From 88304b63b5f0c31653ff1dbd3cab5a843e70da05 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Sun, 16 Dec 2018 20:43:07 +0000 Subject: New profile for supertuxkart. (#2298) * New profile supertuxkart * review fixes --- etc/disable-programs.inc | 3 +++ etc/supertuxkart.profile | 55 ++++++++++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 59 insertions(+) create mode 100644 etc/supertuxkart.profile diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7e9d7be80..774852c2f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -233,6 +233,7 @@ blacklist ${HOME}/.config/smplayer blacklist ${HOME}/.config/smtube blacklist ${HOME}/.config/specialmailcollectionsrc blacklist ${HOME}/.config/spotify +blacklist ${HOME}/.config/supertuxkart blacklist ${HOME}/.config/sqlitebrowser blacklist ${HOME}/.config/stellarium blacklist ${HOME}/.config/synfig @@ -461,6 +462,7 @@ blacklist ${HOME}/.local/share/scribus blacklist ${HOME}/.local/share/spotify blacklist ${HOME}/.local/share/steam blacklist ${HOME}/.local/share/supertux2 +blacklist ${HOME}/.local/share/supertuxkart blacklist ${HOME}/.local/share/telepathy blacklist ${HOME}/.local/share/terasology blacklist ${HOME}/.local/share/torbrowser @@ -617,6 +619,7 @@ blacklist ${HOME}/.cache/qutebrowser blacklist ${HOME}/.cache/simple-scan blacklist ${HOME}/.cache/slimjet blacklist ${HOME}/.cache/spotify +blacklist ${HOME}/.cache/supertuxkart blacklist ${HOME}/.cache/systemsettings blacklist ${HOME}/.cache/telepathy blacklist ${HOME}/.cache/thunderbird diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile new file mode 100644 index 000000000..9f65a2fa1 --- /dev/null +++ b/etc/supertuxkart.profile @@ -0,0 +1,55 @@ +# Firejail profile for supertuxkart +# Description: Free kart racing game. +# This file is overwritten after every install/update +# Persistent local customizations +include supertuxkart.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/supertuxkart +noblacklist ${HOME}/.cache/supertuxkart +noblacklist ${HOME}/.local/share/supertuxkart + +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc +include disable-interpreters.inc + +mkdir ${HOME}/.config/supertuxkart +mkdir ${HOME}/.cache/supertuxkart +mkdir ${HOME}/.local/share/supertuxkart +whitelist ${HOME}/.config/supertuxkart +whitelist ${HOME}/.cache/supertuxkart +whitelist ${HOME}/.local/share/supertuxkart +include whitelist-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin supertuxkart +private-cache +private-dev +private-etc resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux +private-tmp +private-opt none +private-srv none + +noexec ${HOME} +noexec /tmp diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index bfba93190..f36455c89 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -403,6 +403,7 @@ steam-native stellarium strings supertux2 +supertuxkart surf sylpheed synfigstudio -- cgit v1.2.3-70-g09d2