aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--RELNOTES3
-rw-r--r--etc/bzflag.profile44
-rw-r--r--etc/disable-programs.inc6
-rw-r--r--etc/freeciv-gtk3.profile5
-rw-r--r--etc/freeciv-mp-gtk3.profile5
-rw-r--r--etc/freeciv.profile44
-rw-r--r--etc/lincity-ng.profile44
-rw-r--r--etc/megaglest.profile44
-rw-r--r--etc/megaglest_editor.profile5
-rw-r--r--etc/openttd.profile44
-rw-r--r--etc/ostrichriders.profile3
-rw-r--r--src/firecfg/firecfg.config8
13 files changed, 253 insertions, 4 deletions
diff --git a/README.md b/README.md
index 1f7af9149..652862646 100644
--- a/README.md
+++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102## Current development version: 0.9.59 102## Current development version: 0.9.59
103 103
104## New profiles: 104## New profiles:
105crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders 105crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd
diff --git a/RELNOTES b/RELNOTES
index cd300a3f1..92a6a4109 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,7 +6,8 @@ firejail (0.9.59) baseline; urgency=low
6 * new profiles: netactview, redshift, devhelp, assogiate, subdownloader 6 * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
7 * new profiles: font-manager, exfalso, gconf-editor, dconf-editor 7 * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
8 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings 8 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
9 * new profiles: code-oss, pragha, Maelstrom, ostrichriders 9 * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
10 * new profiles: freeciv, lincity-ng, megaglest, openttd
10 * memory-deny-write-execute now also blocks memfd_create 11 * memory-deny-write-execute now also blocks memfd_create
11 * drop support for flatpak/snap packages 12 * drop support for flatpak/snap packages
12 13
diff --git a/etc/bzflag.profile b/etc/bzflag.profile
new file mode 100644
index 000000000..94cd40899
--- /dev/null
+++ b/etc/bzflag.profile
@@ -0,0 +1,44 @@
1# Firejail profile for bzflag
2# Description: 3D multi-player tank battle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include bzflag.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.bzf
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.bzf
20whitelist ${HOME}/.bzf
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26netfilter
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix,inet,inet6
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin bzflag,bzflag-wrapper,bzfs,bzadmin
42private-cache
43private-dev
44private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index b8ecd4b13..0237ad2ba 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -48,6 +48,7 @@ blacklist ${HOME}/.bcast5
48blacklist ${HOME}/.bibletime 48blacklist ${HOME}/.bibletime
49blacklist ${HOME}/.bitcoin 49blacklist ${HOME}/.bitcoin
50blacklist ${HOME}/.bogofilter 50blacklist ${HOME}/.bogofilter
51blacklist ${HOME}/.bzf
51blacklist ${HOME}/.claws-mail 52blacklist ${HOME}/.claws-mail
52blacklist ${HOME}/.cliqz 53blacklist ${HOME}/.cliqz
53blacklist ${HOME}/.config/0ad 54blacklist ${HOME}/.config/0ad
@@ -296,6 +297,7 @@ blacklist ${HOME}/.config/yandex-browser-beta
296blacklist ${HOME}/.config/zathura 297blacklist ${HOME}/.config/zathura
297blacklist ${HOME}/.config/zoomus.conf 298blacklist ${HOME}/.config/zoomus.conf
298blacklist ${HOME}/.conkeror.mozdev.org 299blacklist ${HOME}/.conkeror.mozdev.org
300blacklist ${HOME}/.crawl
299blacklist ${HOME}/.curlrc 301blacklist ${HOME}/.curlrc
300blacklist ${HOME}/.dashcore 302blacklist ${HOME}/.dashcore
301blacklist ${HOME}/.devilspie 303blacklist ${HOME}/.devilspie
@@ -318,6 +320,7 @@ blacklist ${HOME}/.filezilla
