8 files changed, 191 insertions, 1 deletions
diff --git a/README.md b/README.md
index 8d061f4bc..4a858f843 100644
--- a/README.md
+++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.59
 ## New profiles:
-crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
+crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow
diff --git a/RELNOTES b/RELNOTES
index f3ee1bfab..dd9513931 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -8,6 +8,7 @@ firejail (0.9.59) baseline; urgency=low
  * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
  * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
  * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
+  * new profiles: teeworlds, torcs, tremulous, warsow
  * memory-deny-write-execute now also blocks memfd_create
  * drop support for flatpak/snap packages
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0237ad2ba..69ffb5d45 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -514,6 +514,7 @@ blacklist ${HOME}/.local/share/uzbl
 blacklist ${HOME}/.local/share/vlc
 blacklist ${HOME}/.local/share/vpltd
 blacklist ${HOME}/.local/share/vulkan
+blacklist ${HOME}/.local/share/warsow-2.1
 blacklist ${HOME}/.local/share/wesnoth
 blacklist ${HOME}/.local/share/xplayer
 blacklist ${HOME}/.local/share/xreader
@@ -569,11 +570,14 @@ blacklist ${HOME}/.sword
 blacklist ${HOME}/.sylpheed-2.0
 blacklist ${HOME}/.synfig
 blacklist ${HOME}/.tconn
+blacklist ${HOME}/.teeworlds
 blacklist ${HOME}/.thunderbird
 blacklist ${HOME}/.tilp
 blacklist ${HOME}/.tooling
 blacklist ${HOME}/.tor-browser-*
 blacklist ${HOME}/.tor-browser_*
+blacklist ${HOME}/.torcs
+blacklist ${HOME}/.tremulous
 blacklist ${HOME}/.ts3client
 blacklist ${HOME}/.tuxguitar*
 blacklist ${HOME}/.unknown-horizons
@@ -694,6 +698,7 @@ blacklist ${HOME}/.cache/transmission
 blacklist ${HOME}/.cache/vivaldi
 blacklist ${HOME}/.cache/vivaldi-snapshot
 blacklist ${HOME}/.cache/vlc
+blacklist ${HOME}/.cache/warsow-2.1
 blacklist ${HOME}/.cache/waterfox
 blacklist ${HOME}/.cache/wesnoth
 blacklist ${HOME}/.cache/xmms2
diff --git a/etc/teeworlds.profile b/etc/teeworlds.profile
new file mode 100644
index 000000000..782f337d3
--- /dev/null
+++ b/etc/teeworlds.profile
@@ -0,0 +1,44 @@
+# Firejail profile for teeworlds
+# Description: Online multi-player platform 2D shooter
+# This file is overwritten after every install/update
+# Persistent local customizations
+include teeworlds.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.teeworlds
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.teeworlds
+whitelist ${HOME}/.teeworlds
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin teeworlds
+private-cache
+private-dev
+private-tmp
diff --git a/etc/torcs.profile b/etc/torcs.profile
new file mode 100644
index 000000000..d9c59b276
--- /dev/null
+++ b/etc/torcs.profile
@@ -0,0 +1,43 @@
+# Firejail profile for torcs
+# Description: The Open Racing Car Simulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include torcs.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.torcs
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.torcs
+whitelist ${HOME}/.torcs
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-tmp
diff --git a/etc/tremulous.profile b/etc/tremulous.profile
new file mode 100644
index 000000000..a56ac2c07
--- /dev/null
+++ b/etc/tremulous.profile
@@ -0,0 +1,44 @@
+# Firejail profile for tremulous
+# Description: First Person Shooter game based on the Quake 3 engine
+# This file is overwritten after every install/update
+# Persistent local customizations
+include tremulous.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.tremulous
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.tremulous
+whitelist ${HOME}/.tremulous
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin tremulous,tremulous-wrapper,tremded
+private-cache
+private-dev
+private-tmp
diff --git a/etc/warsow.profile b/etc/warsow.profile
new file mode 100644
index 000000000..e884ab07a
--- /dev/null
+++ b/etc/warsow.profile
@@ -0,0 +1,49 @@
+# Firejail profile for warsow
+# Description: Fast paced 3D first person shooter
+# This file is overwritten after every install/update
+# Persistent local customizations
+include warsow.local
+# Persistent global definitions
+include globals.local
+ignore noexec ${HOME}
+noblacklist ${HOME}/.cache/warsow-2.1
+noblacklist ${HOME}/.local/share/warsow-2.1
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/warsow-2.1
+mkdir ${HOME}/.local/share/warsow-2.1
+whitelist ${HOME}/.cache/warsow-2.1
+whitelist ${HOME}/.local/share/warsow-2.1
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin warsow
+private-cache
+private-dev
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 90dd07dea..a2edd7c3a 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -486,6 +486,7 @@ synfigstudio
 sysprof
 sysprof-cli
 teamspeak3
+teeworlds
 telegram
 telegram-desktop
 terasology
@@ -525,6 +526,7 @@ tor-browser-vi
 tor-browser-zh-cn
 tor-browser-zh-tw
 torbrowser-launcher
+torcs
 totem
 tracker
 transgui
@@ -538,6 +540,7 @@ transmission-remote
 transmission-remote-cli
 transmission-remote-gtk
 transmission-show
+tremulous
 truecraft
 tuxguitar
 uefitool
@@ -557,6 +560,7 @@ vlc
 vscodium
 vym
 w3m
+warsow
 warzone2100
 waterfox
 webstorm

