diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/bzflag.profile | 44 | ||||
-rw-r--r-- | etc/disable-programs.inc | 6 | ||||
-rw-r--r-- | etc/freeciv-gtk3.profile | 5 | ||||
-rw-r--r-- | etc/freeciv-mp-gtk3.profile | 5 | ||||
-rw-r--r-- | etc/freeciv.profile | 44 | ||||
-rw-r--r-- | etc/lincity-ng.profile | 44 | ||||
-rw-r--r-- | etc/megaglest.profile | 44 | ||||
-rw-r--r-- | etc/megaglest_editor.profile | 5 | ||||
-rw-r--r-- | etc/openttd.profile | 44 | ||||
-rw-r--r-- | etc/ostrichriders.profile | 3 |
10 files changed, 242 insertions, 2 deletions
diff --git a/etc/bzflag.profile b/etc/bzflag.profile new file mode 100644 index 000000000..94cd40899 --- /dev/null +++ b/etc/bzflag.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for bzflag | ||
2 | # Description: 3D multi-player tank battle game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include bzflag.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.bzf | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.bzf | ||
20 | whitelist ${HOME}/.bzf | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | netfilter | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix,inet,inet6 | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin bzflag,bzflag-wrapper,bzfs,bzadmin | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index b8ecd4b13..0237ad2ba 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -48,6 +48,7 @@ blacklist ${HOME}/.bcast5 | |||
48 | blacklist ${HOME}/.bibletime | 48 | blacklist ${HOME}/.bibletime |
49 | blacklist ${HOME}/.bitcoin | 49 | blacklist ${HOME}/.bitcoin |
50 | blacklist ${HOME}/.bogofilter | 50 | blacklist ${HOME}/.bogofilter |
51 | blacklist ${HOME}/.bzf | ||
51 | blacklist ${HOME}/.claws-mail | 52 | blacklist ${HOME}/.claws-mail |
52 | blacklist ${HOME}/.cliqz | 53 | blacklist ${HOME}/.cliqz |
53 | blacklist ${HOME}/.config/0ad | 54 | blacklist ${HOME}/.config/0ad |
@@ -296,6 +297,7 @@ blacklist ${HOME}/.config/yandex-browser-beta | |||
296 | blacklist ${HOME}/.config/zathura | 297 | blacklist ${HOME}/.config/zathura |
297 | blacklist ${HOME}/.config/zoomus.conf | 298 | blacklist ${HOME}/.config/zoomus.conf |
298 | blacklist ${HOME}/.conkeror.mozdev.org | 299 | blacklist ${HOME}/.conkeror.mozdev.org |
300 | blacklist ${HOME}/.crawl | ||
299 | blacklist ${HOME}/.curlrc | 301 | blacklist ${HOME}/.curlrc |
300 | blacklist ${HOME}/.dashcore | 302 | blacklist ${HOME}/.dashcore |
301 | blacklist ${HOME}/.devilspie | 303 | blacklist ${HOME}/.devilspie |
@@ -318,6 +320,7 @@ blacklist ${HOME}/.filezilla | |||
318 | blacklist ${HOME}/.flowblade | 320 | blacklist ${HOME}/.flowblade |
319 | blacklist ${HOME}/.fltk | 321 | blacklist ${HOME}/.fltk |
320 | blacklist ${HOME}/.fossamail | 322 | blacklist ${HOME}/.fossamail |
323 | blacklist ${HOME}/.freeciv | ||
321 | blacklist ${HOME}/.frozen-bubble | 324 | blacklist ${HOME}/.frozen-bubble |
322 | blacklist ${HOME}/.gimp* | 325 | blacklist ${HOME}/.gimp* |
323 | blacklist ${HOME}/.git-credential-cache | 326 | blacklist ${HOME}/.git-credential-cache |
@@ -404,6 +407,7 @@ blacklist ${HOME}/.killingfloor | |||
404 | blacklist ${HOME}/.kino-history | 407 | blacklist ${HOME}/.kino-history |
405 | blacklist ${HOME}/.kinorc | 408 | blacklist ${HOME}/.kinorc |
406 | blacklist ${HOME}/.kodi | 409 | blacklist ${HOME}/.kodi |
410 | blacklist ${HOME}/.lincity-ng | ||
407 | blacklist ${HOME}/.linphone-history.db | 411 | blacklist ${HOME}/.linphone-history.db |
408 | blacklist ${HOME}/.linphonerc | 412 | blacklist ${HOME}/.linphonerc |
409 | blacklist ${HOME}/.lmmsrc.xml | 413 | blacklist ${HOME}/.lmmsrc.xml |
@@ -519,6 +523,7 @@ blacklist ${HOME}/.masterpdfeditor | |||
519 | blacklist ${HOME}/.mcabber | 523 | blacklist ${HOME}/.mcabber |
520 | blacklist ${HOME}/.mcabberrc | 524 | blacklist ${HOME}/.mcabberrc |
521 | blacklist ${HOME}/.mediathek3 | 525 | blacklist ${HOME}/.mediathek3 |
526 | blacklist ${HOME}/.megaglest | ||
522 | blacklist ${HOME}/.minetest | 527 | blacklist ${HOME}/.minetest |
523 | blacklist ${HOME}/.moonchild productions/basilisk | 528 | blacklist ${HOME}/.moonchild productions/basilisk |
524 | blacklist ${HOME}/.moonchild productions/pale moon | 529 | blacklist ${HOME}/.moonchild productions/pale moon |
@@ -536,6 +541,7 @@ blacklist ${HOME}/.nylas-mail | |||
536 | blacklist ${HOME}/.openinvaders | 541 | blacklist ${HOME}/.openinvaders |
537 | blacklist ${HOME}/.openshot | 542 | blacklist ${HOME}/.openshot |
538 | blacklist ${HOME}/.openshot_qt | 543 | blacklist ${HOME}/.openshot_qt |
544 | blacklist ${HOME}/.openttd | ||
539 | blacklist ${HOME}/.opera | 545 | blacklist ${HOME}/.opera |
540 | blacklist ${HOME}/.opera-beta | 546 | blacklist ${HOME}/.opera-beta |
541 | blacklist ${HOME}/.ostrichriders | 547 | blacklist ${HOME}/.ostrichriders |
