diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/blobwars.profile | 47 | ||||
-rw-r--r-- | etc/disable-programs.inc | 8 | ||||
-rw-r--r-- | etc/gravity-beams-and-evaporating-stars.profile | 44 | ||||
-rw-r--r-- | etc/hyperrogue.profile | 48 | ||||
-rw-r--r-- | etc/jumpnbump-menu.profile | 15 | ||||
-rw-r--r-- | etc/jumpnbump.profile | 47 | ||||
-rw-r--r-- | etc/magicor.profile | 49 | ||||
-rw-r--r-- | etc/mindless.profile | 48 | ||||
-rw-r--r-- | etc/mirrormagic.profile | 48 | ||||
-rw-r--r-- | etc/mrrescue.profile | 47 | ||||
-rw-r--r-- | etc/scorched3d-wrapper.profile | 5 | ||||
-rw-r--r-- | etc/scorchwentbonkers.profile | 47 | ||||
-rw-r--r-- | etc/seahorse-adventures.profile | 48 | ||||
-rw-r--r-- | etc/wordwarvi.profile | 49 | ||||
-rw-r--r-- | etc/xbill.profile | 51 |
15 files changed, 601 insertions, 0 deletions
diff --git a/etc/blobwars.profile b/etc/blobwars.profile new file mode 100644 index 000000000..c0fa5ab91 --- /dev/null +++ b/etc/blobwars.profile | |||
@@ -0,0 +1,47 @@ | |||
1 | # Firejail profile for blobwars | ||
2 | # Description: Mission and Objective based 2D Platform Game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include blobwars.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.parallelrealities/blobwars | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.parallelrealities/blobwars | ||
20 | whitelist ${HOME}/.parallelrealities/blobwars | ||
21 | whitelist /usr/share/blobwars | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix,netlink | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private-bin blobwars | ||
44 | private-cache | ||
45 | private-dev | ||
46 | private-etc machine-id | ||
47 | private-tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 5bb2f851a..1cbc9f6d4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -10,6 +10,7 @@ blacklist ${HOME}/SoftMaker | |||
10 | blacklist ${HOME}/Standard Notes Backups | 10 | blacklist ${HOME}/Standard Notes Backups |
11 | blacklist ${HOME}/TeamSpeak3-Client-linux_x86 | 11 | blacklist ${HOME}/TeamSpeak3-Client-linux_x86 |
12 | blacklist ${HOME}/TeamSpeak3-Client-linux_amd64 | 12 | blacklist ${HOME}/TeamSpeak3-Client-linux_amd64 |
13 | blacklist ${HOME}/hyperrogue.ini | ||
13 | blacklist ${HOME}/mps | 14 | blacklist ${HOME}/mps |
14 | blacklist ${HOME}/wallet.dat | 15 | blacklist ${HOME}/wallet.dat |
15 | blacklist ${HOME}/.*coin | 16 | blacklist ${HOME}/.*coin |
@@ -410,6 +411,7 @@ blacklist ${HOME}/.jak | |||
410 | blacklist ${HOME}/.java | 411 | blacklist ${HOME}/.java |
411 | blacklist ${HOME}/.jd | 412 | blacklist ${HOME}/.jd |
412 | blacklist ${HOME}/.jitsi | 413 | blacklist ${HOME}/.jitsi |
414 | blacklist ${HOME}/.jumpnbump | ||
413 | blacklist ${HOME}/.kde/share/apps/digikam | 415 | blacklist ${HOME}/.kde/share/apps/digikam |
414 | blacklist ${HOME}/.kde/share/apps/gwenview | 416 | blacklist ${HOME}/.kde/share/apps/gwenview |
415 | blacklist ${HOME}/.kde/share/apps/kaffeine | 417 | blacklist ${HOME}/.kde/share/apps/kaffeine |
@@ -574,6 +576,7 @@ blacklist ${HOME}/.local/share/kwrite | |||
574 | blacklist ${HOME}/.local/share/liferea | 576 | blacklist ${HOME}/.local/share/liferea |
575 | blacklist ${HOME}/.local/share/local-mail | 577 | blacklist ${HOME}/.local/share/local-mail |
576 | blacklist ${HOME}/.local/share/lollypop | 578 | blacklist ${HOME}/.local/share/lollypop |
579 | blacklist ${HOME}/.local/share/love | ||
577 | blacklist ${HOME}/.local/share/lugaru | 580 | blacklist ${HOME}/.local/share/lugaru |
578 | blacklist ${HOME}/.local/share/mana | 581 | blacklist ${HOME}/.local/share/mana |
