11 files changed, 276 insertions, 2 deletions
diff --git a/README.md b/README.md
index 58c5cb5de..30256ad4a 100644
--- a/README.md
+++ b/README.md
@@ -102,5 +102,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.59
 ## New profiles:
-crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs
+crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs, freecol, opencity, openclonk, slashem, vulturesclaw, vultureseye
diff --git a/RELNOTES b/RELNOTES
index 070f68d37..6b5f19a8b 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,7 +10,8 @@ firejail (0.9.59) baseline; urgency=low
  * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
  * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
  * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
-  * new profiles: kid3-cli, nomacs
+  * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
+  * new profiles: vultureseye, vulturesclaw
  * memory-deny-write-execute now also blocks memfd_create
  * drop support for flatpak/snap packages
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 35b294955..f5a40ff5f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -51,6 +51,7 @@ blacklist ${HOME}/.bogofilter
 blacklist ${HOME}/.bzf
 blacklist ${HOME}/.claws-mail
 blacklist ${HOME}/.cliqz
+blacklist ${HOME}/.clonk
 blacklist ${HOME}/.config/0ad
 blacklist ${HOME}/.config/2048-qt
 blacklist ${HOME}/.config/Atom
@@ -157,6 +158,7 @@ blacklist ${HOME}/.config/falkon
 blacklist ${HOME}/.config/filezilla
 blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/font-manager
+blacklist ${HOME}/.config/freecol
 blacklist ${HOME}/.config/gajim
 blacklist ${HOME}/.config/galculator
 blacklist ${HOME}/.config/gconf
@@ -325,6 +327,7 @@ blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.fltk
 blacklist ${HOME}/.fossamail
 blacklist ${HOME}/.freeciv
+blacklist ${HOME}/.freecol
 blacklist ${HOME}/.freemind
 blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
@@ -455,6 +458,7 @@ blacklist ${HOME}/.local/share/epiphany
 blacklist ${HOME}/.local/share/evolution
 blacklist ${HOME}/.local/share/feedreader
 blacklist ${HOME}/.local/share/feral-interactive
+blacklist ${HOME}/.local/share/freecol
 blacklist ${HOME}/.local/share/gajim
 blacklist ${HOME}/.local/share/geary
 blacklist ${HOME}/.local/share/geeqie
@@ -546,6 +550,7 @@ blacklist ${HOME}/.netactview
 blacklist ${HOME}/.neverball
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.opencity
 blacklist ${HOME}/.openinvaders
 blacklist ${HOME}/.openshot
 blacklist ${HOME}/.openshot_qt
@@ -595,6 +600,7 @@ blacklist ${HOME}/.viking-maps
 blacklist ${HOME}/.vscode
 blacklist ${HOME}/.vscode-oss
 blacklist ${HOME}/.vst
+blacklist ${HOME}/.vultures
 blacklist ${HOME}/.w3m
 blacklist ${HOME}/.warzone2100-3.*
 blacklist ${HOME}/.waterfox
@@ -644,6 +650,7 @@ blacklist ${HOME}/.cache/falkon
 blacklist ${HOME}/.cache/feedreader
 blacklist ${HOME}/.cache/font-manager
 blacklist ${HOME}/.cache/fossamail
+blacklist ${HOME}/.cache/freecol
 blacklist ${HOME}/.cache/gajim
 blacklist ${HOME}/.cache/geeqie
 blacklist ${HOME}/.cache/google-chrome
@@ -717,4 +724,7 @@ blacklist ${HOME}/.cache/yandex-browser
 blacklist ${HOME}/.cache/yandex-browser-beta
 blacklist /var/games/nethack
+blacklist /var/games/slashem
+blacklist /var/games/vulturesclaw
+blacklist /var/games/vultureseye
 blacklist /var/lib/games/Maelstrom-Scores
diff --git a/etc/freecol.profile b/etc/freecol.profile
new file mode 100644
index 000000000..7987cc076
--- /dev/null
+++ b/etc/freecol.profile
@@ -0,0 +1,60 @@
