Five more game profiles

2026-05-15 14:16:14 -06:00 · 2019-03-28 14:32:02 -04:00 · 2019-03-28 14:32:02 -04:00 · 8e5ad206ec
commit 8e5ad206ec
parent 8995a9944d
11 changed files with 276 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -102,5 +102,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.59

 ## New profiles:
-crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs
+crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha, Maelstrom, ostrichriders, bzflag, freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles, teeworlds, torcs, tremulous, warsow, lugaru, manaplus, pioneer, scorched3d, widelands, freemind, kid3, kid3-cli, kid3-qt, nomacs, freecol, opencity, openclonk, slashem, vulturesclaw, vultureseye

--- a/3
+++ b/3
@ -10,7 +10,8 @@ firejail (0.9.59) baseline; urgency=low
  * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
  * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
  * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
-  * new profiles: kid3-cli, nomacs
+  * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
+  * new profiles: vultureseye, vulturesclaw
  * memory-deny-write-execute now also blocks memfd_create
  * drop support for flatpak/snap packages

--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@ -51,6 +51,7 @@ blacklist ${HOME}/.bogofilter
 blacklist ${HOME}/.bzf
 blacklist ${HOME}/.claws-mail
 blacklist ${HOME}/.cliqz
+blacklist ${HOME}/.clonk
 blacklist ${HOME}/.config/0ad
 blacklist ${HOME}/.config/2048-qt
 blacklist ${HOME}/.config/Atom
@ -157,6 +158,7 @@ blacklist ${HOME}/.config/falkon
 blacklist ${HOME}/.config/filezilla
 blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/font-manager
+blacklist ${HOME}/.config/freecol
 blacklist ${HOME}/.config/gajim
 blacklist ${HOME}/.config/galculator
 blacklist ${HOME}/.config/gconf
@ -325,6 +327,7 @@ blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.fltk
 blacklist ${HOME}/.fossamail
 blacklist ${HOME}/.freeciv
+blacklist ${HOME}/.freecol
 blacklist ${HOME}/.freemind
 blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
@ -455,6 +458,7 @@ blacklist ${HOME}/.local/share/epiphany
 blacklist ${HOME}/.local/share/evolution
 blacklist ${HOME}/.local/share/feedreader
 blacklist ${HOME}/.local/share/feral-interactive
+blacklist ${HOME}/.local/share/freecol
 blacklist ${HOME}/.local/share/gajim
 blacklist ${HOME}/.local/share/geary
 blacklist ${HOME}/.local/share/geeqie
@ -546,6 +550,7 @@ blacklist ${HOME}/.netactview
 blacklist ${HOME}/.neverball
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
+blacklist ${HOME}/.opencity
 blacklist ${HOME}/.openinvaders
 blacklist ${HOME}/.openshot
 blacklist ${HOME}/.openshot_qt
@ -595,6 +600,7 @@ blacklist ${HOME}/.viking-maps
 blacklist ${HOME}/.vscode
 blacklist ${HOME}/.vscode-oss
 blacklist ${HOME}/.vst
+blacklist ${HOME}/.vultures
 blacklist ${HOME}/.w3m
 blacklist ${HOME}/.warzone2100-3.*
 blacklist ${HOME}/.waterfox
@ -644,6 +650,7 @@ blacklist ${HOME}/.cache/falkon
 blacklist ${HOME}/.cache/feedreader
 blacklist ${HOME}/.cache/font-manager
 blacklist ${HOME}/.cache/fossamail
+blacklist ${HOME}/.cache/freecol
 blacklist ${HOME}/.cache/gajim
 blacklist ${HOME}/.cache/geeqie
 blacklist ${HOME}/.cache/google-chrome
@ -717,4 +724,7 @@ blacklist ${HOME}/.cache/yandex-browser
 blacklist ${HOME}/.cache/yandex-browser-beta

