/.alienblaster_highscore | ||
19 | mkdir ${HOME}/.alienblaster | ||
20 | whitelist ${HOME}/.alienblaster | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-run-common.inc | ||
23 | whitelist ${RUNUSER}/pulse | ||
24 | include whitelist-runuser-common.inc | ||
25 | whitelist /usr/share/games/alienblaster | ||
26 | whitelist /usr/share/timidity | ||
27 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-var-common.inc | ||
29 | |||
30 | apparmor | ||
31 | caps.drop all | ||
32 | ipc-namespace | ||
33 | netfilter | ||
34 | net none | ||
35 | nodvd | ||
36 | noinput | ||
37 | nonewprivs | ||
38 | noroot | ||
39 | notv | ||
40 | nou2f | ||
41 | novideo | ||
42 | protocol unix | ||
43 | seccomp | ||
44 | tracelog | ||
45 | |||
46 | disable-mnt | ||
47 | private-dev | ||
48 | private-etc @x11,@sound,@games | ||
49 | private-tmp | ||
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
53 | |||
54 | memory-deny-write-execute | ||
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/geki2.profile b/etc/profile-a-l/geki2.profile new file mode 100644 index 000000000..32ff9c8af --- /dev/null +++ b/etc/profile-a-l/geki2.profile | |||
@@ -0,0 +1,49 @@ | |||
1 | # Firejail profile for geki2 | ||
2 | # Persistent local customizations | ||
3 | include geki2.local | ||
4 | # Persistent global definitions | ||
5 | include globals.local | ||
6 | |||
7 | include disable-common.inc | ||
8 | include disable-devel.inc | ||
9 | include disable-exec.inc | ||
10 | include disable-interpreters.inc | ||
11 | include disable-programs.inc | ||
12 | include disable-shell.inc | ||
13 | include disable-xdg.inc | ||
14 | |||
15 | include whitelist-run-common.inc | ||
16 | include whitelist-runuser-common.inc | ||
17 | whitelist /usr/share/games/geki2 | ||
18 | include whitelist-usr-share-common.inc | ||
19 | writable-var # game scores stored under /var/games | ||
20 | include whitelist-var-common.inc | ||
21 | |||
22 | apparmor | ||
23 | caps.drop all | ||
24 | ipc-namespace | ||
25 | net none | ||
26 | netfilter | ||
27 | nodvd | ||
28 | noinput | ||
29 | nonewprivs | ||
30 | noroot | ||
31 | notv | ||
32 | nou2f | ||
33 | novideo | ||
34 | protocol unix | ||
35 | seccomp | ||
36 | tracelog | ||
37 | |||
38 | disable-mnt | ||
39 | private | ||
40 | private-bin geki2 | ||
41 | private-dev | ||
42 | private-etc @x11,@sound,@games | ||
43 | private-tmp | ||
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
47 | |||
48 | memory-deny-write-execute | ||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/geki3.profile b/etc/profile-a-l/geki3.profile new file mode 100644 index 000000000..de2167724 --- /dev/null +++ b/etc/profile-a-l/geki3.profile | |||
@@ -0,0 +1,49 @@ | |||
1 | # Firejail profile for geki3 | ||
2 | # Persistent local customizations | ||
3 | include geki3.local | ||
4 | # Persistent global definitions | ||
5 | include globals.local | ||
6 | |||
7 | include disable-common.inc | ||
8 | include disable-devel.inc | ||
9 | include disable-exec.inc | ||
10 | include disable-interpreters.inc | ||
11 | include disable-programs.inc | ||
12 | include disable-shell.inc | ||
13 | include disable-xdg.inc | ||
14 | |||
15 | include whitelist-run-common.inc | ||
16 | include whitelist-runuser-common.inc | ||
17 | whitelist /usr/share/games/geki3 | ||
18 | include whitelist-usr-share-common.inc | ||
