From 4c5f558995acb202a4ae3aee08022da854b6ebb2 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 29 Apr 2024 12:50:46 -0400 Subject: several kids programs --- etc/inc/disable-programs.inc | 4 +++ etc/profile-a-l/alienblaster.profile | 55 +++++++++++++++++++++++++++++++++ etc/profile-a-l/geki2.profile | 49 ++++++++++++++++++++++++++++++ etc/profile-a-l/geki3.profile | 49 ++++++++++++++++++++++++++++++ etc/profile-a-l/lbreakouthd.profile | 59 ++++++++++++++++++++++++++++++++++++ etc/profile-m-z/tuxtype.profile | 56 ++++++++++++++++++++++++++++++++++ etc/profile-m-z/typespeed.profile | 48 +++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 6 ++++ 8 files changed, 326 insertions(+) create mode 100644 etc/profile-a-l/alienblaster.profile create mode 100644 etc/profile-a-l/geki2.profile create mode 100644 etc/profile-a-l/geki3.profile create mode 100644 etc/profile-a-l/lbreakouthd.profile create mode 100644 etc/profile-m-z/tuxtype.profile create mode 100644 etc/profile-m-z/typespeed.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index a44ad340b..1f373279c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -28,6 +28,8 @@ blacklist ${HOME}/.ZAP blacklist ${HOME}/.aMule blacklist ${HOME}/.abook blacklist ${HOME}/.addressbook +blacklist ${HOME}/.alienblaster +blacklist ${HOME}/.alienblaster_highscore blacklist ${HOME}/.alpine-smime blacklist ${HOME}/.ammonite blacklist ${HOME}/.android @@ -851,6 +853,7 @@ blacklist ${HOME}/.klatexformula blacklist ${HOME}/.klei blacklist ${HOME}/.kodi blacklist ${HOME}/.lastpass +blacklist ${HOME}/.lbreakouthd blacklist ${HOME}/.lettura blacklist ${HOME}/.librewolf blacklist ${HOME}/.lincity-ng @@ -1187,6 +1190,7 @@ blacklist ${HOME}/.torcs blacklist ${HOME}/.tremulous blacklist ${HOME}/.ts3client blacklist ${HOME}/.tuxguitar* +blacklist ${HOME}/.tuxtype blacklist ${HOME}/.tvbrowser blacklist ${HOME}/.unknown-horizons blacklist ${HOME}/.viking diff --git a/etc/profile-a-l/alienblaster.profile b/etc/profile-a-l/alienblaster.profile new file mode 100644 index 000000000..0e0478a49 --- /dev/null +++ b/etc/profile-a-l/alienblaster.profile @@ -0,0 +1,55 @@ +# Firejail profile for alienblaster +# Persistent local customizations +include alienblaster.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.alienblaster +noblacklist ${HOME}/.alienblaster_highscore + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-xdg.inc + +mkfile ${HOME}/.alienblaster_highscore +whitelist ${HOME}/.alienblaster_highscore +mkdir ${HOME}/.alienblaster +whitelist ${HOME}/.alienblaster +include whitelist-common.inc +include whitelist-run-common.inc +whitelist ${RUNUSER}/pulse +include whitelist-runuser-common.inc +whitelist /usr/share/games/alienblaster +whitelist /usr/share/timidity +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +netfilter +net none +nodvd +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +tracelog + +disable-mnt +private-dev +private-etc @x11,@sound,@games +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/geki2.profile b/etc/profile-a-l/geki2.profile new file mode 100644 index 000000000..32ff9c8af --- /dev/null +++ b/etc/profile-a-l/geki2.profile @@ -0,0 +1,49 @@ +# Firejail profile for geki2 +# Persistent local customizations +include geki2.local +# Persistent global definitions +include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +include whitelist-run-common.inc +include whitelist-runuser-common.inc +whitelist /usr/share/games/geki2 +include whitelist-usr-share-common.inc +writable-var # game scores stored under /var/games +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +net none +netfilter +nodvd +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +tracelog + +disable-mnt +private +private-bin geki2 +private-dev +private-etc @x11,@sound,@games +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/geki3.profile b/etc/profile-a-l/geki3.profile new file mode 100644 index 000000000..de2167724 --- /dev/null +++ b/etc/profile-a-l/geki3.profile @@ -0,0 +1,49 @@ +# Firejail profile for geki3 +# Persistent local customizations +include geki3.local +# Persistent