From 54d817c8a093b031d54b8ad92bd643e54802629d Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Sun, 29 Mar 2020 16:45:46 +0200 Subject: [PATCH] abiword and more gnome-games - four-in-a-row - gnome-mahjongg - gnome-robots - gnome-sudoku - gnome-taquin - gnome-tetravex harden gnome-chess --- .gitignore | 1 + README.md | 2 +- RELNOTES | 4 +++- etc/abiword.profile | 46 ++++++++++++++++++++++++++++++++++++++ etc/disable-programs.inc | 2 ++ etc/four-in-a-row.profile | 17 ++++++++++++++ etc/gnome-chess.profile | 4 ++++ etc/gnome-mahjongg.profile | 14 ++++++++++++ etc/gnome-robots.profile | 17 ++++++++++++++ etc/gnome-sudoku.profile | 17 ++++++++++++++ etc/gnome-taquin.profile | 17 ++++++++++++++ etc/gnome-tetravex.profile | 12 ++++++++++ src/firecfg/firecfg.config | 12 ++++++++++ 13 files changed, 163 insertions(+), 2 deletions(-) create mode 100644 etc/abiword.profile create mode 100644 etc/four-in-a-row.profile create mode 100644 etc/gnome-mahjongg.profile create mode 100644 etc/gnome-robots.profile create mode 100644 etc/gnome-sudoku.profile create mode 100644 etc/gnome-taquin.profile create mode 100644 etc/gnome-tetravex.profile diff --git a/.gitignore b/.gitignore index 661370b02..39380446b 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,7 @@ seccomp.32 seccomp.64 seccomp.block_secondary seccomp.mdwx +seccomp.mdwx.32 src/common.mk aclocal.m4 __pycache__ diff --git a/README.md b/README.md index e79c4d329..d9707619f 100644 --- a/README.md +++ b/README.md @@ -176,4 +176,4 @@ Run ./profstats -h for help. ### New profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, -gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux +gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnome-pomodoro, gnome-todo, kmplayer, penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword, four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex diff --git a/RELNOTES b/RELNOTES index 162c4b493..584942853 100644 --- a/RELNOTES +++ b/RELNOTES @@ -14,7 +14,9 @@ firejail (0.9.63) baseline; urgency=low * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux - * new profiles: ts3client_runscript.sh + * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row + * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin + * new profiles: gnome-tetravex firejail (0.9.62) baseline; urgency=low * added file-copy-limit in /etc/firejail/firejail.config diff --git a/etc/abiword.profile b/etc/abiword.profile new file mode 100644 index 000000000..748cda195 --- /dev/null +++ b/etc/abiword.profile @@ -0,0 +1,46 @@ +# Firejail profile for abiword +# Description: flexible cross-platform word processor +# This file is overwritten after every install/update +# Persistent local customizations +include abiword.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/abiword + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +whitelist /usr/share/abiword-3.0 +include whitelist-usr-share-common.inc +include whitelist-runuser-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +no3d +#nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +private-bin abiword +private-cache +private-dev +private-etc fonts,gtk-3.0,passwd +private-tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 15a62d4e2..5bb2f851a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -119,6 +119,7 @@ blacklist ${HOME}/.config/Thunar blacklist ${HOME}/.config/VirtualBox blacklist ${HOME}/.config/Wire blacklist ${HOME}/.config/Zeal +blacklist ${HOME}/.config/abiword blacklist ${HOME}/.config/agenda blacklist ${HOME}/.config/akonadi* blacklist ${HOME}/.config/akregatorrc @@ -548,6 +549,7 @@ blacklist ${HOME}/.local/share/gnome-photos blacklist ${HOME}/.local/share/gnome-pomodoro blacklist ${HOME}/.local/share/gnome-recipes blacklist ${HOME}/.local/share/gnome-ring +blacklist ${HOME}/.local/share/gnome-sudoku blacklist ${HOME}/.local/share/gnome-twitch blacklist ${HOME}/.local/share/godot blacklist ${HOME}/.local/share/gradio diff --git a/etc/four-in-a-row.profile b/etc/four-in-a-row.profile new file mode 100644 index 000000000..b468c3435 --- /dev/null +++ b/etc/four-in-a-row.profile @@ -0,0 +1,17 @@ +# Firejail profile for