579 | blacklist ${HOME}/.local/share/maps-places.json | 582 | blacklist ${HOME}/.local/share/maps-places.json |
@@ -624,12 +627,14 @@ blacklist ${HOME}/.local/share/xplayer | |||
624 | blacklist ${HOME}/.local/share/xreader | 627 | blacklist ${HOME}/.local/share/xreader |
625 | blacklist ${HOME}/.local/share/zathura | 628 | blacklist ${HOME}/.local/share/zathura |
626 | blacklist ${HOME}/.lv2 | 629 | blacklist ${HOME}/.lv2 |
630 | blacklist ${HOME}/.magicor | ||
627 | blacklist ${HOME}/.masterpdfeditor | 631 | blacklist ${HOME}/.masterpdfeditor |
628 | blacklist ${HOME}/.mcabber | 632 | blacklist ${HOME}/.mcabber |
629 | blacklist ${HOME}/.mcabberrc | 633 | blacklist ${HOME}/.mcabberrc |
630 | blacklist ${HOME}/.mediathek3 | 634 | blacklist ${HOME}/.mediathek3 |
631 | blacklist ${HOME}/.megaglest | 635 | blacklist ${HOME}/.megaglest |
632 | blacklist ${HOME}/.minetest | 636 | blacklist ${HOME}/.minetest |
637 | blacklist ${HOME}/.mirrormagic | ||
633 | blacklist ${HOME}/.moonchild productions/basilisk | 638 | blacklist ${HOME}/.moonchild productions/basilisk |
634 | blacklist ${HOME}/.moonchild productions/pale moon | 639 | blacklist ${HOME}/.moonchild productions/pale moon |
635 | blacklist ${HOME}/.mozilla | 640 | blacklist ${HOME}/.mozilla |
@@ -655,6 +660,7 @@ blacklist ${HOME}/.openttd | |||
655 | blacklist ${HOME}/.opera | 660 | blacklist ${HOME}/.opera |
656 | blacklist ${HOME}/.opera-beta | 661 | blacklist ${HOME}/.opera-beta |
657 | blacklist ${HOME}/.ostrichriders | 662 | blacklist ${HOME}/.ostrichriders |
663 | blacklist ${HOME}/.parallelrealities/blobwars | ||
658 | blacklist ${HOME}/.penguin-command | 664 | blacklist ${HOME}/.penguin-command |
659 | blacklist ${HOME}/.pingus | 665 | blacklist ${HOME}/.pingus |
660 | blacklist ${HOME}/.pioneer | 666 | blacklist ${HOME}/.pioneer |
@@ -681,6 +687,7 @@ blacklist ${HOME}/.steampid | |||
681 | blacklist ${HOME}/.stellarium | 687 | blacklist ${HOME}/.stellarium |
682 | blacklist ${HOME}/.subversion | 688 | blacklist ${HOME}/.subversion |
683 | blacklist ${HOME}/.surf | 689 | blacklist ${HOME}/.surf |
690 | blacklist ${HOME}/.swb.ini | ||
684 | blacklist ${HOME}/.sword | 691 | blacklist ${HOME}/.sword |
685 | blacklist ${HOME}/.sylpheed-2.0 | 692 | blacklist ${HOME}/.sylpheed-2.0 |
686 | blacklist ${HOME}/.synfig | 693 | blacklist ${HOME}/.synfig |
@@ -716,6 +723,7 @@ blacklist ${HOME}/.widelands | |||
716 | blacklist ${HOME}/.wine | 723 | blacklist ${HOME}/.wine |
717 | blacklist ${HOME}/.wine64 | 724 | blacklist ${HOME}/.wine64 |
718 | blacklist ${HOME}/.wireshark | 725 | blacklist ${HOME}/.wireshark |
726 | blacklist ${HOME}/.wordwarvi | ||
719 | blacklist ${HOME}/.wormux | 727 | blacklist ${HOME}/.wormux |
720 | blacklist ${HOME}/.xiphos | 728 | blacklist ${HOME}/.xiphos |
721 | blacklist ${HOME}/.xmind | 729 | blacklist ${HOME}/.xmind |
diff --git a/etc/gravity-beams-and-evaporating-stars.profile b/etc/gravity-beams-and-evaporating-stars.profile new file mode 100644 index 000000000..a0ffa0d88 --- /dev/null +++ b/etc/gravity-beams-and-evaporating-stars.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for gravity-beams-and-evaporating-stars | ||
2 | # Description: a game about hurling asteroids into the sun | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gravity-beams-and-evaporating-stars.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | whitelist /usr/share/gravity-beams-and-evaporating-stars | ||
18 | include whitelist-common.inc | ||
19 | include whitelist-usr-share-common.inc | ||
20 | include whitelist-var-common.inc | ||
21 | |||
22 | apparmor | ||
23 | caps.drop all | ||
