From 18adb74645ab28b79bf06084955543adf3586080 Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Fri, 23 Apr 2021 17:01:25 +0200 Subject: Add profiles for alienarena, ballbuster, colorful… MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …, gl-117, glaxium, pinball alienarena is missing in firecfg.config by intention, I didn't tested any online multiplayer. --- etc/inc/disable-programs.inc | 6 ++++ etc/profile-a-l/alienarena.profile | 52 +++++++++++++++++++++++++++++++ etc/profile-a-l/ballbuster.profile | 52 +++++++++++++++++++++++++++++++ etc/profile-a-l/colorful.profile | 52 +++++++++++++++++++++++++++++++ etc/profile-a-l/gl-117-wrapper.profile | 14 +++++++++ etc/profile-a-l/gl-117.profile | 52 +++++++++++++++++++++++++++++++ etc/profile-a-l/glaxium-wrapper.profile | 14 +++++++++ etc/profile-a-l/glaxium.profile | 52 +++++++++++++++++++++++++++++++ etc/profile-m-z/neverball-wrapper.profile | 14 +++++++++ etc/profile-m-z/neverputt-wrapper.profile | 14 +++++++++ etc/profile-m-z/pinball-wrapper.profile | 14 +++++++++ etc/profile-m-z/pinball.profile | 52 +++++++++++++++++++++++++++++++ 12 files changed, 388 insertions(+) create mode 100644 etc/profile-a-l/alienarena.profile create mode 100644 etc/profile-a-l/ballbuster.profile create mode 100644 etc/profile-a-l/colorful.profile create mode 100644 etc/profile-a-l/gl-117-wrapper.profile create mode 100644 etc/profile-a-l/gl-117.profile create mode 100644 etc/profile-a-l/glaxium-wrapper.profile create mode 100644 etc/profile-a-l/glaxium.profile create mode 100644 etc/profile-m-z/neverball-wrapper.profile create mode 100644 etc/profile-m-z/neverputt-wrapper.profile create mode 100644 etc/profile-m-z/pinball-wrapper.profile create mode 100644 etc/profile-m-z/pinball.profile (limited to 'etc') diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 8ccbae5ca..918403cdc 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -52,6 +52,7 @@ blacklist ${HOME}/.atom blacklist ${HOME}/.attic blacklist ${HOME}/.audacity-data blacklist ${HOME}/.avidemux6 +blacklist ${HOME}/.ballbuster.hs blacklist ${HOME}/.balsa blacklist ${HOME}/.bcast5 blacklist ${HOME}/.bibletime @@ -220,6 +221,7 @@ blacklist ${HOME}/.config/d-feet blacklist ${HOME}/.config/electron-mail blacklist ${HOME}/.config/emaildefaults blacklist ${HOME}/.config/emailidentities +blacklist ${HOME}/.config/emilia blacklist ${HOME}/.config/enchant blacklist ${HOME}/.config/eog blacklist ${HOME}/.config/epiphany @@ -490,6 +492,8 @@ blacklist ${HOME}/.frozen-bubble blacklist ${HOME}/.gimp* blacklist ${HOME}/.gist blacklist ${HOME}/.gitconfig +blacklist ${HOME}/.gl-117 +blacklist ${HOME}/.glaxiumrc blacklist ${HOME}/.gnome/gnome-schedule blacklist ${HOME}/.googleearth blacklist ${HOME}/.gradle @@ -637,6 +641,7 @@ blacklist ${HOME}/.local/share/cdprojektred blacklist ${HOME}/.local/share/clipit blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate blacklist ${HOME}/.local/share/contacts +blacklist ${HOME}/.local/share/cor-games blacklist ${HOME}/.local/share/data/Mendeley Ltd. blacklist ${HOME}/.local/share/data/Mumble blacklist ${HOME}/.local/share/data/MusE @@ -844,6 +849,7 @@ blacklist ${HOME}/.steampid blacklist ${HOME}/.stellarium blacklist ${HOME}/.subversion blacklist ${HOME}/.surf +blacklist ${HOME}/.suve/colorful blacklist ${HOME}/.swb.ini blacklist ${HOME}/.sword blacklist ${HOME}/.sylpheed-2.0 diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile new file mode 100644 index 000000000..4048b66f8 --- /dev/null +++ b/etc/profile-a-l/alienarena.profile @@ -0,0 +1,52 @@ +# Firejail profile for alienarena +# Description: Multiplayer retro sci-fi deathmatch game +# This file is overwritten after every install/update +# Persistent local customizations +include alienarena.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.local/share/cor-games + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.local/share/cor-games +whitelist ${HOME}/.local/share/cor-games +whitelist /usr/share/alienarena +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin alienarena +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11 +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile new file mode 100644 index 000000000..1c137e6ae --- /dev/null +++ b/etc/profile-a-l/ballbuster.profile @@ -0,0 +1,52 @@ +# Firejail profile for ballbuster +# Description: Move the paddle to bounce the ball and break all the bricks +# This file is overwritten after every install/update +# Persistent local customizations +include ballbuster.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.ballbuster.hs + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkfile ${HOME}/.ballbuster.hs +whitelist ${HOME}/.ballbuster.hs +whitelist /usr/share/ballbuster +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin ballbuster +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile new file mode 100644 index 000000000..4b8a5e477 --- /dev/null +++ b/etc/profile-a-l/colorful.profile @@ -0,0 +1,52 @@ +# Firejail profile for colorful +# Description: simple 2D sideview shooter +# This file is overwritten after every install/update +# Persistent local customizations +include colorful.