From 6309857565aa40244b1e7c99aed54c3da81846fc Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Sun, 29 Mar 2020 13:01:05 +0200 Subject: more game profiles - frogatto - gnome_games-common.profile - gnome-2048 (make redirect) - gnome-mines - gnome-nibbles - lightsoff - ts3client_runscript.sh (fix #3279) - warmux (don't get confused with the warmux/wormux thing) --- README.md | 2 +- RELNOTES | 5 +++- etc/disable-programs.inc | 8 ++++++ etc/frogatto.profile | 47 +++++++++++++++++++++++++++++++++ etc/gnome-2048.profile | 28 +++----------------- etc/gnome-mines.profile | 18 +++++++++++++ etc/gnome-nibbles.profile | 21 +++++++++++++++ etc/gnome_games-common.profile | 43 +++++++++++++++++++++++++++++++ etc/lightsoff.profile | 14 ++++++++++ etc/ts3client_runscript.sh.profile | 19 ++++++++++++++ etc/warmux.profile | 53 ++++++++++++++++++++++++++++++++++++++ 11 files changed, 231 insertions(+), 27 deletions(-) create mode 100644 etc/frogatto.profile create mode 100644 etc/gnome-mines.profile create mode 100644 etc/gnome-nibbles.profile create mode 100644 etc/gnome_games-common.profile create mode 100644 etc/lightsoff.profile create mode 100644 etc/ts3client_runscript.sh.profile create mode 100644 etc/warmux.profile diff --git a/README.md b/README.md index a39572750..e79c4d329 100644 --- a/README.md +++ b/README.md @@ -176,4 +176,4 @@ Run ./profstats -h for help. ### New profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, -gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient +gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux diff --git a/RELNOTES b/RELNOTES index 141e28238..162c4b493 100644 --- a/RELNOTES +++ b/RELNOTES @@ -2,6 +2,7 @@ firejail (0.9.63) baseline; urgency=low * work in progress * DHCP client support * SELinux labeling support + * 32-bit seccomp filter * new condition: HAS_NOSOUND * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl @@ -11,7 +12,9 @@ firejail (0.9.63) baseline; urgency=low * new profiles: presentations18, presentations18free, textmaker18, teams * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro - * new profiles: gnome-todo, x2goclient + * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command + * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux + * new profiles: ts3client_runscript.sh firejail (0.9.62) baseline; urgency=low * added file-copy-limit in /etc/firejail/firejail.config diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 5b3fe475c..be8f0ff75 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -8,6 +8,8 @@ blacklist ${HOME}/Monero/wallets blacklist ${HOME}/Nextcloud/Notes blacklist ${HOME}/SoftMaker blacklist ${HOME}/Standard Notes Backups +blacklist ${HOME}/TeamSpeak3-Client-linux_x86 +blacklist ${HOME}/TeamSpeak3-Client-linux_amd64 blacklist ${HOME}/mps blacklist ${HOME}/wallet.dat blacklist ${HOME}/.*coin @@ -330,6 +332,7 @@ blacklist ${HOME}/.config/vivaldi blacklist ${HOME}/.config/vivaldi-snapshot blacklist ${HOME}/.config/vlc blacklist ${HOME}/.config/wesnoth +blacklist ${HOME}/.config/wormux blacklist ${HOME}/.config/Whalebird blacklist ${HOME}/.config/wireshark blacklist ${HOME}/.config/xchat @@ -378,6 +381,7 @@ blacklist ${HOME}/.fossamail blacklist ${HOME}/.freeciv blacklist ${HOME}/.freecol blacklist ${HOME}/.freemind +blacklist ${HOME}/.frogatto blacklist ${HOME}/.frozen-bubble blacklist ${HOME}/.gimp* blacklist ${HOME}/.gist @@ -536,7 +540,9 @@ blacklist ${HOME}/.local/share/gnome-2048 blacklist ${HOME}/.local/share/gnome-chess blacklist ${HOME}/.local/share/gnome-builder blacklist ${HOME}/.local/share/gnome-latex +blacklist ${HOME}/.local/share/gnome-mines blacklist ${HOME}/.local/share/gnome-music +blacklist ${HOME}/.local/share/gnome-nibbles blacklist ${HOME}/.local/share/gnome-photos blacklist ${HOME}/.local/share/gnome-pomodoro blacklist ${HOME}/.local/share/gnome-recipes @@ -610,6 +616,7 @@ blacklist ${HOME}/.local/share/vpltd blacklist ${HOME}/.local/share/vulkan blacklist ${HOME}/.local/share/warsow-2.1 blacklist ${HOME}/.local/share/wesnoth +blacklist ${HOME}/.local/share/wormux blacklist ${HOME}/.local/share/xplayer blacklist ${HOME}/.local/share/xreader blacklist ${HOME}/.local/share/zathura @@ -706,6 +713,7 @@ blacklist ${HOME}/.widelands blacklist ${HOME}/.wine blacklist ${HOME}/.wine64 blacklist ${HOME}/.wireshark +blacklist ${HOME}/.wormux blacklist ${HOME}/.xiphos blacklist ${HOME}/.xmind blacklist ${HOME}/.xmms diff --git a/etc/frogatto.profile b/etc/frogatto.profile new file mode 100644 index 000000000..fd7c5fc16 --- /dev/null +++ b/etc/frogatto.profile @@ -0,0 +1,47 @@ +# Firejail profile for frogatto +# Description: 2D platformer game starring a quixotic frog +# This file is overwritten after every install/update +# Persistent local customizations +include frogatto.