+# Firejail profile for freecol
+# Description: Turn-based multi-player strategy game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include freecol.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.freecol
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.cache/freecol
+noblacklist ${HOME}/.config/freecol
+noblacklist ${HOME}/.local/share/freecol
+# Allow access to java
+noblacklist ${PATH}/java
+noblacklist /usr/lib/java
+noblacklist /etc/java
+noblacklist /usr/share/java
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.java
+mkdir ${HOME}/.cache/freecol
+mkdir ${HOME}/.config/freecol
+mkdir ${HOME}/.local/share/freecol
+whitelist ${HOME}/.freecol
+whitelist ${HOME}/.java
+whitelist ${HOME}/.cache/freecol
+whitelist ${HOME}/.config/freecol
+whitelist ${HOME}/.local/share/freecol
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-tmp
diff --git a/etc/nethack-vultures.profile b/etc/nethack-vultures.profile
new file mode 100644
index 000000000..771430337
--- /dev/null
+++ b/etc/nethack-vultures.profile
@@ -0,0 +1,47 @@
+# Firejail profile for nethack-vultures
+# Description: A rogue-like single player dungeon exploration game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nethack.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.vultures
+noblacklist /var/log
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+mkdir ${HOME}/.vultures
+whitelist ${HOME}/.vultures
+whitelist /var/log/vultures
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+#nonewprivs
+#noroot
+notv
+novideo
+#protocol unix,netlink
+#seccomp
+shell none
+disable-mnt
+#private
+private-cache
+private-dev
+private-tmp
+writable-var
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/opencity.profile b/etc/opencity.profile
new file mode 100644
index 000000000..6a27c8095
--- /dev/null
+++ b/etc/opencity.profile
@@ -0,0 +1,44 @@
+# Firejail profile for opencity
+# Description: Full 3D city simulator game project
+# This file is overwritten after every install/update
+# Persistent local customizations
+include opencity.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.opencity
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.opencity
+whitelist ${HOME}/.opencity
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin opencity
+private-cache
+private-dev
+private-tmp
diff --git a/etc/openclonk.profile b/etc/openclonk.profile
new file mode 100644
index 000000000..02663c2f4
--- /dev/null
+++ b/etc/openclonk.profile
@@ -0,0 +1,44 @@
+# Firejail profile for openclonk
+# Description: Multiplayer action, tactics and skill game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openclonk.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.clonk
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.clonk
+whitelist ${HOME}/.clonk
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin openclonk,c4group
+private-cache
+private-dev
+private-tmp
diff --git a/etc/slashem.profile b/etc/slashem.profile
new file mode 100644
index 000000000..0a372ce5f
--- /dev/null
+++ b/etc/slashem.profile
@@ -0,0 +1,47 @@
+# Firejail profile for slashem
+# Description: A rogue-like single player dungeon exploration game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include slashem.local
+# Persistent global definitions
+include globals.local
+noblacklist /var/games/slashem
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+whitelist /var/games/slashem
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+#nonewprivs
+#noroot
+nosound
+notv
+novideo
+#protocol unix,netlink
+#seccomp
