From 8e5ad206ecd3b6def06ef9c36e0a02dd22f33625 Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 28 Mar 2019 14:32:02 -0400 Subject: Five more game profiles --- etc/disable-programs.inc | 10 ++++++++ etc/freecol.profile | 60 ++++++++++++++++++++++++++++++++++++++++++++ etc/nethack-vultures.profile | 47 ++++++++++++++++++++++++++++++++++ etc/opencity.profile | 44 ++++++++++++++++++++++++++++++++ etc/openclonk.profile | 44 ++++++++++++++++++++++++++++++++ etc/slashem.profile | 47 ++++++++++++++++++++++++++++++++++ etc/vulturesclaw.profile | 8 ++++++ etc/vultureseye.profile | 8 ++++++ 8 files changed, 268 insertions(+) create mode 100644 etc/freecol.profile create mode 100644 etc/nethack-vultures.profile create mode 100644 etc/opencity.profile create mode 100644 etc/openclonk.profile create mode 100644 etc/slashem.profile create mode 100644 etc/vulturesclaw.profile create mode 100644 etc/vultureseye.profile (limited to 'etc') diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 35b294955..f5a40ff5f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -51,6 +51,7 @@ blacklist ${HOME}/.bogofilter blacklist ${HOME}/.bzf blacklist ${HOME}/.claws-mail blacklist ${HOME}/.cliqz +blacklist ${HOME}/.clonk blacklist ${HOME}/.config/0ad blacklist ${HOME}/.config/2048-qt blacklist ${HOME}/.config/Atom @@ -157,6 +158,7 @@ blacklist ${HOME}/.config/falkon blacklist ${HOME}/.config/filezilla blacklist ${HOME}/.config/flowblade blacklist ${HOME}/.config/font-manager +blacklist ${HOME}/.config/freecol blacklist ${HOME}/.config/gajim blacklist ${HOME}/.config/galculator blacklist ${HOME}/.config/gconf @@ -325,6 +327,7 @@ blacklist ${HOME}/.flowblade blacklist ${HOME}/.fltk blacklist ${HOME}/.fossamail blacklist ${HOME}/.freeciv +blacklist ${HOME}/.freecol blacklist ${HOME}/.freemind blacklist ${HOME}/.frozen-bubble blacklist ${HOME}/.gimp* @@ -455,6 +458,7 @@ blacklist ${HOME}/.local/share/epiphany blacklist ${HOME}/.local/share/evolution blacklist ${HOME}/.local/share/feedreader blacklist ${HOME}/.local/share/feral-interactive +blacklist ${HOME}/.local/share/freecol blacklist ${HOME}/.local/share/gajim blacklist ${HOME}/.local/share/geary blacklist ${HOME}/.local/share/geeqie @@ -546,6 +550,7 @@ blacklist ${HOME}/.netactview blacklist ${HOME}/.neverball blacklist ${HOME}/.nv blacklist ${HOME}/.nylas-mail +blacklist ${HOME}/.opencity blacklist ${HOME}/.openinvaders blacklist ${HOME}/.openshot blacklist ${HOME}/.openshot_qt @@ -595,6 +600,7 @@ blacklist ${HOME}/.viking-maps blacklist ${HOME}/.vscode blacklist ${HOME}/.vscode-oss blacklist ${HOME}/.vst +blacklist ${HOME}/.vultures blacklist ${HOME}/.w3m blacklist ${HOME}/.warzone2100-3.* blacklist ${HOME}/.waterfox @@ -644,6 +650,7 @@ blacklist ${HOME}/.cache/falkon blacklist ${HOME}/.cache/feedreader blacklist ${HOME}/.cache/font-manager blacklist ${HOME}/.cache/fossamail +blacklist ${HOME}/.cache/freecol blacklist ${HOME}/.cache/gajim blacklist ${HOME}/.cache/geeqie blacklist ${HOME}/.cache/google-chrome @@ -717,4 +724,7 @@ blacklist ${HOME}/.cache/yandex-browser blacklist ${HOME}/.cache/yandex-browser-beta blacklist /var/games/nethack +blacklist /var/games/slashem +blacklist /var/games/vulturesclaw +blacklist /var/games/vultureseye blacklist /var/lib/games/Maelstrom-Scores diff --git a/etc/freecol.profile b/etc/freecol.profile new file mode 100644 index 000000000..7987cc076 --- /dev/null +++ b/etc/freecol.profile @@ -0,0 +1,60 @@ +# Firejail profile for freecol +# Description: Turn-based multi-player strategy game +# This file is overwritten after every install/update +# Persistent local customizations +include freecol.