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.frogatto + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.frogatto +whitelist ${HOME}/.frogatto +whitelist /usr/share/frogatto +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-bin frogatto,sh +private-cache +private-dev +private-etc machine-id +private-tmp diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 6fa23c92e..978a13244 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile @@ -8,32 +8,10 @@ include globals.local noblacklist ${HOME}/.local/share/gnome-2048 -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-passwdmgr.inc -include disable-programs.inc - -include whitelist-var-common.inc - mkdir ${HOME}/.local/share/gnome-2048 whitelist ${HOME}/.local/share/gnome-2048 -include whitelist-common.inc - -apparmor -caps.drop all -netfilter -nodvd -nonewprivs -noroot -notv -nou2f -novideo -protocol unix,inet,inet6 -seccomp -disable-mnt -private-dev -private-tmp +private-bin gnome-2048 +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome-mines.profile b/etc/gnome-mines.profile new file mode 100644 index 000000000..9cae75524 --- /dev/null +++ b/etc/gnome-mines.profile @@ -0,0 +1,18 @@ +# Firejail profile for gnome-mines +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include gnome-mines.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.local/share/gnome-mines + +mkdir ${HOME}/.local/share/gnome-mines +whitelist ${HOME}/.local/share/gnome-mines +whitelist /usr/share/gnome-mines + +private-bin gnome-mines + +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome-nibbles.profile b/etc/gnome-nibbles.profile new file mode 100644 index 000000000..4e42b6b15 --- /dev/null +++ b/etc/gnome-nibbles.profile @@ -0,0 +1,21 @@ +# Firejail profile for gnome-nibbles +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include gnome-nibbles.local +# Persistent global definitions +include globals.local + +ignore machine-id +ignore nosound + +noblacklist ${HOME}/.local/share/gnome-nibbles + +mkdir ${HOME}/.local/share/gnome-nibbles +whitelist ${HOME}/.local/share/gnome-nibbles +whitelist /usr/share/gnome-nibbles + +private-bin gnome-nibbles + +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome_games-common.profile b/etc/gnome_games-common.profile new file mode 100644 index 000000000..0b75c5e92 --- /dev/null +++ b/etc/gnome_games-common.profile @@ -0,0 +1,43 @@ +# Firejail profile for gnome_games-common +# This file is overwritten after every install/update +# Persistent local customizations +include gnome_games-common.local +# Persistent global definitions +# added by caller profile +#include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-cache +private-dev +private-etc dconf,fonts,gconf,gtk-2.0,gtk-3.0,machine-id,pango,X11 +private-tmp diff --git a/etc/lightsoff.profile b/etc/lightsoff.profile new file mode 100644 index 000000000..65c8bd78d --- /dev/null +++ b/etc/lightsoff.profile @@ -0,0 +1,14 @@ +# Firejail profile for lightsoff +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include lightsoff.local +# Persistent global definitions +include globals.local + +whitelist /usr/share/lightsoff + +private-bin lightsoff + +# Redirect +include gnome_games-common.profile diff --git a/etc/ts3client_runscript.sh.profile b/etc/ts3client_runscript.sh.profile new file mode 100644 index 000000000..8d4675454 --- /dev/null +++ b/etc/ts3client_runscript.sh.profile @@ -0,0 +1,19 @@ +# Firejail profile alias for teamspeak3 +# Description: TeamSpeak is software for quality voice communication via the Internet +# This file is overwritten after every install/update +# Persistent local customizations +include ts3client_runscript.sh.local +# Persistent global definitions +# added by included profile +#include globals.local + +ignore noexec ${HOME} + +noblacklist ${HOME}/TeamSpeak3-Client-linux_x86 +noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64 + +whitelist ${HOME}/TeamSpeak3-Client-linux_x86 +whitelist ${HOME}/TeamSpeak3-Client-linux_amd64 + +# Redirect +include teamspeak3.profile diff --git a/etc/warmux.profile b/etc/warmux.profile new file mode 100644 index 000000000..df7af49c4 --- /dev/null +++ b/etc/warmux.profile @@ -0,0 +1,53 @@ +# Firejail profile for warmux +# Description: a convivial mass murder game +# This file is overwritten after every install/update +# Persistent local customizations +include warmux.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/wormux +noblacklist ${HOME}/.local/share/wormux +noblacklist ${HOME}/.wormux + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/wormux +mkdir ${HOME}/.local/share/wormux +mkdir ${HOME}/.wormux +whitelist ${HOME}/.config/wormux +whitelist ${HOME}/.local/share/wormux +whitelist ${HOME}/.wormux +whitelist /usr/share/warmux +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin warmux +private-cache +private-dev +private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl +private-tmp -- cgit v1.2.3-70-g09d2