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.suve/colorful + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.suve/colorful +whitelist ${HOME}/.suve/colorful +whitelist /usr/share/suve +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin colorful +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-a-l/gl-117-wrapper.profile b/etc/profile-a-l/gl-117-wrapper.profile new file mode 100644 index 000000000..d783940f3 --- /dev/null +++ b/etc/profile-a-l/gl-117-wrapper.profile @@ -0,0 +1,14 @@ +# Firejail profile for gl-117-wrapper +# This file is overwritten after every install/update +# Persistent local customizations +include gl-117-wrapper.local +# Persistent global definitions +# added by included profile +#include globals.local + +include allow-opengl-game.inc + +private-bin gl-117-wrapper + +# Redirect +include gl-117.profile diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile new file mode 100644 index 000000000..87194843a --- /dev/null +++ b/etc/profile-a-l/gl-117.profile @@ -0,0 +1,52 @@ +# Firejail profile for gl-117 +# Description: Action flight simulator +# This file is overwritten after every install/update +# Persistent local customizations +include gl-117.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.gl-117 + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.gl-117 +whitelist ${HOME}/.gl-117 +whitelist /usr/share/gl-117 +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin gl-117 +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-a-l/glaxium-wrapper.profile b/etc/profile-a-l/glaxium-wrapper.profile new file mode 100644 index 000000000..7dc2cf65e --- /dev/null +++ b/etc/profile-a-l/glaxium-wrapper.profile @@ -0,0 +1,14 @@ +# Firejail profile for glaxium-wrapper +# This file is overwritten after every install/update +# Persistent local customizations +include glaxium-wrapper.local +# Persistent global definitions +# added by included profile +#include globals.local + +include allow-opengl-game.inc + +private-bin glaxium-wrapper + +# Redirect +include glaxium.profile diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile new file mode 100644 index 000000000..ea5211e9e --- /dev/null +++ b/etc/profile-a-l/glaxium.profile @@ -0,0 +1,52 @@ +# Firejail profile for glaxium +# Description: 3d spaceship shoot-em-up +# This file is overwritten after every install/update +# Persistent local customizations +include glaxium.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.glaxiumrc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkfile ${HOME}/.glaxiumrc +whitelist ${HOME}/.glaxiumrc +whitelist /usr/share/glaxium +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin glaxium +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-m-z/neverball-wrapper.profile b/etc/profile-m-z/neverball-wrapper.profile new file mode 100644 index 000000000..534e41dd1 --- /dev/null +++ b/etc/profile-m-z/neverball-wrapper.profile @@ -0,0 +1,14 @@ +# Firejail profile for neverball-wrapper +# This file is overwritten after every install/update +# Persistent local customizations +include neverball-wrapper.local +# Persistent global definitions +# added by included profile +#include globals.local + +include allow-opengl-game.inc + +private-bin neverball-wrapper + +# Redirect +include neverball.profile diff --git a/etc/profile-m-z/neverputt-wrapper.profile b/etc/profile-m-z/neverputt-wrapper.profile new file mode 100644 index 000000000..dacd113cc --- /dev/null +++ b/etc/profile-m-z/neverputt-wrapper.profile @@ -0,0 +1,14 @@ +# Firejail profile for neverputt-wrapper +# This file is overwritten after every install/update +# Persistent local customizations +include neverputt-wrapper.local +# Persistent global definitions +# added by included profile +#include globals.local + +include allow-opengl-game.inc + +private-bin neverputt-wrapper + +# Redirect +include neverputt.profile diff --git a/etc/profile-m-z/pinball-wrapper.profile b/etc/profile-m-z/pinball-wrapper.profile new file mode 100644 index 000000000..2b5ed6e27 --- /dev/null +++ b/etc/profile-m-z/pinball-wrapper.profile @@ -0,0 +1,14 @@ +# Firejail profile for pinball-wrapper +# This file is overwritten after every install/update +# Persistent local customizations +include pinball-wrapper.local +# Persistent global definitions +# added by included profile +#include globals.local + +include allow-opengl-game.inc + +private-bin pinball-wrapper + +# Redirect +include pinball.profile diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile new file mode 100644 index 000000000..feeed8184 --- /dev/null +++ b/etc/profile-m-z/pinball.profile @@ -0,0 +1,52 @@ +# Firejail profile for pinball +# Description: Emilia 3D Pinball Game +# This file is overwritten after every install/update +# Persistent local customizations +include pinball.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/emilia + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/emilia +whitelist ${HOME}/.config/emilia +whitelist /usr/share/pinball +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin pinball +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id,pulse +private-tmp + +dbus-user none +dbus-system none -- cgit v1.2.3-70-g09d2