diff --git a/etc/freeciv-gtk3.profile b/etc/freeciv-gtk3.profile new file mode 100644 index 000000000..fa36459e7 --- /dev/null +++ b/etc/freeciv-gtk3.profile | |||
@@ -0,0 +1,5 @@ | |||
1 | # Firejail profile alias for freeciv | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | # Redirect | ||
5 | include freeciv.profile | ||
diff --git a/etc/freeciv-mp-gtk3.profile b/etc/freeciv-mp-gtk3.profile new file mode 100644 index 000000000..fa36459e7 --- /dev/null +++ b/etc/freeciv-mp-gtk3.profile | |||
@@ -0,0 +1,5 @@ | |||
1 | # Firejail profile alias for freeciv | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | # Redirect | ||
5 | include freeciv.profile | ||
diff --git a/etc/freeciv.profile b/etc/freeciv.profile new file mode 100644 index 000000000..4813379a7 --- /dev/null +++ b/etc/freeciv.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for freeciv | ||
2 | # Description: A multi-player strategy game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include freeciv.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.freeciv | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.freeciv | ||
20 | whitelist ${HOME}/.freeciv | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | netfilter | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix,inet,inet6 | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin freeciv-gtk3,freeciv-mp-gtk3,freeciv-server,freeciv-manual | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-tmp | ||
diff --git a/etc/lincity-ng.profile b/etc/lincity-ng.profile new file mode 100644 index 000000000..b55ac9a15 --- /dev/null +++ b/etc/lincity-ng.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for lincity-ng | ||
2 | # Description: City simulation game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lincity-ng.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.lincity-ng | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.lincity-ng | ||
20 | whitelist ${HOME}/.lincity-ng | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | net none | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin lincity-ng | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-tmp | ||
diff --git a/etc/megaglest.profile b/etc/megaglest.profile new file mode 100644 index 000000000..08eae6dfc --- /dev/null +++ b/etc/megaglest.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for megaglest | ||
2 | # Description: 3D multi-player real time strategy game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include megaglest.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.megaglest | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.megaglest | ||
20 | whitelist ${HOME}/.megaglest | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | netfilter | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix,inet,inet6,netlink | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin megaglest,megaglest_editor,megaglest_g3dviewer | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-tmp | ||
diff --git a/etc/megaglest_editor.profile b/etc/megaglest_editor.profile new file mode 100644 index 000000000..02aad8084 --- /dev/null +++ b/etc/megaglest_editor.profile | |||
@@ -0,0 +1,5 @@ | |||
1 | # Firejail profile alias for megaglest | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | # Redirect | ||
5 | include megaglest.profile | ||
diff --git a/etc/openttd.profile b/etc/openttd.profile new file mode 100644 index 000000000..5de4d325d --- /dev/null +++ b/etc/openttd.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for openttd | ||
2 | # Description: Transport system simulation game | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include openttd.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.openttd | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.openttd | ||
20 | whitelist ${HOME}/.openttd | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-var-common.inc | ||
23 | |||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | netfilter | ||
27 | nodbus | ||
28 | nodvd | ||
29 | nogroups | ||
30 | nonewprivs | ||
31 | noroot | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix,inet,inet6 | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin openttd | ||
42 | private-cache | ||
43 | private-dev | ||
44 | private-tmp | ||
diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile index 4eedddefd..bef784126 100644 --- a/etc/ostrichriders.profile +++ b/etc/ostrichriders.profile | |||
@@ -32,8 +32,7 @@ noroot | |||
32 | notv | 32 | notv |
33 | nou2f | 33 | nou2f |
34 | novideo | 34 | novideo |
35 | # protocol seems to have a huge impact on performance | 35 | protocol unix,netlink |
36 | #protocol unix | ||
37 | seccomp | 36 | seccomp |
38 | shell none | 37 | shell none |
39 | tracelog | 38 | tracelog |