11 files changed, 231 insertions, 27 deletions

diff --git a/README.md b/README.md
index a39572750..e79c4d329 100644
--- a/README.md
+++ b/README.md
@@ -176,4 +176,4 @@ Run ./profstats -h for help.
 ### New profiles:
 
 gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal,
-gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient
+gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux
diff --git a/RELNOTES b/RELNOTES
index 141e28238..162c4b493 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -2,6 +2,7 @@ firejail (0.9.63) baseline; urgency=low
   * work in progress
   * DHCP client support
   * SELinux labeling support
+  * 32-bit seccomp filter
   * new condition: HAS_NOSOUND
   * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster
   * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl
@@ -11,7 +12,9 @@ firejail (0.9.63) baseline; urgency=low
   * new profiles: presentations18, presentations18free, textmaker18, teams
   * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX
   * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro
-  * new profiles: gnome-todo, x2goclient
+  * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command
+  * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux
+  * new profiles: ts3client_runscript.sh
 
 firejail (0.9.62) baseline; urgency=low
   * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 5b3fe475c..be8f0ff75 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -8,6 +8,8 @@ blacklist ${HOME}/Monero/wallets
 blacklist ${HOME}/Nextcloud/Notes
 blacklist ${HOME}/SoftMaker
 blacklist ${HOME}/Standard Notes Backups
+blacklist ${HOME}/TeamSpeak3-Client-linux_x86
+blacklist ${HOME}/TeamSpeak3-Client-linux_amd64
 blacklist ${HOME}/mps
 blacklist ${HOME}/wallet.dat
 blacklist ${HOME}/.*coin
@@ -330,6 +332,7 @@ blacklist ${HOME}/.config/vivaldi
 blacklist ${HOME}/.config/vivaldi-snapshot
 blacklist ${HOME}/.config/vlc
 blacklist ${HOME}/.config/wesnoth
+blacklist ${HOME}/.config/wormux
 blacklist ${HOME}/.config/Whalebird
 blacklist ${HOME}/.config/wireshark
 blacklist ${HOME}/.config/xchat
@@ -378,6 +381,7 @@ blacklist ${HOME}/.fossamail
 blacklist ${HOME}/.freeciv
 blacklist ${HOME}/.freecol
 blacklist ${HOME}/.freemind
+blacklist ${HOME}/.frogatto
 blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.gist
@@ -536,7 +540,9 @@ blacklist ${HOME}/.local/share/gnome-2048
 blacklist ${HOME}/.local/share/gnome-chess
 blacklist ${HOME}/.local/share/gnome-builder
 blacklist ${HOME}/.local/share/gnome-latex
+blacklist ${HOME}/.local/share/gnome-mines
 blacklist ${HOME}/.local/share/gnome-music
+blacklist ${HOME}/.local/share/gnome-nibbles
 blacklist ${HOME}/.local/share/gnome-photos
 blacklist ${HOME}/.local/share/gnome-pomodoro
 blacklist ${HOME}/.local/share/gnome-recipes
@@ -610,6 +616,7 @@ blacklist ${HOME}/.local/share/vpltd
 blacklist ${HOME}/.local/share/vulkan
 blacklist ${HOME}/.local/share/warsow-2.1
 blacklist ${HOME}/.local/share/wesnoth
+blacklist ${HOME}/.local/share/wormux
 blacklist ${HOME}/.local/share/xplayer
 blacklist ${HOME}/.local/share/xreader
 blacklist ${HOME}/.local/share/zathura
@@ -706,6 +713,7 @@ blacklist ${HOME}/.widelands
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.wine64
 blacklist ${HOME}/.wireshark
+blacklist ${HOME}/.wormux
 blacklist ${HOME}/.xiphos
 blacklist ${HOME}/.xmind
 blacklist ${HOME}/.xmms
diff --git a/etc/frogatto.profile b/etc/frogatto.profile
new file mode 100644
index 000000000..fd7c5fc16
--- /dev/null
+++ b/etc/frogatto.profile
@@ -0,0 +1,47 @@
+# Firejail profile for frogatto
+# Description: 2D platformer game starring a quixotic frog
+# This file is overwritten after every install/update
+# Persistent local customizations
+include frogatto.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.frogatto
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.frogatto
+whitelist ${HOME}/.frogatto
+whitelist /usr/share/frogatto
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin frogatto,sh
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile
index 6fa23c92e..978a13244 100644
--- a/etc/gnome-2048.profile
+++ b/etc/gnome-2048.profile
@@ -8,32 +8,10 @@ include globals.local
 
 noblacklist ${HOME}/.local/share/gnome-2048
 
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-include whitelist-var-common.inc
-
 mkdir ${HOME}/.local/share/gnome-2048
 whitelist ${HOME}/.local/share/gnome-2048
-include whitelist-common.inc
-
-apparmor
-caps.drop all
-netfilter
-nodvd
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
 