global definitions +include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +include whitelist-run-common.inc +include whitelist-runuser-common.inc +whitelist /usr/share/games/geki3 +include whitelist-usr-share-common.inc +writable-var # game scores stored under /var/games +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +net none +netfilter +nodvd +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +tracelog + +disable-mnt +private +private-bin geki3 +private-dev +private-etc @x11,@sound,@games +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/lbreakouthd.profile b/etc/profile-a-l/lbreakouthd.profile new file mode 100644 index 000000000..095a3839c --- /dev/null +++ b/etc/profile-a-l/lbreakouthd.profile @@ -0,0 +1,59 @@ +# Firejail profile for lbreakouthd +# Persistent local customizations +include lbreakouthd.local +# Persistent global definitions +include globals.local + +# Note: this profile requires the current user to be a member of games group + +noblacklist ${HOME}/.lbreakouthd + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.lbreakouthd +whitelist ${HOME}/.lbreakouthd +include whitelist-common.inc + +whitelist /run/udev/control +whitelist /run/host/container-manager +include whitelist-run-common.inc +whitelist ${RUNUSER}/pulse +include whitelist-runuser-common.inc +whitelist /usr/share/games/lbreakouthd +include whitelist-usr-share-common.inc +writable-var # game scores stored under /var/games +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +net none +netfilter +nodvd +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +tracelog + +disable-mnt +private-bin lbreakouthd +private-dev +private-etc @x11,@sound,@games +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/tuxtype.profile b/etc/profile-m-z/tuxtype.profile new file mode 100644 index 000000000..51e514529 --- /dev/null +++ b/etc/profile-m-z/tuxtype.profile @@ -0,0 +1,56 @@ +# Firejail profile for tuxtype +# Persistent local customizations +include tuxtype.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.tuxtype + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.tuxtype +whitelist ${HOME}/.tuxtype +include whitelist-common.inc + + +include whitelist-run-common.inc +whitelist ${RUNUSER}/pulse +include whitelist-runuser-common.inc +whitelist /usr/share/tuxtype +include whitelist-usr-share-common.inc +writable-var # game scores stored under /var/games +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +net none +netfilter +nodvd +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +tracelog + +disable-mnt +private-bin tuxtype +private-dev +private-etc @x11,@sound,@games,tuxtype +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/typespeed.profile b/etc/profile-m-z/typespeed.profile new file mode 100644 index 000000000..08263ccb0 --- /dev/null +++ b/etc/profile-m-z/typespeed.profile @@ -0,0 +1,48 @@ +# Firejail profile for typespeed +# Persistent local customizations +include typespeed.local +# Persistent global definitions +include globals.local + +# Note: this profile requires the current user to be a member of games group + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-run-common.inc +include whitelist-runuser-common.inc +whitelist /usr/share/typespeed +include whitelist-usr-share-common.inc +writable-var # game scores stored under /var/games +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +netfilter +nodvd +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6,netlink +seccomp +tracelog + +disable-mnt +private +private-dev +private-etc @x11,@sound,@games +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index c97db228d..43554cc1e 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -43,6 +43,7 @@ abrowser akonadi_control akregator alacarte +alienblaster alpine alpinef amarok @@ -320,6 +321,8 @@ geany gedit geekbench geeqie +geki2 +geki3 gfeeds gh ghb @@ -493,6 +496,7 @@ ktouch kube #kwin_x11 kwrite +lbreakouthd lbry-viewer lbry-viewer-gtk leafpad @@ -920,9 +924,11 @@ tshark tuir tutanota-desktop tuxguitar +tuxtype tvbrowser tvnamer twitch +typespeed udiskie uefitool uget-gtk -- cgit v1.2.3-54-g00ecf