merged 0ad profile from Fred-Barclay

Makefile.in

@@ -163,6 +163,7 @@ realinstall:
 	install -c -m 0644 .etc/palemoon.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/icedove.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/abrowser.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	rm -fr .etc

README

@@ -24,6 +24,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
 	- added Vivaldi, Atril profiles
 	- added PaleMoon profile
 	- split Icedove and Thunderbird profiles
+	- added 0ad profile
 avoidr (https://github.com/avoidr)
 	- whitelist fix
 	- recently-used.xbel fix

README.md

@@ -281,5 +281,5 @@ $ man firejail-profile
 
 ## New security profiles
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
-OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser
+OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad
 

RELNOTES

@@ -18,7 +18,7 @@ firejail (0.9.40-rc1) baseline; urgency=low
   * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
   * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
   * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
-  * new profiles: PaleMoon, Icedove
+  * new profiles: PaleMoon, Icedove, 0ad
   * build rpm packages using "make rpms"
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Sun, 3 Apr 2016 08:00:00 -0500

etc/0ad.profile

@@ -0,0 +1,30 @@
+# Firejail profile for 0ad.
+noblacklist ~/.config/0ad
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+# Call these options
+caps.drop all
+seccomp
+protocol unix,inet,inet6,netlink
+netfilter
+tracelog
+noroot
+
+# Whitelists
+noblacklist ~/.cache/0ad
+mkdir ~/.cache
+mkdir ~/.cache/0ad
+whitelist ~/.cache/0ad
+
+mkdir ~/.config
+mkdir ~/.config/0ad
+whitelist ~/.config/0ad
+
+noblacklist ~/.local/share/0ad
+mkdir ~/.local
+mkdir ~/.local/share
+mkdir ~/.local/share/0ad
+whitelist ~/.local/share/0ad

etc/disable-programs.inc

@@ -53,6 +53,7 @@ blacklist ${HOME}/.TelegramDesktop
 blacklist ${HOME}/.hedgewars
 blacklist ${HOME}/.steam
 blacklist ${HOME}/.config/wesnoth
+blacklist ${HOME}/.config/0ad
 
 # Cryptocoins
 blacklist ${HOME}/.*coin
@@ -81,6 +82,7 @@ blacklist ${HOME}/.cache/thunderbird
 blacklist ${HOME}/.cache/icedove
 blacklist ${HOME}/.cache/transmission
 blacklist ${HOME}/.cache/wesnoth
+blacklist ${HOME}/.cache/0ad
 
 # share
 blacklist ${HOME}/.local/share/epiphany
@@ -88,3 +90,4 @@ blacklist ${HOME}/.local/share/mupen64plus
 blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/wesnoth
+blacklist ${HOME}/.local/share/0ad

platform/debian/conffiles

@@ -82,3 +82,4 @@
 /etc/firejail/dnsmasq.profile
 /etc/firejail/palemoon.profile
 /etc/firejail/abrowser.profile
+/etc/firejail/0ad.profile