From 972e4a6b1754652e258db525e2059effc202ccb3 Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Fri, 3 Apr 2020 14:33:12 +0200 Subject: more games - blobwars - gravity-beams-and-evaporating-stars - hyperrogue - jumpnbump-menu (alias) - jumpnbump - magicor - mindless - mirrormagic - mrrescue - scorched3d-wrapper (alias) - scorchwentbonkers - seahorse-adventures - wordwarvi - xbill --- etc/blobwars.profile | 47 +++++++++++++++++++++++ etc/disable-programs.inc | 8 ++++ etc/gravity-beams-and-evaporating-stars.profile | 44 +++++++++++++++++++++ etc/hyperrogue.profile | 48 +++++++++++++++++++++++ etc/jumpnbump-menu.profile | 15 ++++++++ etc/jumpnbump.profile | 47 +++++++++++++++++++++++ etc/magicor.profile | 49 ++++++++++++++++++++++++ etc/mindless.profile | 48 +++++++++++++++++++++++ etc/mirrormagic.profile | 48 +++++++++++++++++++++++ etc/mrrescue.profile | 47 +++++++++++++++++++++++ etc/scorched3d-wrapper.profile | 5 +++ etc/scorchwentbonkers.profile | 47 +++++++++++++++++++++++ etc/seahorse-adventures.profile | 48 +++++++++++++++++++++++ etc/wordwarvi.profile | 49 ++++++++++++++++++++++++ etc/xbill.profile | 51 +++++++++++++++++++++++++ 15 files changed, 601 insertions(+) create mode 100644 etc/blobwars.profile create mode 100644 etc/gravity-beams-and-evaporating-stars.profile create mode 100644 etc/hyperrogue.profile create mode 100644 etc/jumpnbump-menu.profile create mode 100644 etc/jumpnbump.profile create mode 100644 etc/magicor.profile create mode 100644 etc/mindless.profile create mode 100644 etc/mirrormagic.profile create mode 100644 etc/mrrescue.profile create mode 100644 etc/scorched3d-wrapper.profile create mode 100644 etc/scorchwentbonkers.profile create mode 100644 etc/seahorse-adventures.profile create mode 100644 etc/wordwarvi.profile create mode 100644 etc/xbill.profile (limited to 'etc') diff --git a/etc/blobwars.profile b/etc/blobwars.profile new file mode 100644 index 000000000..c0fa5ab91 --- /dev/null +++ b/etc/blobwars.profile @@ -0,0 +1,47 @@ +# Firejail profile for blobwars +# Description: Mission and Objective based 2D Platform Game +# This file is overwritten after every install/update +# Persistent local customizations +include blobwars.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.parallelrealities/blobwars + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.parallelrealities/blobwars +whitelist ${HOME}/.parallelrealities/blobwars +whitelist /usr/share/blobwars +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,netlink +seccomp +shell none +tracelog + +disable-mnt +private-bin blobwars +private-cache +private-dev +private-etc machine-id +private-tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 5bb2f851a..1cbc9f6d4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -10,6 +10,7 @@ blacklist ${HOME}/SoftMaker blacklist ${HOME}/Standard Notes Backups blacklist ${HOME}/TeamSpeak3-Client-linux_x86 blacklist ${HOME}/TeamSpeak3-Client-linux_amd64 +blacklist ${HOME}/hyperrogue.ini blacklist ${HOME}/mps blacklist ${HOME}/wallet.dat blacklist ${HOME}/.*coin @@ -410,6 +411,7 @@ blacklist ${HOME}/.jak blacklist ${HOME}/.java blacklist ${HOME}/.jd blacklist ${HOME}/.jitsi +blacklist ${HOME}/.jumpnbump blacklist ${HOME}/.kde/share/apps/digikam blacklist ${HOME}/.kde/share/apps/gwenview blacklist ${HOME}/.kde/share/apps/kaffeine @@ -574,6 +576,7 @@ blacklist ${HOME}/.local/share/kwrite blacklist ${HOME}/.local/share/liferea blacklist ${HOME}/.local/share/local-mail blacklist ${HOME}/.local/share/lollypop +blacklist ${HOME}/.local/share/love blacklist ${HOME}/.local/share/lugaru blacklist ${HOME}/.local/share/mana blacklist ${HOME}/.local/share/maps-places.json @@ -624,12 +627,14 @@ blacklist ${HOME}/.local/share/xplayer blacklist ${HOME}/.local/share/xreader blacklist ${HOME}/.local/share/zathura blacklist ${HOME}/.lv2 +blacklist ${HOME}/.magicor blacklist ${HOME}/.masterpdfeditor blacklist ${HOME}/.mcabber blacklist ${HOME}/.mcabberrc blacklist ${HOME}/.mediathek3 blacklist ${HOME}/.megaglest blacklist ${HOME}/.minetest +blacklist ${HOME}/.mirrormagic blacklist ${HOME}/.moonchild productions/basilisk blacklist ${HOME}/.moonchild productions/pale moon blacklist ${HOME}/.mozilla @@ -655,6 +660,7 @@ blacklist ${HOME}/.openttd blacklist ${HOME}/.opera blacklist ${HOME}/.opera-beta blacklist ${HOME}/.ostrichriders +blacklist ${HOME}/.parallelrealities/blobwars blacklist ${HOME}/.penguin-command blacklist ${HOME}/.pingus blacklist ${HOME}/.pioneer @@ -681,6 +687,7 @@ blacklist ${HOME}/.steampid blacklist ${HOME}/.stellarium blacklist ${HOME}/.subversion blacklist ${HOME}/.surf +blacklist ${HOME}/.swb.ini blacklist ${HOME}/.sword blacklist ${HOME}/.sylpheed-2.0 blacklist ${HOME}/.synfig @@ -716,6 +723,7 @@ blacklist ${HOME}/.widelands blacklist ${HOME}/.wine blacklist ${HOME}/.wine64 blacklist ${HOME}/.wireshark +blacklist ${HOME}/.wordwarvi blacklist ${HOME}/.wormux blacklist ${HOME}/.xiphos blacklist ${HOME}/.xmind diff --git a/etc/gravity-beams-and-evaporating-stars.profile b/etc/gravity-beams-and-evaporating-stars.profile new file mode 100644 index 000000000..a0ffa0d88 --- /dev/null +++ b/etc/gravity-beams-and-evaporating-stars.profile @@ -0,0 +1,44 @@ +# Firejail profile for gravity-beams-and-evaporating-stars +# Description: a game about hurling asteroids into the sun +# This file is overwritten after every install/update +# Persistent local customizations +include gravity-beams-and-evaporating-stars.local +# Persistent global definitions +include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +whitelist /usr/share/gravity-beams-and-evaporating-stars +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private +private-bin gravity-beams-and-evaporating-stars +private-cache +private-dev +private-etc fonts,machine-id +private-tmp diff --git a/etc/hyperrogue.profile b/etc/hyperrogue.profile new file mode 100644 index 000000000..e6b385de9 --- /dev/null +++ b/etc/hyperrogue.profile @@ -0,0 +1,48 @@ +# Firejail profile for hyperrogue +# Description: An SDL roguelike in a non-euclidean world +# This file is overwritten after every install/update +# Persistent local customizations +include hyperrogue.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/hyperrogue.ini + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkfile ${HOME}/hyperrogue.ini +whitelist ${HOME}/hyperrogue.ini +whitelist /usr/share/hyperrogue +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-bin hyperrogue +private-cache +private-cwd ${HOME} +private-dev +private-etc fonts,machine-id +private-tmp diff --git a/etc/jumpnbump-menu.profile b/etc/jumpnbump-menu.profile new file mode 100644 index 000000000..b1852b015 --- /dev/null +++ b/etc/jumpnbump-menu.profile @@ -0,0 +1,15 @@ +# Firejail profile for jumpnbump-menu +# Description: Level selection and config menu for the Jump 'n Bump game +# This file is overwritten after every install/update +# Persistent local customizations +include jumpnbump-menu.local +# Persistent global definitions +# added by included profile +#include globals.local + +include allow-python3.inc + +private-bin jumpnbump-menu,python3* + +# Redirect +include jumpnbump.profile diff --git a/etc/jumpnbump.profile b/etc/jumpnbump.profile new file mode 100644 index 000000000..c8167e1dc --- /dev/null +++ b/etc/jumpnbump.profile @@ -0,0 +1,47 @@ +# Firejail profile for jumpnbump +# Description: Cute multiplayer platform game with bunnies +# This file is overwritten after every install/update +# Persistent local customizations +include jumpnbump.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.jumpnbump + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.jumpnbump +whitelist ${HOME}/.jumpnbump +whitelist /usr/share/jumpnbump +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,netlink +seccomp +shell none +tracelog + +disable-mnt +private-bin jumpnbump +private-cache +private-dev +private-etc none +private-tmp diff --git a/etc/magicor.profile b/etc/magicor.profile new file mode 100644 index 000000000..c34e7b6f2 --- /dev/null +++ b/etc/magicor.profile @@ -0,0 +1,49 @@ +# Firejail profile for magicor +# Description: Push ice blocks around to extinguish all fires +# This file is overwritten after every install/update +# Persistent local customizations +include magicor.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.magicor + +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python2.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.magicor +whitelist ${HOME}/.magicor +whitelist /usr/share/magicor +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-bin magicor,python2* +private-cache +private-dev +private-etc machine-id +private-tmp diff --git a/etc/mindless.profile b/etc/mindless.profile new file mode 100644 index 000000000..4f33404eb --- /dev/null +++ b/etc/mindless.profile @@ -0,0 +1,48 @@ +# Firejail profile for mindless +# Description: figure out the secret code +# This file is overwritten after every install/update +# Persistent local customizations +include mindless.local +# Persistent global definitions +include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +whitelist /usr/share/mindless +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private +private-bin mindless +private-cache +private-dev +private-etc fonts +private-tmp + +memory-deny-write-execute diff --git a/etc/mirrormagic.profile b/etc/mirrormagic.profile new file mode 100644 index 000000000..8892ca94d --- /dev/null +++ b/etc/mirrormagic.profile @@ -0,0 +1,48 @@ +# Firejail profile for mirrormagic +# Description: Puzzle game where you steer a beam of light using mirrors +# This file is overwritten after every install/update +# Persistent local customizations +include mirrormagic.