diff --git a/README.md b/README.md index 8d061f4bc..4a858f843 100644 --- a/README.md +++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102	## Current development version: 0.9.59	102	## Current development version: 0.9.59
103		103
104	## New profiles:	104	## New profiles:
105	crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles	105	crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow


diff --git a/RELNOTES b/RELNOTES index f3ee1bfab..dd9513931 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -8,6 +8,7 @@ firejail (0.9.59) baseline; urgency=low
8	* new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings	8	* new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
9	* new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag	9	* new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
10	* new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles	10	* new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
		11	* new profiles: teeworlds, torcs, tremulous, warsow
11	* memory-deny-write-execute now also blocks memfd_create	12	* memory-deny-write-execute now also blocks memfd_create
12	* drop support for flatpak/snap packages	13	* drop support for flatpak/snap packages
13		14


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0237ad2ba..69ffb5d45 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -514,6 +514,7 @@ blacklist ${HOME}/.local/share/uzbl
514	blacklist ${HOME}/.local/share/vlc	514	blacklist ${HOME}/.local/share/vlc
515	blacklist ${HOME}/.local/share/vpltd	515	blacklist ${HOME}/.local/share/vpltd
516	blacklist ${HOME}/.local/share/vulkan	516	blacklist ${HOME}/.local/share/vulkan
		517	blacklist ${HOME}/.local/share/warsow-2.1
517	blacklist ${HOME}/.local/share/wesnoth	518	blacklist ${HOME}/.local/share/wesnoth
518	blacklist ${HOME}/.local/share/xplayer	519	blacklist ${HOME}/.local/share/xplayer
519	blacklist ${HOME}/.local/share/xreader	520	blacklist ${HOME}/.local/share/xreader
@@ -569,11 +570,14 @@ blacklist ${HOME}/.sword
569	blacklist ${HOME}/.sylpheed-2.0	570	blacklist ${HOME}/.sylpheed-2.0
570	blacklist ${HOME}/.synfig	571	blacklist ${HOME}/.synfig
571	blacklist ${HOME}/.tconn	572	blacklist ${HOME}/.tconn
		573	blacklist ${HOME}/.teeworlds
572	blacklist ${HOME}/.thunderbird	574	blacklist ${HOME}/.thunderbird
573	blacklist ${HOME}/.tilp	575	blacklist ${HOME}/.tilp
574	blacklist ${HOME}/.tooling	576	blacklist ${HOME}/.tooling
575	blacklist ${HOME}/.tor-browser-*	577	blacklist ${HOME}/.tor-browser-*
576	blacklist ${HOME}/.tor-browser_*	578	blacklist ${HOME}/.tor-browser_*
		579	blacklist ${HOME}/.torcs
		580	blacklist ${HOME}/.tremulous
577	blacklist ${HOME}/.ts3client	581	blacklist ${HOME}/.ts3client
578	blacklist ${HOME}/.tuxguitar*	582	blacklist ${HOME}/.tuxguitar*
579	blacklist ${HOME}/.unknown-horizons	583	blacklist ${HOME}/.unknown-horizons
@@ -694,6 +698,7 @@ blacklist ${HOME}/.cache/transmission
694	blacklist ${HOME}/.cache/vivaldi	698	blacklist ${HOME}/.cache/vivaldi
695	blacklist ${HOME}/.cache/vivaldi-snapshot	699	blacklist ${HOME}/.cache/vivaldi-snapshot
696	blacklist ${HOME}/.cache/vlc	700	blacklist ${HOME}/.cache/vlc
		701	blacklist ${HOME}/.cache/warsow-2.1
697	blacklist ${HOME}/.cache/waterfox	702	blacklist ${HOME}/.cache/waterfox
698	blacklist ${HOME}/.cache/wesnoth	703	blacklist ${HOME}/.cache/wesnoth
699	blacklist ${HOME}/.cache/xmms2	704	blacklist ${HOME}/.cache/xmms2