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.freecol +noblacklist ${HOME}/.java +noblacklist ${HOME}/.cache/freecol +noblacklist ${HOME}/.config/freecol +noblacklist ${HOME}/.local/share/freecol + +# Allow access to java +noblacklist ${PATH}/java +noblacklist /usr/lib/java +noblacklist /etc/java +noblacklist /usr/share/java + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.java +mkdir ${HOME}/.cache/freecol +mkdir ${HOME}/.config/freecol +mkdir ${HOME}/.local/share/freecol +whitelist ${HOME}/.freecol +whitelist ${HOME}/.java +whitelist ${HOME}/.cache/freecol +whitelist ${HOME}/.config/freecol +whitelist ${HOME}/.local/share/freecol +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +netfilter +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-cache +private-dev +private-tmp diff --git a/etc/nethack-vultures.profile b/etc/nethack-vultures.profile new file mode 100644 index 000000000..771430337 --- /dev/null +++ b/etc/nethack-vultures.profile @@ -0,0 +1,47 @@ +# Firejail profile for nethack-vultures +# Description: A rogue-like single player dungeon exploration game +# This file is overwritten after every install/update +# Persistent local customizations +include nethack.local +# Persistent global definitions +include globals.local + + +noblacklist ${HOME}/.vultures +noblacklist /var/log + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +mkdir ${HOME}/.vultures +whitelist ${HOME}/.vultures +whitelist /var/log/vultures +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +net none +nodbus +nodvd +nogroups +#nonewprivs +#noroot +notv +novideo +#protocol unix,netlink +#seccomp +shell none + +disable-mnt +#private +private-cache +private-dev +private-tmp +writable-var + +noexec ${HOME} +noexec /tmp diff --git a/etc/opencity.profile b/etc/opencity.profile new file mode 100644 index 000000000..6a27c8095 --- /dev/null +++ b/etc/opencity.profile @@ -0,0 +1,44 @@ +# Firejail profile for opencity +# Description: Full 3D city simulator game project +# This file is overwritten after every install/update +# Persistent local customizations +include opencity.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.opencity + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.opencity +whitelist ${HOME}/.opencity +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-bin opencity +private-cache +private-dev +private-tmp diff --git a/etc/openclonk.profile b/etc/openclonk.profile new file mode 100644 index 000000000..02663c2f4 --- /dev/null +++ b/etc/openclonk.profile @@ -0,0 +1,44 @@ +# Firejail profile for openclonk +# Description: Multiplayer action, tactics and skill game +# This file is overwritten after every install/update +# Persistent local customizations +include openclonk.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.clonk + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.clonk +whitelist ${HOME}/.clonk +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-bin openclonk,c4group +private-cache +private-dev +private-tmp diff --git a/etc/slashem.profile b/etc/slashem.profile new file mode 100644 index 000000000..0a372ce5f --- /dev/null +++ b/etc/slashem.profile @@ -0,0 +1,47 @@ +# Firejail profile for slashem +# Description: A rogue-like single player dungeon exploration game +# This file is overwritten after every install/update +# Persistent local customizations +include slashem.local +# Persistent global definitions +include globals.local + + +noblacklist /var/games/slashem + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +whitelist /var/games/slashem +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +net none +no3d +nodbus +nodvd +nogroups +#nonewprivs +#noroot +nosound +notv +novideo +#protocol unix,netlink +#seccomp +shell none + +disable-mnt +#private +private-cache +private-dev +private-tmp +writable-var + +#memory-deny-write-execute +noexec ${HOME} +noexec /tmp diff --git a/etc/vulturesclaw.profile b/etc/vulturesclaw.profile new file mode 100644 index 000000000..2e9078a7b --- /dev/null +++ b/etc/vulturesclaw.profile @@ -0,0 +1,8 @@ +# Firejail profile alias for nethack-vultures +# This file is overwritten after every install/update + +noblacklist /var/games/vulturesclaw +whitelist /var/games/vulturesclaw + +# Redirect +include nethack-vultures.profile diff --git a/etc/vultureseye.profile b/etc/vultureseye.profile new file mode 100644 index 000000000..44c263cfc --- /dev/null +++ b/etc/vultureseye.profile @@ -0,0 +1,8 @@ +# Firejail profile alias for nethack-vultures +# This file is overwritten after every install/update + +noblacklist /var/games/vultureseye +whitelist /var/games/vultureseye + +# Redirect +include nethack-vultures.profile -- cgit v1.2.3-70-g09d2