12 files changed, 310 insertions, 2 deletions

diff --git a/README.md b/README.md
index 724b2e862..765c746ed 100644
--- a/README.md
+++ b/README.md
@@ -127,4 +127,6 @@ ulimit, vhangup, vserver. This brings us to a total of 91 syscalls blacklisted b
 ## New profiles:
 
 curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy,
-IntelliJ IDEA, Android Studio, electron, riot-web
+IntelliJ IDEA, Android Studio, electron, riot-web,
+Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
+
diff --git a/RELNOTES b/RELNOTES
index 84e474e73..9cdd71e8d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -7,7 +7,9 @@ firejail (0.9.49) baseline; urgency=low
   * enhancement: rework IP address assingment for --net options
   * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
   * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
-  * new profiles: Android Studio, electron, riot-web
+  * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, 
+  * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
+  
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Mon, 12 Jun 2017 20:00:00 -0500
 
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0a4d4c4cb..95d9b04a0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -186,9 +186,12 @@ blacklist ${HOME}/.elinks
 blacklist ${HOME}/.emacs
 blacklist ${HOME}/.emacs.d
 blacklist ${HOME}/.filezilla
+blacklist ${HOME}/.emacs
+blacklist ${HOME}/.etr
 blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.fltk
 blacklist ${HOME}/.FontForge
+blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.git-credential-cache
 blacklist ${HOME}/.gitconfig
@@ -301,6 +304,7 @@ blacklist ${HOME}/.local/share/qpdfview
 blacklist ${HOME}/.local/share/scribus
 blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
+blacklist ${HOME}/.local/share/supertux2
 blacklist ${HOME}/.local/share/telepathy
 blacklist ${HOME}/.local/share/torbrowser
 blacklist ${HOME}/.local/share/totem
@@ -325,16 +329,19 @@ blacklist ${HOME}/.mutt/muttrc
 blacklist ${HOME}/.muttrc
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.openinvaders
 blacklist ${HOME}/.openshot
 blacklist ${HOME}/.openshot_qt
 blacklist ${HOME}/.opera
 blacklist ${HOME}/.opera-beta
+blacklist ${HOME}/.pingus
 blacklist ${HOME}/.purple
 blacklist ${HOME}/.qemu-launcher
 blacklist ${HOME}/.remmina
 blacklist ${HOME}/.retroshare
 blacklist ${HOME}/.scribus
 blacklist ${HOME}/.scribusrc
+blacklist ${HOME}/.simutrans
 blacklist ${HOME}/.steam
 blacklist ${HOME}/.steampath
 blacklist ${HOME}/.steampid
@@ -347,6 +354,7 @@ blacklist ${HOME}/.tconn
 blacklist ${HOME}/.thunderbird
 blacklist ${HOME}/.tooling
 blacklist ${HOME}/.ts3client
+blacklist ${HOME}/.unknow-horizons
 blacklist ${HOME}/.viking
 blacklist ${HOME}/.viking-maps
 blacklist ${HOME}/.vst
diff --git a/etc/etr.profile b/etc/etr.profile
new file mode 100644
index 000000000..d7b747995
--- /dev/null
+++ b/etc/etr.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/etr.local
+
+################################
+# Extreme Tux Racer profile
+################################
+
+noblacklist ~/.etr
+mkdir ~/.etr
+whitelist ~/.etr
+include /etc/firejail/whitelist-common.inc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin etr
+# private-etc none
+private-dev
+private-tmp
+# nosound
+
+
+
+
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
new file mode 100644
index 000000000..52f8e5b3e
--- /dev/null
+++ b/etc/frozen-bubble.profile
@@ -0,0 +1,38 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/frozen-bubble.local
+
+################################
+# Frozen Bubble profile
+################################
+
+noblacklist ~/.frozen-bubble
+mkdir ~/.frozen-bubble
+whitelist ~/.frozen-bubble
+include /etc/firejail/whitelist-common.inc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin frozen-bubble
+# private-etc none
+private-dev
+private-tmp
+# nosound
+
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
new file mode 100644
index 000000000..f95b0f5a2
--- /dev/null
+++ b/etc/open-invaders.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/open-invaders.local
+
+################################
+# open-invaders profile
+################################
+
+noblacklist ~/.openinvaders