 blacklist /var/games/nethack
+blacklist /var/games/slashem
+blacklist /var/games/vulturesclaw
+blacklist /var/games/vultureseye
 blacklist /var/lib/games/Maelstrom-Scores
--- a/etc/freecol.profile
+++ b/etc/freecol.profile
@ -0,0 +1,60 @@
+# Firejail profile for freecol
+# Description: Turn-based multi-player strategy game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include freecol.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.freecol
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.cache/freecol
+noblacklist ${HOME}/.config/freecol
+noblacklist ${HOME}/.local/share/freecol
+
+# Allow access to java
+noblacklist ${PATH}/java
+noblacklist /usr/lib/java
+noblacklist /etc/java
+noblacklist /usr/share/java
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.java
+mkdir ${HOME}/.cache/freecol
+mkdir ${HOME}/.config/freecol
+mkdir ${HOME}/.local/share/freecol
+whitelist ${HOME}/.freecol
+whitelist ${HOME}/.java
+whitelist ${HOME}/.cache/freecol
+whitelist ${HOME}/.config/freecol
+whitelist ${HOME}/.local/share/freecol
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-cache
+private-dev
+private-tmp
--- a/etc/nethack-vultures.profile
+++ b/etc/nethack-vultures.profile
@ -0,0 +1,47 @@
+# Firejail profile for nethack-vultures
+# Description: A rogue-like single player dungeon exploration game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nethack.local
+# Persistent global definitions
+include globals.local
+
+
+noblacklist ${HOME}/.vultures
+noblacklist /var/log
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+mkdir ${HOME}/.vultures
+whitelist ${HOME}/.vultures
+whitelist /var/log/vultures
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+#nonewprivs
+#noroot
+notv
+novideo
+#protocol unix,netlink
+#seccomp
+shell none
+
+disable-mnt
+#private
+private-cache
+private-dev
+private-tmp
+writable-var
+
+noexec ${HOME}
+noexec /tmp
--- a/etc/opencity.profile
+++ b/etc/opencity.profile
@ -0,0 +1,44 @@
+# Firejail profile for opencity
+# Description: Full 3D city simulator game project
+# This file is overwritten after every install/update
+# Persistent local customizations
+include opencity.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.opencity
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.opencity
+whitelist ${HOME}/.opencity
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin opencity
+private-cache
+private-dev
+private-tmp
--- a/etc/openclonk.profile
+++ b/etc/openclonk.profile
@ -0,0 +1,44 @@
+# Firejail profile for openclonk
+# Description: Multiplayer action, tactics and skill game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openclonk.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.clonk
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.clonk
+whitelist ${HOME}/.clonk
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin openclonk,c4group
+private-cache
+private-dev
+private-tmp
--- a/etc/slashem.profile
+++ b/etc/slashem.profile
@ -0,0 +1,47 @@
+# Firejail profile for slashem
+# Description: A rogue-like single player dungeon exploration game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include slashem.local
+# Persistent global definitions
+include globals.local
+
+
+noblacklist /var/games/slashem
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+whitelist /var/games/slashem
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+#nonewprivs
+#noroot
+nosound
+notv
+novideo
+#protocol unix,netlink
+#seccomp
+shell none
+
+disable-mnt
+#private
+private-cache
+private-dev
+private-tmp
+writable-var
+
+#memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
--- a/etc/vulturesclaw.profile
+++ b/etc/vulturesclaw.profile
@ -0,0 +1,8 @@
+# Firejail profile alias for nethack-vultures
+# This file is overwritten after every install/update
+
+noblacklist /var/games/vulturesclaw
+whitelist /var/games/vulturesclaw
+
+# Redirect
+include nethack-vultures.profile
--- a/etc/vultureseye.profile
+++ b/etc/vultureseye.profile
@ -0,0 +1,8 @@
+# Firejail profile alias for nethack-vultures
+# This file is overwritten after every install/update
+
+noblacklist /var/games/vultureseye
+whitelist /var/games/vultureseye
+
+# Redirect
+include nethack-vultures.profile
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@ -186,6 +186,7 @@ freecadcmd
 freeciv
 freeciv-gtk3
 freeciv-mp-gtk3
+freecol
 freemind
 freshclam
 frozen-bubble
@ -387,6 +388,7 @@ odt2txt
 okular
 onionshare-gui
 open-invaders
+opencity
 openshot
 openshot-qt
 openttd
@ -467,6 +469,7 @@ skanlite
 skype
 skypeforlinux
 slack
+slashem
 smplayer
 smtube
 snox
@ -565,6 +568,8 @@ vivaldi-snapshot
 vivaldi-stable
 vlc
 vscodium
+vulturesclaw
+vultureseye
 vym
 w3m
 warsow