19 | writable-var # game scores stored under /var/games | ||
20 | include whitelist-var-common.inc | ||
21 | |||
22 | apparmor | ||
23 | caps.drop all | ||
24 | ipc-namespace | ||
25 | net none | ||
26 | netfilter | ||
27 | nodvd | ||
28 | noinput | ||
29 | nonewprivs | ||
30 | noroot | ||
31 | notv | ||
32 | nou2f | ||
33 | novideo | ||
34 | protocol unix | ||
35 | seccomp | ||
36 | tracelog | ||
37 | |||
38 | disable-mnt | ||
39 | private | ||
40 | private-bin geki3 | ||
41 | private-dev | ||
42 | private-etc @x11,@sound,@games | ||
43 | private-tmp | ||
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
47 | |||
48 | memory-deny-write-execute | ||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lbreakouthd.profile b/etc/profile-a-l/lbreakouthd.profile new file mode 100644 index 000000000..095a3839c --- /dev/null +++ b/etc/profile-a-l/lbreakouthd.profile | |||
@@ -0,0 +1,59 @@ | |||
1 | # Firejail profile for lbreakouthd | ||
2 | # Persistent local customizations | ||
3 | include lbreakouthd.local | ||
4 | # Persistent global definitions | ||
5 | include globals.local | ||
6 | |||
7 | # Note: this profile requires the current user to be a member of games group | ||
8 | |||
9 | noblacklist ${HOME}/.lbreakouthd | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-programs.inc | ||
16 | include disable-shell.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.lbreakouthd | ||
20 | whitelist ${HOME}/.lbreakouthd | ||
21 | include whitelist-common.inc | ||
22 | |||
23 | whitelist /run/udev/control | ||
24 | whitelist /run/host/container-manager | ||
25 | include whitelist-run-common.inc | ||
26 | whitelist ${RUNUSER}/pulse | ||
27 | include whitelist-runuser-common.inc | ||
28 | whitelist /usr/share/games/lbreakouthd | ||
29 | include whitelist-usr-share-common.inc | ||
30 | writable-var # game scores stored under /var/games | ||
31 | include whitelist-var-common.inc | ||
32 | |||
33 | apparmor | ||
34 | caps.drop all | ||
35 | ipc-namespace | ||
36 | net none | ||
37 | netfilter | ||
38 | nodvd | ||
39 | noinput | ||
40 | nonewprivs | ||
41 | noroot | ||
42 | notv | ||
43 | nou2f | ||
44 | novideo | ||
45 | protocol unix | ||
46 | seccomp | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | private-bin lbreakouthd | ||
51 | private-dev | ||
52 | private-etc @x11,@sound,@games | ||
53 | private-tmp | ||
54 | |||
55 | dbus-user none | ||
56 | dbus-system none | ||
57 | |||
58 | memory-deny-write-execute | ||
59 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tuxtype.profile b/etc/profile-m-z/tuxtype.profile new file mode 100644 index 000000000..51e514529 --- /dev/null +++ b/etc/profile-m-z/tuxtype.profile | |||
@@ -0,0 +1,56 @@ | |||
1 | # Firejail profile for tuxtype | ||
2 | # Persistent local customizations | ||
3 | include tuxtype.local | ||
4 | # Persistent global definitions | ||
5 | include globals.local | ||
6 | |||
7 | noblacklist ${HOME}/.tuxtype | ||
8 | |||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-programs.inc | ||
14 | include disable-shell.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | mkdir ${HOME}/.tuxtype | ||
18 | whitelist ${HOME}/.tuxtype | ||
19 | include whitelist-common.inc | ||
20 | |||
21 | |||
22 | include whitelist-run-common.inc | ||
23 | whitelist ${RUNUSER}/pulse | ||
24 | include whitelist-runuser-common.inc | ||
25 | whitelist /usr/share/tuxtype | ||