-disable-mnt
-private-dev
-private-tmp
+private-bin gnome-2048
 
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-mines.profile b/etc/gnome-mines.profile
new file mode 100644
index 000000000..9cae75524
--- /dev/null
+++ b/etc/gnome-mines.profile
@@ -0,0 +1,18 @@
+# Firejail profile for gnome-mines
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-mines.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/gnome-mines
+
+mkdir ${HOME}/.local/share/gnome-mines
+whitelist ${HOME}/.local/share/gnome-mines
+whitelist /usr/share/gnome-mines
+
+private-bin gnome-mines
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome-nibbles.profile b/etc/gnome-nibbles.profile
new file mode 100644
index 000000000..4e42b6b15
--- /dev/null
+++ b/etc/gnome-nibbles.profile
@@ -0,0 +1,21 @@
+# Firejail profile for gnome-nibbles
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-nibbles.local
+# Persistent global definitions
+include globals.local
+
+ignore machine-id
+ignore nosound
+
+noblacklist ${HOME}/.local/share/gnome-nibbles
+
+mkdir ${HOME}/.local/share/gnome-nibbles
+whitelist ${HOME}/.local/share/gnome-nibbles
+whitelist /usr/share/gnome-nibbles
+
+private-bin gnome-nibbles
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/gnome_games-common.profile b/etc/gnome_games-common.profile
new file mode 100644
index 000000000..0b75c5e92
--- /dev/null
+++ b/etc/gnome_games-common.profile
@@ -0,0 +1,43 @@
+# Firejail profile for gnome_games-common
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome_games-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-cache
+private-dev
+private-etc dconf,fonts,gconf,gtk-2.0,gtk-3.0,machine-id,pango,X11
+private-tmp
diff --git a/etc/lightsoff.profile b/etc/lightsoff.profile
new file mode 100644
index 000000000..65c8bd78d
--- /dev/null
+++ b/etc/lightsoff.profile
@@ -0,0 +1,14 @@
+# Firejail profile for lightsoff
+# Description: Sliding tile puzzle game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include lightsoff.local
+# Persistent global definitions
+include globals.local
+
+whitelist /usr/share/lightsoff
+
+private-bin lightsoff
+
+# Redirect
+include gnome_games-common.profile
diff --git a/etc/ts3client_runscript.sh.profile b/etc/ts3client_runscript.sh.profile
new file mode 100644
index 000000000..8d4675454
--- /dev/null
+++ b/etc/ts3client_runscript.sh.profile
@@ -0,0 +1,19 @@
+# Firejail profile alias for teamspeak3
+# Description: TeamSpeak is software for quality voice communication via the Internet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ts3client_runscript.sh.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+ignore noexec ${HOME}
+
+noblacklist ${HOME}/TeamSpeak3-Client-linux_x86
+noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64
+
+whitelist ${HOME}/TeamSpeak3-Client-linux_x86
+whitelist ${HOME}/TeamSpeak3-Client-linux_amd64
+
+# Redirect
+include teamspeak3.profile
diff --git a/etc/warmux.profile b/etc/warmux.profile
new file mode 100644
index 000000000..df7af49c4
--- /dev/null
+++ b/etc/warmux.profile
@@ -0,0 +1,53 @@
+# Firejail profile for warmux
+# Description: a convivial mass murder game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include warmux.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/wormux
+noblacklist ${HOME}/.local/share/wormux
+noblacklist ${HOME}/.wormux
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/wormux
+mkdir ${HOME}/.local/share/wormux
+mkdir ${HOME}/.wormux
+whitelist ${HOME}/.config/wormux
+whitelist ${HOME}/.local/share/wormux
+whitelist ${HOME}/.wormux
+whitelist /usr/share/warmux
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin warmux
+private-cache
+private-dev
+private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-tmp