several kids programs

etc/inc/disable-programs.inc

@@ -28,6 +28,8 @@ blacklist ${HOME}/.ZAP
 blacklist ${HOME}/.aMule
 blacklist ${HOME}/.abook
 blacklist ${HOME}/.addressbook
+blacklist ${HOME}/.alienblaster
+blacklist ${HOME}/.alienblaster_highscore
 blacklist ${HOME}/.alpine-smime
 blacklist ${HOME}/.ammonite
 blacklist ${HOME}/.android
@@ -851,6 +853,7 @@ blacklist ${HOME}/.klatexformula
 blacklist ${HOME}/.klei
 blacklist ${HOME}/.kodi
 blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.lbreakouthd
 blacklist ${HOME}/.lettura
 blacklist ${HOME}/.librewolf
 blacklist ${HOME}/.lincity-ng
@@ -1187,6 +1190,7 @@ blacklist ${HOME}/.torcs
 blacklist ${HOME}/.tremulous
 blacklist ${HOME}/.ts3client
 blacklist ${HOME}/.tuxguitar*
+blacklist ${HOME}/.tuxtype
 blacklist ${HOME}/.tvbrowser
 blacklist ${HOME}/.unknown-horizons
 blacklist ${HOME}/.viking

etc/profile-a-l/alienblaster.profile

@@ -0,0 +1,55 @@
+# Firejail profile for alienblaster
+# Persistent local customizations
+include alienblaster.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.alienblaster
+noblacklist ${HOME}/.alienblaster_highscore
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkfile ${HOME}/.alienblaster_highscore
+whitelist ${HOME}/.alienblaster_highscore
+mkdir ${HOME}/.alienblaster
+whitelist ${HOME}/.alienblaster
+include whitelist-common.inc
+include whitelist-run-common.inc
+whitelist ${RUNUSER}/pulse
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/alienblaster
+whitelist /usr/share/timidity
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+net none
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+
+disable-mnt
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+restrict-namespaces

etc/profile-a-l/geki2.profile

@@ -0,0 +1,49 @@
+# Firejail profile for geki2
+# Persistent local customizations
+include geki2.local
+# Persistent global definitions
+include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/geki2
+include whitelist-usr-share-common.inc
+writable-var 	# game scores stored under /var/games
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+
+disable-mnt
+private
+private-bin geki2
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+restrict-namespaces

etc/profile-a-l/geki3.profile

@@ -0,0 +1,49 @@
+# Firejail profile for geki3
+# Persistent local customizations
+include geki3.local
+# Persistent global definitions
+include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/geki3
+include whitelist-usr-share-common.inc
+writable-var 	# game scores stored under /var/games
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+
+disable-mnt
+private
+private-bin geki3
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+restrict-namespaces

etc/profile-a-l/lbreakouthd.profile

@@ -0,0 +1,59 @@
+# Firejail profile for lbreakouthd
+# Persistent local customizations
+include lbreakouthd.local
+# Persistent global definitions
+include globals.local
+
+# Note: this profile requires the current user to be a member of games group
+
+noblacklist ${HOME}/.lbreakouthd
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.lbreakouthd
+whitelist ${HOME}/.lbreakouthd
+include whitelist-common.inc
+
+whitelist /run/udev/control
+whitelist /run/host/container-manager
+include whitelist-run-common.inc
+whitelist ${RUNUSER}/pulse
+include whitelist-runuser-common.inc
+whitelist /usr/share/games/lbreakouthd
+include whitelist-usr-share-common.inc
+writable-var 	# game scores stored under /var/games
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+
+disable-mnt
+private-bin lbreakouthd
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+restrict-namespaces

etc/profile-m-z/tuxtype.profile

@@ -0,0 +1,56 @@
+# Firejail profile for tuxtype
+# Persistent local customizations
+include tuxtype.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.tuxtype
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.tuxtype
+whitelist ${HOME}/.tuxtype
+include whitelist-common.inc
+
+
+include whitelist-run-common.inc
+whitelist ${RUNUSER}/pulse
+include whitelist-runuser-common.inc
+whitelist /usr/share/tuxtype
+include whitelist-usr-share-common.inc
+writable-var 	# game scores stored under /var/games
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+tracelog
+
+disable-mnt
+private-bin tuxtype
+private-dev
+private-etc @x11,@sound,@games,tuxtype
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+restrict-namespaces

etc/profile-m-z/typespeed.profile

@@ -0,0 +1,48 @@
+# Firejail profile for typespeed
+# Persistent local customizations
+include typespeed.local
+# Persistent global definitions
+include globals.local
+
+# Note: this profile requires the current user to be a member of games group
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+whitelist /usr/share/typespeed
+include whitelist-usr-share-common.inc
+writable-var 	# game scores stored under /var/games
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+
+disable-mnt
+private
+private-dev
+private-etc @x11,@sound,@games
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+restrict-namespaces

src/firecfg/firecfg.config

@@ -43,6 +43,7 @@ abrowser
 akonadi_control
 akregator
 alacarte
+alienblaster
 alpine
 alpinef
 amarok
@@ -320,6 +321,8 @@ geany
 gedit
 geekbench
 geeqie
+geki2
+geki3
 gfeeds
 gh
 ghb
@@ -493,6 +496,7 @@ ktouch
 kube
 #kwin_x11
 kwrite
+lbreakouthd
 lbry-viewer
 lbry-viewer-gtk
 leafpad
@@ -920,9 +924,11 @@ tshark
 tuir
 tutanota-desktop
 tuxguitar
+tuxtype
 tvbrowser
 tvnamer
 twitch
+typespeed
 udiskie
 uefitool
 uget-gtk