26 | include whitelist-usr-share-common.inc | ||
27 | writable-var # game scores stored under /var/games | ||
28 | include whitelist-var-common.inc | ||
29 | |||
30 | apparmor | ||
31 | caps.drop all | ||
32 | ipc-namespace | ||
33 | net none | ||
34 | netfilter | ||
35 | nodvd | ||
36 | noinput | ||
37 | nonewprivs | ||
38 | noroot | ||
39 | notv | ||
40 | nou2f | ||
41 | novideo | ||
42 | protocol unix | ||
43 | seccomp | ||
44 | tracelog | ||
45 | |||
46 | disable-mnt | ||
47 | private-bin tuxtype | ||
48 | private-dev | ||
49 | private-etc @x11,@sound,@games,tuxtype | ||
50 | private-tmp | ||
51 | |||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
55 | memory-deny-write-execute | ||
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/typespeed.profile b/etc/profile-m-z/typespeed.profile new file mode 100644 index 000000000..08263ccb0 --- /dev/null +++ b/etc/profile-m-z/typespeed.profile | |||
@@ -0,0 +1,48 @@ | |||
1 | # Firejail profile for typespeed | ||
2 | # Persistent local customizations | ||
3 | include typespeed.local | ||
4 | # Persistent global definitions | ||
5 | include globals.local | ||
6 | |||
7 | # Note: this profile requires the current user to be a member of games group | ||
8 | |||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-programs.inc | ||
14 | include disable-xdg.inc | ||
15 | |||
16 | include whitelist-run-common.inc | ||
17 | include whitelist-runuser-common.inc | ||
18 | whitelist /usr/share/typespeed | ||
19 | include whitelist-usr-share-common.inc | ||
20 | writable-var # game scores stored under /var/games | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | netfilter | ||
27 | nodvd | ||
28 | noinput | ||
29 | nonewprivs | ||
30 | noroot | ||
31 | notv | ||
32 | nou2f | ||
33 | novideo | ||
34 | protocol unix,inet,inet6,netlink | ||
35 | seccomp | ||
36 | tracelog | ||
37 | |||
38 | disable-mnt | ||
39 | private | ||
40 | private-dev | ||
41 | private-etc @x11,@sound,@games | ||
42 | private-tmp | ||
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
47 | memory-deny-write-execute | ||
48 | restrict-namespaces | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index c97db228d..43554cc1e 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -43,6 +43,7 @@ abrowser | |||
43 | akonadi_control | 43 | akonadi_control |
44 | akregator | 44 | akregator |
45 | alacarte | 45 | alacarte |
46 | alienblaster | ||
46 | alpine | 47 | alpine |
47 | alpinef | 48 | alpinef |
48 | amarok | 49 | amarok |
@@ -320,6 +321,8 @@ geany | |||
320 | gedit | 321 | gedit |
321 | geekbench | 322 | geekbench |
322 | geeqie | 323 | geeqie |
324 | geki2 | ||
325 | geki3 | ||
323 | gfeeds | 326 | gfeeds |
324 | gh | 327 | gh |
325 | ghb | 328 | ghb |
@@ -493,6 +496,7 @@ ktouch | |||
493 | kube | 496 | kube |
494 | #kwin_x11 | 497 | #kwin_x11 |
495 | kwrite | 498 | kwrite |
499 | lbreakouthd | ||
496 | lbry-viewer | 500 | lbry-viewer |
497 | lbry-viewer-gtk | 501 | lbry-viewer-gtk |
498 | leafpad | 502 | leafpad |
@@ -920,9 +924,11 @@ tshark | |||
920 | tuir | 924 | tuir |
921 | tutanota-desktop | 925 | tutanota-desktop |
922 | tuxguitar | 926 | tuxguitar |
927 | tuxtype | ||
923 | tvbrowser | 928 | tvbrowser |
924 | tvnamer | 929 | tvnamer |
925 | twitch | 930 | twitch |
931 | typespeed | ||
926 | udiskie | 932 | udiskie |
927 | uefitool | 933 | uefitool |
928 | uget-gtk | 934 | uget-gtk |