From 1cfa06b4c5517a89d1a5dafd80ee593f8ebf86ea Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 5 Apr 2024 12:09:04 +0000 Subject: profiles: clarify and add opengl-game to profile.template (#6300) To make it consistent with the other include profiles. See etc/templates/profile.template. With this, all `etc/inc/allow-*` files are listed in profile.template. The explanation is based on a comment by @rusty-snake[1]. Relates to #4071. This is a follow-up to #6299. [1] https://github.com/netblue30/firejail/pull/4071#issuecomment-822003473 --- etc/inc/allow-opengl-game.inc | 6 ++++++ etc/profile-a-l/alienarena-wrapper.profile | 1 + etc/profile-a-l/ballbuster-wrapper.profile | 1 + etc/profile-a-l/colorful-wrapper.profile | 1 + etc/profile-a-l/etr-wrapper.profile | 1 + etc/profile-a-l/gl-117-wrapper.profile | 1 + etc/profile-a-l/glaxium-wrapper.profile | 1 + etc/profile-m-z/neverball-wrapper.profile | 1 + etc/profile-m-z/neverputt-wrapper.profile | 1 + etc/profile-m-z/pinball-wrapper.profile | 1 + etc/profile-m-z/scorched3d-wrapper.profile | 1 + etc/profile-m-z/supertuxkart-wrapper.profile | 1 + etc/profile-m-z/xonotic.profile | 3 +++ etc/templates/profile.template | 3 +++ 14 files changed, 23 insertions(+) (limited to 'etc') diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc index 5d2d6c5c1..5ec227348 100644 --- a/etc/inc/allow-opengl-game.inc +++ b/etc/inc/allow-opengl-game.inc @@ -2,6 +2,12 @@ # Persistent customizations should go in a .local file. include allow-opengl-game.local +# Explanation: Fedora (and maybe others) install a .desktop file that uses +# `Exec=foo-wrapper` instead of `Exec=foo`. Each /usr/bin/foo-wrapper is a +# symlink to /usr/bin/opengl-game-wrapper.sh, which checks hardware +# acceleration and then starts the game or notifies the user that there is a +# problem. + noblacklist ${PATH}/bash whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity diff --git a/etc/profile-a-l/alienarena-wrapper.profile b/etc/profile-a-l/alienarena-wrapper.profile index b31996cd2..b05a6968d 100644 --- a/etc/profile-a-l/alienarena-wrapper.profile +++ b/etc/profile-a-l/alienarena-wrapper.profile @@ -6,6 +6,7 @@ include alienarena-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin alienarena-wrapper diff --git a/etc/profile-a-l/ballbuster-wrapper.profile b/etc/profile-a-l/ballbuster-wrapper.profile index 419dcaab5..64a78e154 100644 --- a/etc/profile-a-l/ballbuster-wrapper.profile +++ b/etc/profile-a-l/ballbuster-wrapper.profile @@ -6,6 +6,7 @@ include ballbuster-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin ballbuster-wrapper diff --git a/etc/profile-a-l/colorful-wrapper.profile b/etc/profile-a-l/colorful-wrapper.profile index 4b762047d..ebccffe09 100644 --- a/etc/profile-a-l/colorful-wrapper.profile +++ b/etc/profile-a-l/colorful-wrapper.profile @@ -6,6 +6,7 @@ include colorful-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin colorful-wrapper diff --git a/etc/profile-a-l/etr-wrapper.profile b/etc/profile-a-l/etr-wrapper.profile index 98f949918..66dcb3af1 100644 --- a/etc/profile-a-l/etr-wrapper.profile +++ b/etc/profile-a-l/etr-wrapper.profile @@ -6,6 +6,7 @@ include etr-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin etr-wrapper diff --git a/etc/profile-a-l/gl-117-wrapper.profile b/etc/profile-a-l/gl-117-wrapper.profile index d783940f3..52b812954 100644 --- a/etc/profile-a-l/gl-117-wrapper.profile +++ b/etc/profile-a-l/gl-117-wrapper.profile @@ -6,6 +6,7 @@ include gl-117-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin gl-117-wrapper diff --git a/etc/profile-a-l/glaxium-wrapper.profile b/etc/profile-a-l/glaxium-wrapper.profile index 7dc2cf65e..341f3ac4b 100644 --- a/etc/profile-a-l/glaxium-wrapper.profile +++ b/etc/profile-a-l/glaxium-wrapper.profile @@ -6,6 +6,7 @@ include glaxium-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin glaxium-wrapper diff --git a/etc/profile-m-z/neverball-wrapper.profile b/etc/profile-m-z/neverball-wrapper.profile index 534e41dd1..086bd6e5e 100644 --- a/etc/profile-m-z/neverball-wrapper.profile +++ b/etc/profile-m-z/neverball-wrapper.profile @@ -6,6 +6,7 @@ include neverball-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin neverball-wrapper diff --git a/etc/profile-m-z/neverputt-wrapper.profile b/etc/profile-m-z/neverputt-wrapper.profile index dacd113cc..d29809c9a 100644 --- a/etc/profile-m-z/neverputt-wrapper.profile +++ b/etc/profile-m-z/neverputt-wrapper.profile @@ -6,6 +6,7 @@ include neverputt-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin neverputt-wrapper diff --git a/etc/profile-m-z/pinball-wrapper.profile b/etc/profile-m-z/pinball-wrapper.profile index 2b5ed6e27..fec4c3132 100644 --- a/etc/profile-m-z/pinball-wrapper.profile +++ b/etc/profile-m-z/pinball-wrapper.profile @@ -6,6 +6,7 @@ include pinball-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin pinball-wrapper diff --git a/etc/profile-m-z/scorched3d-wrapper.profile b/etc/profile-m-z/scorched3d-wrapper.profile index e76caec1d..a8713edbf 100644 --- a/etc/profile-m-z/scorched3d-wrapper.profile +++ b/etc/profile-m-z/scorched3d-wrapper.profile @@ -3,6 +3,7 @@ # Persistent local customizations include scorched3d-wrapper.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin scorched3d-wrapper diff --git a/etc/profile-m-z/supertuxkart-wrapper.profile b/etc/profile-m-z/supertuxkart-wrapper.profile index af8d73deb..20744090c 100644 --- a/etc/profile-m-z/supertuxkart-wrapper.profile +++ b/etc/profile-m-z/supertuxkart-wrapper.profile @@ -6,6 +6,7 @@ include supertuxkart-wrapper.local # added by included profile #include globals.local +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc private-bin supertuxkart-wrapper diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 87e75986d..ad4ed4d8b 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile @@ -8,7 +8,10 @@ include globals.local noblacklist ${HOME}/.xonotic +# Allow /bin/sh (blacklisted by disable-shell.inc) include allow-bin-sh.inc + +# Allow opengl-game wrapper script (distribution-specific) include allow-opengl-game.inc include disable-common.inc diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 2188721b8..459baf51a 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template @@ -91,6 +91,9 @@ include globals.local # Allow nodejs (blacklisted by disable-interpreters.inc) #include allow-nodejs.inc +# Allow opengl-game wrapper script (distribution-specific) +#include allow-opengl-game.inc + # Allow perl (blacklisted by disable-interpreters.inc) #include allow-perl.inc -- cgit v1.2.3-70-g09d2