+shell none
+disable-mnt
+#private
+private-cache
+private-dev
+private-tmp
+writable-var
+#memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/vulturesclaw.profile b/etc/vulturesclaw.profile
new file mode 100644
index 000000000..2e9078a7b
--- /dev/null
+++ b/etc/vulturesclaw.profile
@@ -0,0 +1,8 @@
+# Firejail profile alias for nethack-vultures
+# This file is overwritten after every install/update
+noblacklist /var/games/vulturesclaw
+whitelist /var/games/vulturesclaw
+# Redirect
+include nethack-vultures.profile
diff --git a/etc/vultureseye.profile b/etc/vultureseye.profile
new file mode 100644
index 000000000..44c263cfc
--- /dev/null
+++ b/etc/vultureseye.profile
@@ -0,0 +1,8 @@
+# Firejail profile alias for nethack-vultures
+# This file is overwritten after every install/update
+noblacklist /var/games/vultureseye
+whitelist /var/games/vultureseye
+# Redirect
+include nethack-vultures.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index f16d9b823..d5c502a67 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -186,6 +186,7 @@ freecadcmd
 freeciv
 freeciv-gtk3
 freeciv-mp-gtk3
+freecol
 freemind
 freshclam
 frozen-bubble
@@ -387,6 +388,7 @@ odt2txt
 okular
 onionshare-gui
 open-invaders
+opencity
 openshot
 openshot-qt
 openttd
@@ -467,6 +469,7 @@ skanlite
 skype
 skypeforlinux
 slack
+slashem
 smplayer
 smtube
 snox
@@ -565,6 +568,8 @@ vivaldi-snapshot
 vivaldi-stable
 vlc
 vscodium
+vulturesclaw
+vultureseye
 vym
 w3m
 warsow

diff --git a/README.md b/README.md index 58c5cb5de..30256ad4a 100644 --- a/README.md +++ b/README.md
@@ -102,5 +102,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102	## Current development version: 0.9.59	102	## Current development version: 0.9.59
103		103
104	## New profiles:	104	## New profiles:
105	crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs	105	crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs, freecol, opencity, openclonk, slashem, vulturesclaw, vultureseye
106		106


diff --git a/RELNOTES b/RELNOTES index 070f68d37..6b5f19a8b 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -10,7 +10,8 @@ firejail (0.9.59) baseline; urgency=low
10	* new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles	10	* new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
11	* new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus	11	* new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
12	* new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt	12	* new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
13	* new profiles: kid3-cli, nomacs	13	* new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
		14	* new profiles: vultureseye, vulturesclaw
14	* memory-deny-write-execute now also blocks memfd_create	15	* memory-deny-write-execute now also blocks memfd_create
15	* drop support for flatpak/snap packages	16	* drop support for flatpak/snap packages
16		17


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 35b294955..f5a40ff5f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -51,6 +51,7 @@ blacklist ${HOME}/.bogofilter
51	blacklist ${HOME}/.bzf	51	blacklist ${HOME}/.bzf
52	blacklist ${HOME}/.claws-mail	52	blacklist ${HOME}/.claws-mail
53	blacklist ${HOME}/.cliqz	53	blacklist ${HOME}/.cliqz
		54	blacklist ${HOME}/.clonk
54	blacklist ${HOME}/.config/0ad	55	blacklist ${HOME}/.config/0ad
55	blacklist ${HOME}/.config/2048-qt	56	blacklist ${HOME}/.config/2048-qt
56	blacklist ${HOME}/.config/Atom	57	blacklist ${HOME}/.config/Atom
@@ -157,6 +158,7 @@ blacklist ${HOME}/.config/falkon
