From 3cdd052e231ac38213b985a1a8e1b38d2b93e665 Mon Sep 17 00:00:00 2001
From: Vasya Novikov <n1dr+cm3513git@ya.ru>
Date: Fri, 19 Feb 2016 20:32:30 +0300
Subject: profile for wesnoth

The profile is a _white_list (in contrast to blacklist).

All standard game actions work:
create-save-load games,
multiplayer (online) game, downloading addons and using them.
---
 etc/wesnoth.profile | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 etc/wesnoth.profile

(limited to 'etc/wesnoth.profile')

diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
new file mode 100644
index 000000000..484c614e4
--- /dev/null
+++ b/etc/wesnoth.profile
@@ -0,0 +1,21 @@
+# Whitelist-based profile for "Battle of Wesnoth" (game).
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-terminals.inc
+
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
+
+private-dev
+
+private-tmp
+
+mkdir ${HOME}/.local/share/wesnoth
+mkdir ${HOME}/.config/wesnoth
+whitelist ${HOME}/.local/share/wesnoth
+whitelist ${HOME}/.config/wesnoth
-- 
cgit v1.2.3-54-g00ecf