From 3cdd052e231ac38213b985a1a8e1b38d2b93e665 Mon Sep 17 00:00:00 2001 From: Vasya Novikov Date: Fri, 19 Feb 2016 20:32:30 +0300 Subject: profile for wesnoth The profile is a _white_list (in contrast to blacklist). All standard game actions work: create-save-load games, multiplayer (online) game, downloading addons and using them. --- etc/wesnoth.profile | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 etc/wesnoth.profile (limited to 'etc') diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile new file mode 100644 index 000000000..484c614e4 --- /dev/null +++ b/etc/wesnoth.profile @@ -0,0 +1,21 @@ +# Whitelist-based profile for "Battle of Wesnoth" (game). + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-mgmt.inc +include /etc/firejail/disable-secret.inc +include /etc/firejail/disable-terminals.inc + +caps.drop all +seccomp +protocol unix,inet,inet6 +noroot + +private-dev + +private-tmp + +mkdir ${HOME}/.local/share/wesnoth +mkdir ${HOME}/.config/wesnoth +whitelist ${HOME}/.local/share/wesnoth +whitelist ${HOME}/.config/wesnoth -- cgit v1.2.3-54-g00ecf From 30e1962fcf8c46df3b35994db9dbdf420fd74a05 Mon Sep 17 00:00:00 2001 From: Vasya Novikov Date: Fri, 19 Feb 2016 21:45:37 +0300 Subject: edit wesnoth profile: add .cache directory it is not mandatory, but may speed-up multiple invocations of wesnoth --- etc/wesnoth.profile | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc') diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 484c614e4..697b81bcb 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -17,5 +17,7 @@ private-tmp mkdir ${HOME}/.local/share/wesnoth mkdir ${HOME}/.config/wesnoth +mkdir ${HOME}/.cache/wesnoth whitelist ${HOME}/.local/share/wesnoth whitelist ${HOME}/.config/wesnoth +whitelist ${HOME}/.cache/wesnoth -- cgit v1.2.3-54-g00ecf