four-in-a-row +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include four-in-a-row.local +# Persistent global definitions +include globals.local + +ignore machine-id +ignore nosound + +whitelist /usr/share/four-in-a-row + +private-bin four-in-a-row + +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index e657293ac..a80e1ca6d 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -16,6 +16,10 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc +whitelist /usr/share/gnuchess +whitelist /usr/share/gnome-chess +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc include whitelist-var-common.inc apparmor diff --git a/etc/gnome-mahjongg.profile b/etc/gnome-mahjongg.profile new file mode 100644 index 000000000..653c5f949 --- /dev/null +++ b/etc/gnome-mahjongg.profile @@ -0,0 +1,14 @@ +# Firejail profile for gnome-mahjongg +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include gnome-mahjongg.local +# Persistent global definitions +include globals.local + +whitelist /usr/share/gnome-mahjongg + +private-bin gnome-mahjongg + +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome-robots.profile b/etc/gnome-robots.profile new file mode 100644 index 000000000..888324a5c --- /dev/null +++ b/etc/gnome-robots.profile @@ -0,0 +1,17 @@ +# Firejail profile for gnome-robots +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include gnome-robots.local +# Persistent global definitions +include globals.local + +ignore machine-id +ignore nosound + +whitelist /usr/share/gnome-robots + +private-bin gnome-robots + +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome-sudoku.profile b/etc/gnome-sudoku.profile new file mode 100644 index 000000000..b41bccd1e --- /dev/null +++ b/etc/gnome-sudoku.profile @@ -0,0 +1,17 @@ +# Firejail profile for gnome-sudoku +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include gnome-sudoku.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.local/share/gnome-sudoku + +mkdir ${HOME}/.local/share/gnome-sudoku +whitelist ${HOME}/.local/share/gnome-sudoku + +private-bin gnome-sudoku + +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome-taquin.profile b/etc/gnome-taquin.profile new file mode 100644 index 000000000..efd64d455 --- /dev/null +++ b/etc/gnome-taquin.profile @@ -0,0 +1,17 @@ +# Firejail profile for gnome-taquin +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include gnome-taquin.local +# Persistent global definitions +include globals.local + +ignore machine-id +ignore nosound + +whitelist /usr/share/gnome-taquin + +private-bin gnome-taquin + +# Redirect +include gnome_games-common.profile diff --git a/etc/gnome-tetravex.profile b/etc/gnome-tetravex.profile new file mode 100644 index 000000000..e9622539c --- /dev/null +++ b/etc/gnome-tetravex.profile @@ -0,0 +1,12 @@ +# Firejail profile for gnome-tetravex +# Description: Sliding tile puzzle game +# This file is overwritten after every install/update +# Persistent local customizations +include gnome-tetravex.local +# Persistent global definitions +include globals.local + +private-bin gnome-tetravex + +# Redirect +include gnome_games-common.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 75dba9486..e79fd4b14 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -29,6 +29,7 @@ Viber VirtualBox XMind Xephyr +abiword abrowser akonadi_control akregator @@ -218,6 +219,7 @@ flowblade font-manager fontforge fossamail +four-in-a-row franz freecad freecadcmd @@ -230,6 +232,7 @@ freeoffice-planmaker freeoffice-presentations freeoffice-textmaker freshclam +frogatto frozen-bubble gajim gajim-history-manager @@ -270,18 +273,25 @@ gnome-font-viewer gnome-hexgl gnome-latex gnome-logs +gnome-mahjongg gnome-maps +gnome-mines gnome-mplayer gnome-mpv gnome-music gnome-nettool +gnome-nibbles gnome-passwordsafe gnome-photos gnome-pomodoro gnome-recipes +gnome-robots gnome-schedule gnome-screenshot +gnome-sudoku gnome-system-log +gnome-taquin +gnome-tetravex gnome-todo gnome-twitch gnome-weather @@ -373,6 +383,7 @@ leafpad less libreoffice liferea +lightsoff lincity-ng links linphone @@ -702,6 +713,7 @@ vulturesclaw vultureseye vym w3m +warmux warsow warzone2100 waterfox