24 | net none | ||
25 | nodbus | ||
26 | nodvd | ||
27 | nogroups | ||
28 | nonewprivs | ||
29 | noroot | ||
30 | notv | ||
31 | nou2f | ||
32 | novideo | ||
33 | protocol unix | ||
34 | seccomp | ||
35 | shell none | ||
36 | tracelog | ||
37 | |||
38 | disable-mnt | ||
39 | private | ||
40 | private-bin gravity-beams-and-evaporating-stars | ||
41 | private-cache | ||
42 | private-dev | ||
43 | private-etc fonts,machine-id | ||
44 | private-tmp | ||
diff --git a/etc/hyperrogue.profile b/etc/hyperrogue.profile new file mode 100644 index 000000000..e6b385de9 --- /dev/null +++ b/etc/hyperrogue.profile | |||
@@ -0,0 +1,48 @@ | |||
1 | # Firejail profile for hyperrogue | ||
2 | # Description: An SDL roguelike in a non-euclidean world | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include hyperrogue.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/hyperrogue.ini | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkfile ${HOME}/hyperrogue.ini | ||
20 | whitelist ${HOME}/hyperrogue.ini | ||
21 | whitelist /usr/share/hyperrogue | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private-bin hyperrogue | ||
44 | private-cache | ||
45 | private-cwd ${HOME} | ||
46 | private-dev | ||
47 | private-etc fonts,machine-id | ||
48 | private-tmp | ||
diff --git a/etc/jumpnbump-menu.profile b/etc/jumpnbump-menu.profile new file mode 100644 index 000000000..b1852b015 --- /dev/null +++ b/etc/jumpnbump-menu.profile | |||
@@ -0,0 +1,15 @@ | |||
1 | # Firejail profile for jumpnbump-menu | ||
2 | # Description: Level selection and config menu for the Jump 'n Bump game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include jumpnbump-menu.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | include allow-python3.inc | ||
11 | |||
12 | private-bin jumpnbump-menu,python3* | ||
13 | |||
14 | # Redirect | ||
15 | include jumpnbump.profile | ||
diff --git a/etc/jumpnbump.profile b/etc/jumpnbump.profile new file mode 100644 index 000000000..c8167e1dc --- /dev/null +++ b/etc/jumpnbump.profile | |||
@@ -0,0 +1,47 @@ | |||
1 | # Firejail profile for jumpnbump | ||
2 | # Description: Cute multiplayer platform game with bunnies | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include jumpnbump.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.jumpnbump | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.jumpnbump | ||
20 | whitelist ${HOME}/.jumpnbump | ||
21 | whitelist /usr/share/jumpnbump | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix,netlink | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private-bin jumpnbump | ||
44 | private-cache | ||
45 | private-dev | ||
46 | private-etc none | ||
47 | private-tmp | ||
diff --git a/etc/magicor.profile b/etc/magicor.profile new file mode 100644 index 000000000..c34e7b6f2 --- /dev/null +++ b/etc/magicor.profile | |||
@@ -0,0 +1,49 @@ | |||
1 | # Firejail profile for magicor | ||
2 | # Description: Push ice blocks around to extinguish all fires | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include magicor.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.magicor | ||
10 | |||
11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
12 | include allow-python2.inc | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | mkdir ${HOME}/.magicor | ||
23 | whitelist ${HOME}/.magicor | ||
24 | whitelist /usr/share/magicor | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-usr-share-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | apparmor | ||
30 | caps.drop all | ||
31 | net none | ||
32 | nodbus | ||
33 | nodvd | ||
34 | nogroups | ||
35 | nonewprivs | ||