318blacklist ${HOME}/.flowblade 320blacklist ${HOME}/.flowblade
319blacklist ${HOME}/.fltk 321blacklist ${HOME}/.fltk
320blacklist ${HOME}/.fossamail 322blacklist ${HOME}/.fossamail
323blacklist ${HOME}/.freeciv
321blacklist ${HOME}/.frozen-bubble 324blacklist ${HOME}/.frozen-bubble
322blacklist ${HOME}/.gimp* 325blacklist ${HOME}/.gimp*
323blacklist ${HOME}/.git-credential-cache 326blacklist ${HOME}/.git-credential-cache
@@ -404,6 +407,7 @@ blacklist ${HOME}/.killingfloor
404blacklist ${HOME}/.kino-history 407blacklist ${HOME}/.kino-history
405blacklist ${HOME}/.kinorc 408blacklist ${HOME}/.kinorc
406blacklist ${HOME}/.kodi 409blacklist ${HOME}/.kodi
410blacklist ${HOME}/.lincity-ng
407blacklist ${HOME}/.linphone-history.db 411blacklist ${HOME}/.linphone-history.db
408blacklist ${HOME}/.linphonerc 412blacklist ${HOME}/.linphonerc
409blacklist ${HOME}/.lmmsrc.xml 413blacklist ${HOME}/.lmmsrc.xml
@@ -519,6 +523,7 @@ blacklist ${HOME}/.masterpdfeditor
519blacklist ${HOME}/.mcabber 523blacklist ${HOME}/.mcabber
520blacklist ${HOME}/.mcabberrc 524blacklist ${HOME}/.mcabberrc
521blacklist ${HOME}/.mediathek3 525blacklist ${HOME}/.mediathek3
526blacklist ${HOME}/.megaglest
522blacklist ${HOME}/.minetest 527blacklist ${HOME}/.minetest
523blacklist ${HOME}/.moonchild productions/basilisk 528blacklist ${HOME}/.moonchild productions/basilisk
524blacklist ${HOME}/.moonchild productions/pale moon 529blacklist ${HOME}/.moonchild productions/pale moon
@@ -536,6 +541,7 @@ blacklist ${HOME}/.nylas-mail
536blacklist ${HOME}/.openinvaders 541blacklist ${HOME}/.openinvaders
537blacklist ${HOME}/.openshot 542blacklist ${HOME}/.openshot
538blacklist ${HOME}/.openshot_qt 543blacklist ${HOME}/.openshot_qt
544blacklist ${HOME}/.openttd
539blacklist ${HOME}/.opera 545blacklist ${HOME}/.opera
540blacklist ${HOME}/.opera-beta 546blacklist ${HOME}/.opera-beta
541blacklist ${HOME}/.ostrichriders 547blacklist ${HOME}/.ostrichriders
diff --git a/etc/freeciv-gtk3.profile b/etc/freeciv-gtk3.profile
new file mode 100644
index 000000000..fa36459e7
--- /dev/null
+++ b/etc/freeciv-gtk3.profile
@@ -0,0 +1,5 @@
1# Firejail profile alias for freeciv
2# This file is overwritten after every install/update
3
4# Redirect
5include freeciv.profile
diff --git a/etc/freeciv-mp-gtk3.profile b/etc/freeciv-mp-gtk3.profile
new file mode 100644
index 000000000..fa36459e7
--- /dev/null
+++ b/etc/freeciv-mp-gtk3.profile
@@ -0,0 +1,5 @@
1# Firejail profile alias for freeciv
2# This file is overwritten after every install/update
3
4# Redirect
5include freeciv.profile
diff --git a/etc/freeciv.profile b/etc/freeciv.profile
new file mode 100644
index 000000000..4813379a7
--- /dev/null
+++ b/etc/freeciv.profile
@@ -0,0 +1,44 @@
1# Firejail profile for freeciv
2# Description: A multi-player strategy game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include freeciv.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.freeciv
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.freeciv
20whitelist ${HOME}/.freeciv
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26netfilter
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix,inet,inet6
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin freeciv-gtk3,freeciv-mp-gtk3,freeciv-server,freeciv-manual
42private-cache
43private-dev
44private-tmp
diff --git a/etc/lincity-ng.profile b/etc/lincity-ng.profile
new file mode 100644
index 000000000..b55ac9a15
--- /dev/null
+++ b/etc/lincity-ng.profile
@@ -0,0 +1,44 @@
1# Firejail profile for lincity-ng
2# Description: City simulation game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include lincity-ng.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.lincity-ng