+mkdir ~/.openinvaders
+whitelist ~/.openinvaders
+include /etc/firejail/whitelist-common.inc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin open-invaders
+# private-etc none
+private-dev
+private-tmp
+# nosound
+
+
+
+
diff --git a/etc/pingus.profile b/etc/pingus.profile
new file mode 100644
index 000000000..b3b479046
--- /dev/null
+++ b/etc/pingus.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/pingus.local
+
+################################
+# Pinugs profile
+################################
+
+noblacklist ~/.pingus
+mkdir ~/.pingus
+whitelist ~/.pingus
+include /etc/firejail/whitelist-common.inc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin pingus
+# private-etc none
+private-dev
+private-tmp
+# nosound
+
+
+
+
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
new file mode 100644
index 000000000..b1df0ba28
--- /dev/null
+++ b/etc/simutrans.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/simutrans.local
+
+################################
+# simutrans profile
+################################
+
+noblacklist ~/.simutrans
+mkdir ~/.simutrans
+whitelist ~/.simutrans
+include /etc/firejail/whitelist-common.inc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nonewprivs
+noroot
+protocol unix
+seccomp
+
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin simutrans
+# private-etc none
+private-dev
+private-tmp
+# nosound
+
+
+
+
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
new file mode 100644
index 000000000..276e91b05
--- /dev/null
+++ b/etc/supertux2.profile
@@ -0,0 +1,41 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/supertux2.local
+
+################################
+# SuperTux profile
+################################
+
+noblacklist ~/.local/share/supertux2
+mkdir ~/.local/share/supertux2
+whitelist ~/.local/share/supertux2
+include /etc/firejail/whitelist-common.inc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink
+seccomp
+
+#
+# depending on your usage, you can enable some of the commands below:
+#
+net none
+nogroups
+shell none
+#private-bin supertux2
+# private-etc none
+private-dev
+private-tmp
+# nosound
+
+
+
+
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
new file mode 100644
index 000000000..c4e535070
--- /dev/null
+++ b/etc/unknown-horizons.profile
@@ -0,0 +1,40 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/unknown-horizons.local
+
+################################
+# Extreme Tux Racer profile
+################################
+
+noblacklist ~/.unknown-horizons
+mkdir ~/.unknown-horizons
+whitelist ~/.unknown-horizons
+include /etc/firejail/whitelist-common.inc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nonewprivs
+noroot
+protocol unix,netlink,inet,inet6
+seccomp
+
+#
+# depending on your usage, you can enable some of the commands below:
+#
+nogroups
+shell none
+#private-bin unknown-horizons
+# private-etc none
+private-dev
+private-tmp
+# nosound
+
+
+
+
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 852d54c0e..a2e02dd6a 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -321,3 +321,9 @@
 /etc/firejail/kwrite.profile
 /etc/firejail/geary.profile
 /etc/firejail/liferea.profile
+/etc/firejail/etr.profile
+/etc/firejail/frozen-bubble.profile
+/etc/firejail/open-invaders.profile
+/etc/firejail/pingus.profile
+/etc/firejail/simutrans.profile
+/etc/firejail/supertux2.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 025f239ba..b3614bf64 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -59,6 +59,7 @@ empathy
 eog
 eom
 epiphany
+etr
 evince
 evolution
 exiftool
@@ -71,6 +72,7 @@ firefox-esr
 flashpeak-slimjet
 flowblade
 fontforge
+frozen-bubble
 FossaMail
 gajim
 galculator
@@ -182,6 +184,7 @@ netsurf
 nylas
 odt2txt
 okular
+open-invaders
 openshot
 opera
 opera-beta
@@ -192,6 +195,7 @@ pdfsam
 pdftotext
 peek
 pidgin
+pingus
 pithos
 pix
 pluma
@@ -215,6 +219,7 @@ scribus
 seamonkey
 seamonkey-bin
 simple-scan
+simutrans
 silentarmy
 skanlite
 skype
@@ -229,6 +234,7 @@ start-tor-browser
 steam
 stellarium
 strings
+supertux2
 synfigstudio
 telegram
 Telegram
@@ -241,6 +247,7 @@ transmission-qt
 transmission-show
 uget-gtk
 unbound
+unknown-horizons
 uudeview
 uzbl-browser
 viewnior