diff --git a/etc/teeworlds.profile b/etc/teeworlds.profile new file mode 100644 index 000000000..782f337d3 --- /dev/null +++ b/etc/teeworlds.profile
@@ -0,0 +1,44 @@
		1	# Firejail profile for teeworlds
		2	# Description: Online multi-player platform 2D shooter
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include teeworlds.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.teeworlds
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	mkdir ${HOME}/.teeworlds
		20	whitelist ${HOME}/.teeworlds
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
		24	caps.drop all
		25	ipc-namespace
		26	netfilter
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix,inet,inet6
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	private-bin teeworlds
		42	private-cache
		43	private-dev
		44	private-tmp


diff --git a/etc/torcs.profile b/etc/torcs.profile new file mode 100644 index 000000000..d9c59b276 --- /dev/null +++ b/etc/torcs.profile
@@ -0,0 +1,43 @@
		1	# Firejail profile for torcs
		2	# Description: The Open Racing Car Simulator
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include torcs.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.torcs
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	mkdir ${HOME}/.torcs
		20	whitelist ${HOME}/.torcs
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
		24	caps.drop all
		25	ipc-namespace
		26	net none
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	private-cache
		42	private-dev
		43	private-tmp


diff --git a/etc/tremulous.profile b/etc/tremulous.profile new file mode 100644 index 000000000..a56ac2c07 --- /dev/null +++ b/etc/tremulous.profile
@@ -0,0 +1,44 @@
		1	# Firejail profile for tremulous
		2	# Description: First Person Shooter game based on the Quake 3 engine
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include tremulous.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.tremulous
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	mkdir ${HOME}/.tremulous
		20	whitelist ${HOME}/.tremulous
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
		24	caps.drop all
		25	ipc-namespace
		26	netfilter
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix,inet,inet6
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	private-bin tremulous,tremulous-wrapper,tremded
		42	private-cache
		43	private-dev
		44	private-tmp


diff --git a/etc/warsow.profile b/etc/warsow.profile new file mode 100644 index 000000000..e884ab07a --- /dev/null +++ b/etc/warsow.profile
@@ -0,0 +1,49 @@
		1	# Firejail profile for warsow
		2	# Description: Fast paced 3D first person shooter
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include warsow.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	ignore noexec ${HOME}
		10
		11	noblacklist ${HOME}/.cache/warsow-2.1
		12	noblacklist ${HOME}/.local/share/warsow-2.1
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-passwdmgr.inc
		19	include disable-programs.inc
		20	include disable-xdg.inc
		21
		22	mkdir ${HOME}/.cache/warsow-2.1
		23	mkdir ${HOME}/.local/share/warsow-2.1
		24	whitelist ${HOME}/.cache/warsow-2.1
		25	whitelist ${HOME}/.local/share/warsow-2.1
		26	include whitelist-common.inc
		27	include whitelist-var-common.inc
		28
		29	caps.drop all
		30	ipc-namespace
		31	netfilter
		32	nodbus
		33	nodvd
		34	nogroups
		35	nonewprivs
		36	noroot
		37	notv
		38	nou2f
		39	novideo
		40	protocol unix,inet,inet6
		41	seccomp
		42	shell none
		43	tracelog
		44
		45	disable-mnt
		46	private-bin warsow
		47	private-cache
		48	private-dev
		49	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 90dd07dea..a2edd7c3a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -486,6 +486,7 @@ synfigstudio
486	sysprof	486	sysprof
487	sysprof-cli	487	sysprof-cli
488	teamspeak3	488	teamspeak3
		489	teeworlds
489	telegram	490	telegram
490	telegram-desktop	491	telegram-desktop
491	terasology	492	terasology
@@ -525,6 +526,7 @@ tor-browser-vi
525	tor-browser-zh-cn	526	tor-browser-zh-cn
526	tor-browser-zh-tw	527	tor-browser-zh-tw
527	torbrowser-launcher	528	torbrowser-launcher
		529	torcs
528	totem	530	totem
529	tracker	531	tracker
530	transgui	532	transgui
@@ -538,6 +540,7 @@ transmission-remote
538	transmission-remote-cli	540	transmission-remote-cli
539	transmission-remote-gtk	541	transmission-remote-gtk
540	transmission-show	542	transmission-show
		543	tremulous
541	truecraft	544	truecraft
542	tuxguitar	545	tuxguitar
543	uefitool	546	uefitool
@@ -557,6 +560,7 @@ vlc
557	vscodium	560	vscodium
558	vym	561	vym
559	w3m	562	w3m
		563	warsow
560	warzone2100	564	warzone2100
561	waterfox	565	waterfox
562	webstorm	566	webstorm