157	blacklist ${HOME}/.config/filezilla	158	blacklist ${HOME}/.config/filezilla
158	blacklist ${HOME}/.config/flowblade	159	blacklist ${HOME}/.config/flowblade
159	blacklist ${HOME}/.config/font-manager	160	blacklist ${HOME}/.config/font-manager
		161	blacklist ${HOME}/.config/freecol
160	blacklist ${HOME}/.config/gajim	162	blacklist ${HOME}/.config/gajim
161	blacklist ${HOME}/.config/galculator	163	blacklist ${HOME}/.config/galculator
162	blacklist ${HOME}/.config/gconf	164	blacklist ${HOME}/.config/gconf
@@ -325,6 +327,7 @@ blacklist ${HOME}/.flowblade
325	blacklist ${HOME}/.fltk	327	blacklist ${HOME}/.fltk
326	blacklist ${HOME}/.fossamail	328	blacklist ${HOME}/.fossamail
327	blacklist ${HOME}/.freeciv	329	blacklist ${HOME}/.freeciv
		330	blacklist ${HOME}/.freecol
328	blacklist ${HOME}/.freemind	331	blacklist ${HOME}/.freemind
329	blacklist ${HOME}/.frozen-bubble	332	blacklist ${HOME}/.frozen-bubble
330	blacklist ${HOME}/.gimp*	333	blacklist ${HOME}/.gimp*
@@ -455,6 +458,7 @@ blacklist ${HOME}/.local/share/epiphany
455	blacklist ${HOME}/.local/share/evolution	458	blacklist ${HOME}/.local/share/evolution
456	blacklist ${HOME}/.local/share/feedreader	459	blacklist ${HOME}/.local/share/feedreader
457	blacklist ${HOME}/.local/share/feral-interactive	460	blacklist ${HOME}/.local/share/feral-interactive
		461	blacklist ${HOME}/.local/share/freecol
458	blacklist ${HOME}/.local/share/gajim	462	blacklist ${HOME}/.local/share/gajim
459	blacklist ${HOME}/.local/share/geary	463	blacklist ${HOME}/.local/share/geary
460	blacklist ${HOME}/.local/share/geeqie	464	blacklist ${HOME}/.local/share/geeqie
@@ -546,6 +550,7 @@ blacklist ${HOME}/.netactview
546	blacklist ${HOME}/.neverball	550	blacklist ${HOME}/.neverball
547	blacklist ${HOME}/.nv	551	blacklist ${HOME}/.nv
548	blacklist ${HOME}/.nylas-mail	552	blacklist ${HOME}/.nylas-mail
		553	blacklist ${HOME}/.opencity
549	blacklist ${HOME}/.openinvaders	554	blacklist ${HOME}/.openinvaders
550	blacklist ${HOME}/.openshot	555	blacklist ${HOME}/.openshot
551	blacklist ${HOME}/.openshot_qt	556	blacklist ${HOME}/.openshot_qt
@@ -595,6 +600,7 @@ blacklist ${HOME}/.viking-maps
595	blacklist ${HOME}/.vscode	600	blacklist ${HOME}/.vscode
596	blacklist ${HOME}/.vscode-oss	601	blacklist ${HOME}/.vscode-oss
597	blacklist ${HOME}/.vst	602	blacklist ${HOME}/.vst
		603	blacklist ${HOME}/.vultures
598	blacklist ${HOME}/.w3m	604	blacklist ${HOME}/.w3m
599	blacklist ${HOME}/.warzone2100-3.*	605	blacklist ${HOME}/.warzone2100-3.*
600	blacklist ${HOME}/.waterfox	606	blacklist ${HOME}/.waterfox
@@ -644,6 +650,7 @@ blacklist ${HOME}/.cache/falkon
644	blacklist ${HOME}/.cache/feedreader	650	blacklist ${HOME}/.cache/feedreader
645	blacklist ${HOME}/.cache/font-manager	651	blacklist ${HOME}/.cache/font-manager
646	blacklist ${HOME}/.cache/fossamail	652	blacklist ${HOME}/.cache/fossamail
		653	blacklist ${HOME}/.cache/freecol
647	blacklist ${HOME}/.cache/gajim	654	blacklist ${HOME}/.cache/gajim
648	blacklist ${HOME}/.cache/geeqie	655	blacklist ${HOME}/.cache/geeqie
649	blacklist ${HOME}/.cache/google-chrome	656	blacklist ${HOME}/.cache/google-chrome
@@ -717,4 +724,7 @@ blacklist ${HOME}/.cache/yandex-browser
717	blacklist ${HOME}/.cache/yandex-browser-beta	724	blacklist ${HOME}/.cache/yandex-browser-beta
718		725
719	blacklist /var/games/nethack	726	blacklist /var/games/nethack
		727	blacklist /var/games/slashem
		728	blacklist /var/games/vulturesclaw
		729	blacklist /var/games/vultureseye
720	blacklist /var/lib/games/Maelstrom-Scores	730	blacklist /var/lib/games/Maelstrom-Scores


