2 files changed, 40 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 13ed3f212..7e44d582e 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -330,6 +330,7 @@ blacklist ${HOME}/.lv2
 blacklist ${HOME}/.mcabber
 blacklist ${HOME}/.mcabberrc
 blacklist ${HOME}/.mediathek3
+blacklist ${HOME}/.minetest
 blacklist ${HOME}/.mozilla
 blacklist ${HOME}/.mpdconf
 blacklist ${HOME}/.mplayer
diff --git a/etc/minetest.profile b/etc/minetest.profile
new file mode 100644
index 000000000..147328616
--- /dev/null
+++ b/etc/minetest.profile
@@ -0,0 +1,39 @@
+# Firejail profile for minetest
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/minetest.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.minetest
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.minetest
+whitelist ${HOME}/.minetest
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin minetest
+private-dev
+private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl
+private-tmp
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 13ed3f212..7e44d582e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -330,6 +330,7 @@ blacklist ${HOME}/.lv2
330	blacklist ${HOME}/.mcabber	330	blacklist ${HOME}/.mcabber
331	blacklist ${HOME}/.mcabberrc	331	blacklist ${HOME}/.mcabberrc
332	blacklist ${HOME}/.mediathek3	332	blacklist ${HOME}/.mediathek3
		333	blacklist ${HOME}/.minetest
333	blacklist ${HOME}/.mozilla	334	blacklist ${HOME}/.mozilla
334	blacklist ${HOME}/.mpdconf	335	blacklist ${HOME}/.mpdconf
335	blacklist ${HOME}/.mplayer	336	blacklist ${HOME}/.mplayer


diff --git a/etc/minetest.profile b/etc/minetest.profile new file mode 100644 index 000000000..147328616 --- /dev/null +++ b/etc/minetest.profile
@@ -0,0 +1,39 @@
		1	# Firejail profile for minetest
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/minetest.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.minetest
		9
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14
		15	mkdir ${HOME}/.minetest
		16	whitelist ${HOME}/.minetest
		17	include /etc/firejail/whitelist-common.inc
		18
		19	caps.drop all
		20	ipc-namespace
		21	netfilter
		22	nodvd
		23	nogroups
		24	nonewprivs
		25	noroot
		26	notv
		27	novideo
		28	protocol unix,inet,inet6
		29	seccomp
		30	shell none
		31
		32	disable-mnt
		33	private-bin minetest
		34	private-dev
		35	private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl
		36	private-tmp
		37
		38	noexec ${HOME}
		39	noexec /tmp