36 | notv | ||
37 | nou2f | ||
38 | novideo | ||
39 | protocol unix | ||
40 | seccomp | ||
41 | shell none | ||
42 | tracelog | ||
43 | |||
44 | disable-mnt | ||
45 | private-bin magicor,python2* | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc machine-id | ||
49 | private-tmp | ||
diff --git a/etc/mindless.profile b/etc/mindless.profile new file mode 100644 index 000000000..4f33404eb --- /dev/null +++ b/etc/mindless.profile | |||
@@ -0,0 +1,48 @@ | |||
1 | # Firejail profile for mindless | ||
2 | # Description: figure out the secret code | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include mindless.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | whitelist /usr/share/mindless | ||
18 | include whitelist-usr-share-common.inc | ||
19 | include whitelist-var-common.inc | ||
20 | |||
21 | apparmor | ||
22 | caps.drop all | ||
23 | machine-id | ||
24 | net none | ||
25 | no3d | ||
26 | nodbus | ||
27 | nodvd | ||
28 | nogroups | ||
29 | nonewprivs | ||
30 | noroot | ||
31 | nosound | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private | ||
42 | private-bin mindless | ||
43 | private-cache | ||
44 | private-dev | ||
45 | private-etc fonts | ||
46 | private-tmp | ||
47 | |||
48 | memory-deny-write-execute | ||
diff --git a/etc/mirrormagic.profile b/etc/mirrormagic.profile new file mode 100644 index 000000000..8892ca94d --- /dev/null +++ b/etc/mirrormagic.profile | |||
@@ -0,0 +1,48 @@ | |||
1 | # Firejail profile for mirrormagic | ||
2 | # Description: Puzzle game where you steer a beam of light using mirrors | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include mirrormagic.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.mirrormagic | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.mirrormagic | ||
20 | whitelist ${HOME}/.mirrormagic | ||
21 | whitelist /usr/share/mirrormagic | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix,netlink | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private | ||
44 | private-bin mirrormagic | ||
45 | private-cache | ||
46 | private-dev | ||
47 | private-etc machine-id | ||
48 | private-tmp | ||
diff --git a/etc/mrrescue.profile b/etc/mrrescue.profile new file mode 100644 index 000000000..869a162f8 --- /dev/null +++ b/etc/mrrescue.profile | |||
@@ -0,0 +1,47 @@ | |||
1 | # Firejail profile for mrrescue | ||
2 | # Description: Arcade-style fire fighting game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include mrrescue.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.local/share/love | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.local/share/love | ||
20 | whitelist ${HOME}/.local/share/love | ||
21 | whitelist /usr/share/mrrescue | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix,netlink | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private-bin love,mrrescue,sh | ||
44 | private-cache | ||
45 | private-dev | ||
46 | private-etc machine-id | ||
47 | private-tmp | ||
diff --git a/etc/scorched3d-wrapper.profile b/etc/scorched3d-wrapper.profile new file mode 100644 index 000000000..3eed8842b --- /dev/null +++ b/etc/scorched3d-wrapper.profile | |||
@@ -0,0 +1,5 @@ | |||
1 | # Firejail profile for scorched3d | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | # Redirect | ||
5 | include scorched3d.profile | ||
diff --git a/etc/scorchwentbonkers.profile b/etc/scorchwentbonkers.profile new file mode 100644 index 000000000..fcb3d5f29 --- /dev/null +++ b/etc/scorchwentbonkers.profile | |||
@@ -0,0 +1,47 @@ | |||
1 | # Firejail profile for scorchwentbonkers | ||