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.lincity-ng
20whitelist ${HOME}/.lincity-ng
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26net none
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin lincity-ng
42private-cache
43private-dev
44private-tmp
diff --git a/etc/megaglest.profile b/etc/megaglest.profile
new file mode 100644
index 000000000..08eae6dfc
--- /dev/null
+++ b/etc/megaglest.profile
@@ -0,0 +1,44 @@
1# Firejail profile for megaglest
2# Description: 3D multi-player real time strategy game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include megaglest.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.megaglest
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.megaglest
20whitelist ${HOME}/.megaglest
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26netfilter
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix,inet,inet6,netlink
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin megaglest,megaglest_editor,megaglest_g3dviewer
42private-cache
43private-dev
44private-tmp
diff --git a/etc/megaglest_editor.profile b/etc/megaglest_editor.profile
new file mode 100644
index 000000000..02aad8084
--- /dev/null
+++ b/etc/megaglest_editor.profile
@@ -0,0 +1,5 @@
1# Firejail profile alias for megaglest
2# This file is overwritten after every install/update
3
4# Redirect
5include megaglest.profile
diff --git a/etc/openttd.profile b/etc/openttd.profile
new file mode 100644
index 000000000..5de4d325d
--- /dev/null
+++ b/etc/openttd.profile
@@ -0,0 +1,44 @@
1# Firejail profile for openttd
2# Description: Transport system simulation game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include openttd.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.openttd
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.openttd
20whitelist ${HOME}/.openttd
21include whitelist-common.inc
22include whitelist-var-common.inc
23
24caps.drop all
25ipc-namespace
26netfilter
27nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34novideo
35protocol unix,inet,inet6
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin openttd
42private-cache
43private-dev
44private-tmp
diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile
index 4eedddefd..bef784126 100644
--- a/etc/ostrichriders.profile
+++ b/etc/ostrichriders.profile
@@ -32,8 +32,7 @@ noroot
32notv 32notv
33nou2f 33nou2f
34novideo 34novideo
35# protocol seems to have a huge impact on performance 35protocol unix,netlink
36#protocol unix
37seccomp 36seccomp
38shell none 37shell none
39tracelog 38tracelog
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 1e59bbb4f..790768290 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -70,6 +70,7 @@ brasero
70brave 70brave
71brave-browser 71brave-browser
72bunzip2 72bunzip2
73bzflag
73bzip2 74bzip2
74calibre 75calibre
75calligra 76calligra
@@ -180,6 +181,9 @@ fossamail
180franz 181franz
181freecad 182freecad
182freecadcmd 183freecadcmd
184freeciv
185freeciv-gtk3
186freeciv-mp-gtk3
183freshclam 187freshclam
184frozen-bubble 188frozen-bubble
185gajim 189gajim
@@ -291,6 +295,7 @@ leafpad
291less 295less
292libreoffice 296libreoffice
293liferea 297liferea
298lincity-ng
294linphone 299linphone
295lmms 300lmms
296lobase 301lobase
@@ -325,6 +330,8 @@ mathematica
325mcabber 330mcabber
326mediainfo 331mediainfo
327mediathekview 332mediathekview
333megaglest
334megaglest_editor
328meld 335meld
329mencoder 336mencoder
330mendeleydesktop 337mendeleydesktop
@@ -375,6 +382,7 @@ onionshare-gui
375open-invaders 382open-invaders
376openshot 383openshot
377openshot-qt 384openshot-qt
385openttd
378opera 386opera
379opera-beta 387opera-beta
380orage 388orage
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-27 21:29:25 +0000