From 41f69f7a748f1533b7506f1e28529520d660b894 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Mon, 8 Mar 2021 18:53:50 +0100
Subject: Commons of opengl-game-wrapper.sh

[skip ci]
 - Add allow-opengl-game.inc
 - Add profiles for alienarena-wrapper, ballbuster-wrapper,
   colorful-wrapper, etr-wrapper, gl-117-wrapper, glaxium-wrapper,
   neverball-wrapper, neverputt-wrapper, pinball-wrapper,
   supertuxkart-wrapper
 - Use allow-opengl-game.inc in xonotic.profile and the profiles above
 - xonotic.profile: simplify private-bin by using xonotic*
---
 etc/inc/allow-opengl-game.inc                |  3 +++
 etc/profile-a-l/alienarena-wrapper.profile   | 14 ++++++++++++++
 etc/profile-a-l/ballbuster-wrapper.profile   | 14 ++++++++++++++
 etc/profile-a-l/colorful-wrapper.profile     | 14 ++++++++++++++
 etc/profile-a-l/etr-wrapper.profile          | 14 ++++++++++++++
 etc/profile-a-l/gl-117-wrapper.profie        | 14 ++++++++++++++
 etc/profile-a-l/glaxium-wrapper.profie       | 14 ++++++++++++++
 etc/profile-m-z/neverball-wrapper.profie     | 14 ++++++++++++++
 etc/profile-m-z/neverputt-wrapper.profie     | 14 ++++++++++++++
 etc/profile-m-z/pinball-wrapper.profie       | 14 ++++++++++++++
 etc/profile-m-z/scorched3d-wrapper.profile   |  7 ++++---
 etc/profile-m-z/scorched3d.profile           |  2 +-
 etc/profile-m-z/supertuxkart-wrapper.profile | 14 ++++++++++++++
 etc/profile-m-z/xonotic.profile              |  6 +++++-
 14 files changed, 153 insertions(+), 5 deletions(-)
 create mode 100644 etc/inc/allow-opengl-game.inc
 create mode 100644 etc/profile-a-l/alienarena-wrapper.profile
 create mode 100644 etc/profile-a-l/ballbuster-wrapper.profile
 create mode 100644 etc/profile-a-l/colorful-wrapper.profile
 create mode 100644 etc/profile-a-l/etr-wrapper.profile
 create mode 100644 etc/profile-a-l/gl-117-wrapper.profie
 create mode 100644 etc/profile-a-l/glaxium-wrapper.profie
 create mode 100644 etc/profile-m-z/neverball-wrapper.profie
 create mode 100644 etc/profile-m-z/neverputt-wrapper.profie
 create mode 100644 etc/profile-m-z/pinball-wrapper.profie
 create mode 100644 etc/profile-m-z/supertuxkart-wrapper.profile

(limited to 'etc')

diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc
new file mode 100644
index 000000000..b5ff1bd50
--- /dev/null
+++ b/etc/inc/allow-opengl-game.inc
@@ -0,0 +1,3 @@
+noblacklist ${PATH}/bash
+whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh
+private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity
diff --git a/etc/profile-a-l/alienarena-wrapper.profile b/etc/profile-a-l/alienarena-wrapper.profile
new file mode 100644
index 000000000..b31996cd2
--- /dev/null
+++ b/etc/profile-a-l/alienarena-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for alienarena-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include alienarena-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin alienarena-wrapper
+
+# Redirect
+include alienarena.profile
diff --git a/etc/profile-a-l/ballbuster-wrapper.profile b/etc/profile-a-l/ballbuster-wrapper.profile
new file mode 100644
index 000000000..419dcaab5
--- /dev/null
+++ b/etc/profile-a-l/ballbuster-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for ballbuster-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ballbuster-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin ballbuster-wrapper
+
+# Redirect
+include ballbuster.profile
diff --git a/etc/profile-a-l/colorful-wrapper.profile b/etc/profile-a-l/colorful-wrapper.profile
new file mode 100644
index 000000000..4b762047d
--- /dev/null
+++ b/etc/profile-a-l/colorful-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for colorful-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include colorful-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin colorful-wrapper
+
+# Redirect
+include colorful.profile
diff --git a/etc/profile-a-l/etr-wrapper.profile b/etc/profile-a-l/etr-wrapper.profile
new file mode 100644
index 000000000..98f949918
--- /dev/null
+++ b/etc/profile-a-l/etr-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for etr-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include etr-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin etr-wrapper
+
+# Redirect
+include etr.profile
diff --git a/etc/profile-a-l/gl-117-wrapper.profie b/etc/profile-a-l/gl-117-wrapper.profie
new file mode 100644
index 000000000..d783940f3
--- /dev/null
+++ b/etc/profile-a-l/gl-117-wrapper.profie
@@ -0,0 +1,14 @@
+# Firejail profile for gl-117-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gl-117-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin gl-117-wrapper
+
+# Redirect
+include gl-117.profile
diff --git a/etc/profile-a-l/glaxium-wrapper.profie b/etc/profile-a-l/glaxium-wrapper.profie
new file mode 100644
index 000000000..7dc2cf65e
--- /dev/null
+++ b/etc/profile-a-l/glaxium-wrapper.profie
@@ -0,0 +1,14 @@
+# Firejail profile for glaxium-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include glaxium-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin glaxium-wrapper
+
+# Redirect
+include glaxium.profile
diff --git a/etc/profile-m-z/neverball-wrapper.profie b/etc/profile-m-z/neverball-wrapper.profie
new file mode 100644
index 000000000..534e41dd1
--- /dev/null
+++ b/etc/profile-m-z/neverball-wrapper.profie
@@ -0,0 +1,14 @@
+# Firejail profile for neverball-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include neverball-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin neverball-wrapper
+
+# Redirect
+include neverball.profile
diff --git a/etc/profile-m-z/neverputt-wrapper.profie b/etc/profile-m-z/neverputt-wrapper.profie
new file mode 100644
index 000000000..dacd113cc
--- /dev/null
+++ b/etc/profile-m-z/neverputt-wrapper.profie
@@ -0,0 +1,14 @@
+# Firejail profile for neverputt-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include neverputt-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin neverputt-wrapper
+
+# Redirect
+include neverputt.profile
diff --git a/etc/profile-m-z/pinball-wrapper.profie b/etc/profile-m-z/pinball-wrapper.profie
new file mode 100644
index 000000000..2b5ed6e27
--- /dev/null
+++ b/etc/profile-m-z/pinball-wrapper.profie
@@ -0,0 +1,14 @@
+# Firejail profile for pinball-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pinball-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin pinball-wrapper
+
+# Redirect
+include pinball.profile
diff --git a/etc/profile-m-z/scorched3d-wrapper.profile b/etc/profile-m-z/scorched3d-wrapper.profile
index 507d0827e..e76caec1d 100644
--- a/etc/profile-m-z/scorched3d-wrapper.profile
+++ b/etc/profile-m-z/scorched3d-wrapper.profile
@@ -1,10 +1,11 @@
-# Firejail profile for scorched3d
+# Firejail profile for scorched3d-wrapper
 # This file is overwritten after every install/update
 # Persistent local customizations
 include scorched3d-wrapper.local
 
-whitelist /usr/share/opengl-games-utils
-private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity
+include allow-opengl-game.inc
+
+private-bin scorched3d-wrapper
 
 # Redirect
 include scorched3d.profile
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile
index 6a1003c33..1808018d1 100644
--- a/etc/profile-m-z/scorched3d.profile
+++ b/etc/profile-m-z/scorched3d.profile
@@ -40,7 +40,7 @@ shell none
 tracelog
 
 disable-mnt
-private-bin scorched3d,scorched3d-wrapper,scorched3dc,scorched3ds
+private-bin scorched3d,scorched3dc,scorched3ds
 private-cache
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/supertuxkart-wrapper.profile b/etc/profile-m-z/supertuxkart-wrapper.profile
new file mode 100644
index 000000000..af8d73deb
--- /dev/null
+++ b/etc/profile-m-z/supertuxkart-wrapper.profile
@@ -0,0 +1,14 @@
+# Firejail profile for supertuxkart-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include supertuxkart-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin supertuxkart-wrapper
+
+# Redirect
+include supertuxkart.profile
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile
index aa8cc7d0e..df6c34fbb 100644
--- a/etc/profile-m-z/xonotic.profile
+++ b/etc/profile-m-z/xonotic.profile
@@ -8,12 +8,16 @@ include globals.local
 
 noblacklist ${HOME}/.xonotic
 
+include allow-bin-sh.inc
+include allow-opengl-game.inc
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.xonotic
@@ -41,7 +45,7 @@ tracelog
 
 disable-mnt
 private-cache
-private-bin basename,bash,blind-id,cut,darkplaces-glx,darkplaces-sdl,dirname,glxinfo,grep,head,ldd,netstat,ps,readlink,sed,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl,xonotic-sdl-wrapper,zenity
+private-bin blind-id,darkplaces-glx,darkplaces-sdl,dirname,ldd,netstat,ps,readlink,sh,uname,xonotic*
 private-dev
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
 private-tmp
-- 
cgit v1.2.3-54-g00ecf