2 | # Description: Realtime remake of Scorched Earth | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include scorchwentbonkers.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.swb.ini | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.swb.ini | ||
20 | whitelist ${HOME}/.swb.ini | ||
21 | whitelist /usr/share/scorchwentbonkers | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private-bin scorchwentbonkers | ||
44 | private-cache | ||
45 | private-dev | ||
46 | private-etc alsa,asound.conf,machine-id,pulse | ||
47 | private-tmp | ||
diff --git a/etc/seahorse-adventures.profile b/etc/seahorse-adventures.profile new file mode 100644 index 000000000..5fd654eed --- /dev/null +++ b/etc/seahorse-adventures.profile | |||
@@ -0,0 +1,48 @@ | |||
1 | # Firejail profile for seahorse-adventures | ||
2 | # Description: Help barbie the seahorse float on bubbles to the moon | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include seahorse-adventures.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | # Allow python (blacklisted by disable-interpreters.inc) | ||
10 | include allow-python2.inc | ||
11 | include allow-python3.inc | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | whitelist /usr/share/seahorse-adventures | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | nodbus | ||
30 | nodvd | ||
31 | nogroups | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private | ||
44 | private-bin python*,seahorse-adventures | ||
45 | private-cache | ||
46 | private-dev | ||
47 | private-etc machine-id | ||
48 | private-tmp | ||
diff --git a/etc/wordwarvi.profile b/etc/wordwarvi.profile new file mode 100644 index 000000000..ea750e172 --- /dev/null +++ b/etc/wordwarvi.profile | |||
@@ -0,0 +1,49 @@ | |||
1 | # Firejail profile for wordwarvi | ||
2 | # Description: Old school '80's style side scrolling space shoot'em up game. | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include wordwarvi.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.wordwarvi | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.wordwarvi | ||
20 | whitelist ${HOME}/.wordwarvi | ||
21 | whitelist /usr/share/wordwarvi | ||
22 | include whitelist-common.inc | ||
23 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | ||
25 | |||
26 | apparmor | ||
27 | caps.drop all | ||
28 | net none | ||
29 | no3d | ||
30 | nodbus | ||
31 | nodvd | ||
32 | nogroups | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol unix | ||
39 | seccomp | ||
40 | shell none | ||
41 | tracelog | ||
42 | |||
43 | disable-mnt | ||
44 | private | ||
45 | private-bin wordwarvi | ||
46 | private-cache | ||
47 | private-dev | ||
48 | private-etc alsa,asound.conf,machine-id,pulse | ||
49 | private-tmp | ||
diff --git a/etc/xbill.profile b/etc/xbill.profile new file mode 100644 index 000000000..fc29dced6 --- /dev/null +++ b/etc/xbill.profile | |||
@@ -0,0 +1,51 @@ | |||
1 | # Firejail profile for xbill | ||
2 | # Description: save your computers from Wingdows [TM] virus | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include xbill.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | whitelist /usr/share/xbill | ||
18 | whitelist /var/games/xbill/scores | ||
19 | include whitelist-common.inc | ||
20 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | machine-id | ||
26 | net none | ||
27 | no3d | ||
28 | nodbus | ||
29 | nodvd | ||
30 | nogroups | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private | ||
44 | private-bin xbill | ||
45 | private-cache | ||
46 | private-dev | ||
47 | private-etc none | ||
48 | private-tmp | ||
49 | |||
50 | memory-deny-write-execute | ||
51 | read-only ${HOME} | ||