diff --git a/etc/freecol.profile b/etc/freecol.profile new file mode 100644 index 000000000..7987cc076 --- /dev/null +++ b/etc/freecol.profile
@@ -0,0 +1,60 @@
		1	# Firejail profile for freecol
		2	# Description: Turn-based multi-player strategy game
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include freecol.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.freecol
		10	noblacklist ${HOME}/.java
		11	noblacklist ${HOME}/.cache/freecol
		12	noblacklist ${HOME}/.config/freecol
		13	noblacklist ${HOME}/.local/share/freecol
		14
		15	# Allow access to java
		16	noblacklist ${PATH}/java
		17	noblacklist /usr/lib/java
		18	noblacklist /etc/java
		19	noblacklist /usr/share/java
		20
		21	include disable-common.inc
		22	include disable-devel.inc
		23	include disable-exec.inc
		24	include disable-interpreters.inc
		25	include disable-passwdmgr.inc
		26	include disable-programs.inc
		27	include disable-xdg.inc
		28
		29	mkdir ${HOME}/.java
		30	mkdir ${HOME}/.cache/freecol
		31	mkdir ${HOME}/.config/freecol
		32	mkdir ${HOME}/.local/share/freecol
		33	whitelist ${HOME}/.freecol
		34	whitelist ${HOME}/.java
		35	whitelist ${HOME}/.cache/freecol
		36	whitelist ${HOME}/.config/freecol
		37	whitelist ${HOME}/.local/share/freecol
		38	include whitelist-common.inc
		39	include whitelist-var-common.inc
		40
		41	caps.drop all
		42	ipc-namespace
		43	netfilter
		44	nodbus
		45	nodvd
		46	nogroups
		47	nonewprivs
		48	noroot
		49	notv
		50	nou2f
		51	novideo
		52	protocol unix,inet,inet6
		53	seccomp
		54	shell none
		55	tracelog
		56
		57	disable-mnt
		58	private-cache
		59	private-dev
		60	private-tmp


diff --git a/etc/nethack-vultures.profile b/etc/nethack-vultures.profile new file mode 100644 index 000000000..771430337 --- /dev/null +++ b/etc/nethack-vultures.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for nethack-vultures
		2	# Description: A rogue-like single player dungeon exploration game
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include nethack.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9
		10	noblacklist ${HOME}/.vultures
		11	noblacklist /var/log
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18
		19	mkdir ${HOME}/.vultures
		20	whitelist ${HOME}/.vultures
		21	whitelist /var/log/vultures
		22	include whitelist-common.inc
		23	include whitelist-var-common.inc
		24
		25	caps.drop all
		26	ipc-namespace
		27	net none
		28	nodbus
		29	nodvd
		30	nogroups
		31	#nonewprivs
		32	#noroot
		33	notv
		34	novideo
		35	#protocol unix,netlink
		36	#seccomp
		37	shell none
		38
		39	disable-mnt
		40	#private
		41	private-cache
		42	private-dev
		43	private-tmp
		44	writable-var
		45
		46	noexec ${HOME}
		47	noexec /tmp


diff --git a/etc/opencity.profile b/etc/opencity.profile new file mode 100644 index 000000000..6a27c8095 --- /dev/null +++ b/etc/opencity.profile
@@ -0,0 +1,44 @@
		1	# Firejail profile for opencity
		2	# Description: Full 3D city simulator game project
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include opencity.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.opencity
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	mkdir ${HOME}/.opencity
		20	whitelist ${HOME}/.opencity
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
		24	caps.drop all
		25	ipc-namespace
		26	net none
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	private-bin opencity
		42	private-cache
		43	private-dev
		44	private-tmp


