5 files changed, 61 insertions, 3 deletions

diff --git a/etc/bibletime.profile b/etc/bibletime.profile
index 0691b32c3..ca8ab09bb 100644
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@@ -34,9 +34,8 @@ notv
 nou2f
 novideo
 protocol unix,inet,inet6,netlink
-seccomp
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
-tracelog
 
 # private-bin bibletime,qt5ct
 private-dev
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7e9d7be80..774852c2f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -233,6 +233,7 @@ blacklist ${HOME}/.config/smplayer
 blacklist ${HOME}/.config/smtube
 blacklist ${HOME}/.config/specialmailcollectionsrc
 blacklist ${HOME}/.config/spotify
+blacklist ${HOME}/.config/supertuxkart
 blacklist ${HOME}/.config/sqlitebrowser
 blacklist ${HOME}/.config/stellarium
 blacklist ${HOME}/.config/synfig
@@ -461,6 +462,7 @@ blacklist ${HOME}/.local/share/scribus
 blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/supertux2
+blacklist ${HOME}/.local/share/supertuxkart
 blacklist ${HOME}/.local/share/telepathy
 blacklist ${HOME}/.local/share/terasology
 blacklist ${HOME}/.local/share/torbrowser
@@ -617,6 +619,7 @@ blacklist ${HOME}/.cache/qutebrowser
 blacklist ${HOME}/.cache/simple-scan
 blacklist ${HOME}/.cache/slimjet
 blacklist ${HOME}/.cache/spotify
+blacklist ${HOME}/.cache/supertuxkart
 blacklist ${HOME}/.cache/systemsettings
 blacklist ${HOME}/.cache/telepathy
 blacklist ${HOME}/.cache/thunderbird
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile
new file mode 100644
index 000000000..9f65a2fa1
--- /dev/null
+++ b/etc/supertuxkart.profile
@@ -0,0 +1,55 @@
+# Firejail profile for supertuxkart
+# Description: Free kart racing game.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include supertuxkart.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/supertuxkart
+noblacklist ${HOME}/.cache/supertuxkart
+noblacklist ${HOME}/.local/share/supertuxkart
+
+include disable-common.inc
+include disable-devel.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include disable-interpreters.inc
+
+mkdir ${HOME}/.config/supertuxkart
+mkdir ${HOME}/.cache/supertuxkart
+mkdir ${HOME}/.local/share/supertuxkart
+whitelist ${HOME}/.config/supertuxkart
+whitelist ${HOME}/.cache/supertuxkart
+whitelist ${HOME}/.local/share/supertuxkart
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin supertuxkart
+private-cache
+private-dev
+private-etc resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux
+private-tmp
+private-opt none
+private-srv none
+
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index bfba93190..f36455c89 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -403,6 +403,7 @@ steam-native
 stellarium
 strings
 supertux2
+supertuxkart
 surf
 sylpheed
 synfigstudio
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 9c1133756..2d0bd26d0 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -2676,7 +2676,7 @@ Option \-\-netstats prints network statistics for active sandboxes installing ne
 
 
 Listed below are the available fields (columns) in alphabetical
-order for \-\-top and \-\-netstat options:
+order for \-\-top and \-\-netstats options:
 
 .TP
 Command