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.mirrormagic + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.mirrormagic +whitelist ${HOME}/.mirrormagic +whitelist /usr/share/mirrormagic +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,netlink +seccomp +shell none +tracelog + +disable-mnt +private +private-bin mirrormagic +private-cache +private-dev +private-etc machine-id +private-tmp diff --git a/etc/mrrescue.profile b/etc/mrrescue.profile new file mode 100644 index 000000000..869a162f8 --- /dev/null +++ b/etc/mrrescue.profile @@ -0,0 +1,47 @@ +# Firejail profile for mrrescue +# Description: Arcade-style fire fighting game +# This file is overwritten after every install/update +# Persistent local customizations +include mrrescue.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.local/share/love + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.local/share/love +whitelist ${HOME}/.local/share/love +whitelist /usr/share/mrrescue +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,netlink +seccomp +shell none +tracelog + +disable-mnt +private-bin love,mrrescue,sh +private-cache +private-dev +private-etc machine-id +private-tmp diff --git a/etc/scorched3d-wrapper.profile b/etc/scorched3d-wrapper.profile new file mode 100644 index 000000000..3eed8842b --- /dev/null +++ b/etc/scorched3d-wrapper.profile @@ -0,0 +1,5 @@ +# Firejail profile for scorched3d +# This file is overwritten after every install/update + +# Redirect +include scorched3d.profile diff --git a/etc/scorchwentbonkers.profile b/etc/scorchwentbonkers.profile new file mode 100644 index 000000000..fcb3d5f29 --- /dev/null +++ b/etc/scorchwentbonkers.profile @@ -0,0 +1,47 @@ +# Firejail profile for scorchwentbonkers +# Description: Realtime remake of Scorched Earth +# This file is overwritten after every install/update +# Persistent local customizations +include scorchwentbonkers.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.swb.ini + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.swb.ini +whitelist ${HOME}/.swb.ini +whitelist /usr/share/scorchwentbonkers +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private-bin scorchwentbonkers +private-cache +private-dev +private-etc alsa,asound.conf,machine-id,pulse +private-tmp diff --git a/etc/seahorse-adventures.profile b/etc/seahorse-adventures.profile new file mode 100644 index 000000000..5fd654eed --- /dev/null +++ b/etc/seahorse-adventures.profile @@ -0,0 +1,48 @@ +# Firejail profile for seahorse-adventures +# Description: Help barbie the seahorse float on bubbles to the moon +# This file is overwritten after every install/update +# Persistent local customizations +include seahorse-adventures.local +# Persistent global definitions +include globals.local + +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python2.inc +include allow-python3.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +whitelist /usr/share/seahorse-adventures +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private +private-bin python*,seahorse-adventures +private-cache +private-dev +private-etc machine-id +private-tmp diff --git a/etc/wordwarvi.profile b/etc/wordwarvi.profile new file mode 100644 index 000000000..ea750e172 --- /dev/null +++ b/etc/wordwarvi.profile @@ -0,0 +1,49 @@ +# Firejail profile for wordwarvi +# Description: Old school '80's style side scrolling space shoot'em up game. +# This file is overwritten after every install/update +# Persistent local customizations +include wordwarvi.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.wordwarvi + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.wordwarvi +whitelist ${HOME}/.wordwarvi +whitelist /usr/share/wordwarvi +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private +private-bin wordwarvi +private-cache +private-dev +private-etc alsa,asound.conf,machine-id,pulse +private-tmp diff --git a/etc/xbill.profile b/etc/xbill.profile new file mode 100644 index 000000000..fc29dced6 --- /dev/null +++ b/etc/xbill.profile @@ -0,0 +1,51 @@ +# Firejail profile for xbill +# Description: save your computers from Wingdows [TM] virus +# This file is overwritten after every install/update +# Persistent local customizations +include xbill.local +# Persistent global definitions +include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +whitelist /usr/share/xbill +whitelist /var/games/xbill/scores +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +disable-mnt +private +private-bin xbill +private-cache +private-dev +private-etc none +private-tmp + +memory-deny-write-execute +read-only ${HOME} -- cgit v1.2.3-70-g09d2