diff --git a/etc/openclonk.profile b/etc/openclonk.profile new file mode 100644 index 000000000..02663c2f4 --- /dev/null +++ b/etc/openclonk.profile
@@ -0,0 +1,44 @@
		1	# Firejail profile for openclonk
		2	# Description: Multiplayer action, tactics and skill game
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include openclonk.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.clonk
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	mkdir ${HOME}/.clonk
		20	whitelist ${HOME}/.clonk
		21	include whitelist-common.inc
		22	include whitelist-var-common.inc
		23
		24	caps.drop all
		25	ipc-namespace
		26	net none
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	private-bin openclonk,c4group
		42	private-cache
		43	private-dev
		44	private-tmp


diff --git a/etc/slashem.profile b/etc/slashem.profile new file mode 100644 index 000000000..0a372ce5f --- /dev/null +++ b/etc/slashem.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for slashem
		2	# Description: A rogue-like single player dungeon exploration game
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include slashem.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9
		10	noblacklist /var/games/slashem
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17
		18	whitelist /var/games/slashem
		19	include whitelist-common.inc
		20	include whitelist-var-common.inc
		21
		22	caps.drop all
		23	ipc-namespace
		24	net none
		25	no3d
		26	nodbus
		27	nodvd
		28	nogroups
		29	#nonewprivs
		30	#noroot
		31	nosound
		32	notv
		33	novideo
		34	#protocol unix,netlink
		35	#seccomp
		36	shell none
		37
		38	disable-mnt
		39	#private
		40	private-cache
		41	private-dev
		42	private-tmp
		43	writable-var
		44
		45	#memory-deny-write-execute
		46	noexec ${HOME}
		47	noexec /tmp


diff --git a/etc/vulturesclaw.profile b/etc/vulturesclaw.profile new file mode 100644 index 000000000..2e9078a7b --- /dev/null +++ b/etc/vulturesclaw.profile
@@ -0,0 +1,8 @@
		1	# Firejail profile alias for nethack-vultures
		2	# This file is overwritten after every install/update
		3
		4	noblacklist /var/games/vulturesclaw
		5	whitelist /var/games/vulturesclaw
		6
		7	# Redirect
		8	include nethack-vultures.profile


diff --git a/etc/vultureseye.profile b/etc/vultureseye.profile new file mode 100644 index 000000000..44c263cfc --- /dev/null +++ b/etc/vultureseye.profile
@@ -0,0 +1,8 @@
		1	# Firejail profile alias for nethack-vultures
		2	# This file is overwritten after every install/update
		3
		4	noblacklist /var/games/vultureseye
		5	whitelist /var/games/vultureseye
		6
		7	# Redirect
		8	include nethack-vultures.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f16d9b823..d5c502a67 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -186,6 +186,7 @@ freecadcmd
186	freeciv	186	freeciv
187	freeciv-gtk3	187	freeciv-gtk3
188	freeciv-mp-gtk3	188	freeciv-mp-gtk3
		189	freecol
189	freemind	190	freemind
190	freshclam	191	freshclam
191	frozen-bubble	192	frozen-bubble
@@ -387,6 +388,7 @@ odt2txt
387	okular	388	okular
388	onionshare-gui	389	onionshare-gui
389	open-invaders	390	open-invaders
		391	opencity
390	openshot	392	openshot
391	openshot-qt	393	openshot-qt
392	openttd	394	openttd
@@ -467,6 +469,7 @@ skanlite
467	skype	469	skype
468	skypeforlinux	470	skypeforlinux
469	slack	471	slack
		472	slashem
470	smplayer	473	smplayer
471	smtube	474	smtube
472	snox	475	snox
@@ -565,6 +568,8 @@ vivaldi-snapshot
565	vivaldi-stable	568	vivaldi-stable
566	vlc	569	vlc
567	vscodium	570	vscodium
		571	vulturesclaw
		572	vultureseye
568	vym	573	vym
569	w3m	574	w3m
570	warsow	575	warsow