diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 3347f223e..88deaa568 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -505,6 +505,7 @@ blacklist ${HOME}/.config/gthumb blacklist ${HOME}/.config/gummi blacklist ${HOME}/.config/guvcview2 blacklist ${HOME}/.config/gwenviewrc +blacklist ${HOME}/.config/gzdoom blacklist ${HOME}/.config/hexchat blacklist ${HOME}/.config/homebank blacklist ${HOME}/.config/i2p @@ -561,6 +562,7 @@ blacklist ${HOME}/.config/lobster blacklist ${HOME}/.config/lugaru blacklist ${HOME}/.config/lutris blacklist ${HOME}/.config/lximage-qt +blacklist ${HOME}/.config/lzdoom blacklist ${HOME}/.config/mailtransports blacklist ${HOME}/.config/mana blacklist ${HOME}/.config/mate-calc @@ -695,6 +697,7 @@ blacklist ${HOME}/.config/uGet blacklist ${HOME}/.config/ueberzugpp blacklist ${HOME}/.config/ungoogled-chromium blacklist ${HOME}/.config/uzbl +blacklist ${HOME}/.config/uzdoom blacklist ${HOME}/.config/vesktop blacklist ${HOME}/.config/viewnior blacklist ${HOME}/.config/vivaldi @@ -977,6 +980,10 @@ blacklist ${HOME}/.local/share/fluffychat blacklist ${HOME}/.local/share/fractal blacklist ${HOME}/.local/share/freecol blacklist ${HOME}/.local/share/gajim +blacklist ${HOME}/.local/share/games/doom +blacklist ${HOME}/.local/share/games/gzdoom +blacklist ${HOME}/.local/share/games/lzdoom +blacklist ${HOME}/.local/share/games/uzdoom blacklist ${HOME}/.local/share/gdfuse blacklist ${HOME}/.local/share/geary blacklist ${HOME}/.local/share/geeqie diff --git a/etc/profile-a-l/gzdoom-common.profile b/etc/profile-a-l/gzdoom-common.profile new file mode 100644 index 000000000..d84d9a1ea --- /dev/null +++ b/etc/profile-a-l/gzdoom-common.profile @@ -0,0 +1,60 @@ +# Firejail profile for gzdoom-common +# This file is overwritten after every install/update +# Persistent local customizations +include gzdoom-common.local +# Persistent global definitions +# added by caller profile +#include globals.local + +noblacklist ${HOME}/.local/share/games/doom + +# Allow /bin/sh (blacklisted by disable-shell.inc) +include allow-bin-sh.inc + +blacklist /usr/libexec + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.local/share/games/doom +whitelist ${HOME}/.local/share/games/doom +whitelist /usr/share/doom +whitelist /usr/share/games/doom +whitelist /usr/share/soundfonts +include whitelist-usr-share-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +netfilter +nodvd +nogroups +nonewprivs +noprinters +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary +tracelog + +disable-mnt +private-bin bash,dash,gdb,sh,uname,which,xmessage +private-cache +private-dev +private-etc @games,@x11 +private-tmp + +dbus-user none +dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gzdoom.profile b/etc/profile-a-l/gzdoom.profile new file mode 100644 index 000000000..458246a2f --- /dev/null +++ b/etc/profile-a-l/gzdoom.profile @@ -0,0 +1,20 @@ +# Firejail profile for gzdoom +# Description: OpenGL version of ZDoom +# This file is overwritten after every install/update +# Persistent local customizations +include gzdoom.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/gzdoom +noblacklist ${HOME}/.local/share/games/gzdoom + +mkdir ${HOME}/.config/gzdoom +mkdir ${HOME}/.local/share/games/gzdoom +whitelist ${HOME}/.config/gzdoom +whitelist ${HOME}/.local/share/games/gzdoom + +private-bin gzdoom + +# Redirect +include gzdoom-common.profile diff --git a/etc/profile-a-l/lzdoom.profile b/etc/profile-a-l/lzdoom.profile new file mode 100644 index 000000000..9b31f8af0 --- /dev/null +++ b/etc/profile-a-l/lzdoom.profile @@ -0,0 +1,21 @@ +# Firejail profile for lzdoom +# Description: Legacy OpenGL version of GZDoom +# This file is overwritten after every install/update +# Persistent local customizations +include lzdoom.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/lzdoom +noblacklist ${HOME}/.local/share/games/lzdoom + +mkdir ${HOME}/.config/lzdoom +mkdir ${HOME}/.local/share/games/lzdoom +whitelist ${HOME}/.config/lzdoom +whitelist ${HOME}/.local/share/games/lzdoom +whitelist /usr/share/games/lzdoom + +private-bin lzdoom + +# Redirect +include gzdoom-common.profile diff --git a/etc/profile-m-z/uzdoom.profile b/etc/profile-m-z/uzdoom.profile new file mode 100644 index 000000000..06b280868 --- /dev/null +++ b/etc/profile-m-z/uzdoom.profile @@ -0,0 +1,21 @@ +# Firejail profile for uzdoom +# Description: UZDoom is a modern, feature-rich source port for the classic game DOOM +# This file is overwritten after every install/update +# Persistent local customizations +include uzdoom.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/uzdoom +noblacklist ${HOME}/.local/share/games/uzdoom + +mkdir ${HOME}/.config/uzdoom +mkdir ${HOME}/.local/share/games/uzdoom +whitelist ${HOME}/.config/uzdoom +whitelist ${HOME}/.local/share/games/uzdoom +whitelist /usr/share/games/uzdoom + +private-bin uzdoom + +# Redirect +include gzdoom-common.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 29d85cf14..0622c3b05 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -432,6 +432,7 @@ guayadeque gucharmap gummi gwenview +gzdoom handbrake handbrake-gtk hashcat @@ -562,6 +563,7 @@ lyx #lz4 # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) #lz4c # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) #lz4cat # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) +lzdoom macrofusion magicor man @@ -970,6 +972,7 @@ url-eater utox uudeview uzbl-browser +uzdoom vesktop viewnior viking