Add profiles for stellaris, cataclysm-bn, cataclysm-bn-tiles, amfora

4 files changed, 114 insertions, 0 deletions

diff --git a/profiles/amfora.profile b/profiles/amfora.profile
new file mode 100644
index 0000000..d4d6fa8
--- /dev/null
+++ b/profiles/amfora.profile
@@ -0,0 +1,56 @@
+# Firejail profile for amfora
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include amfora.local
+# Persistent global definitions
+include globals.local
+
+
+noblacklist ${HOME}/.config/amfora
+noblacklist ${HOME}/.local/share/amfora
+
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+
+mkdir ${HOME}/.config/amfora
+whitelist ${HOME}/.config/amfora
+mkdir ${HOME}/.local/share/amfora
+whitelist ${HOME}/.local/share/amfora
+
+
+include allow-perl.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-runuser-common.inc
+
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+
+private-bin amfora
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-tmp
+
+# # Use with hardened-malloc package
+env LD_PRELOAD=/usr/lib/libhardened_malloc.so
diff --git a/profiles/cataclysm-bn-tiles.profile b/profiles/cataclysm-bn-tiles.profile
new file mode 100644
index 0000000..d21cc21
--- /dev/null
+++ b/profiles/cataclysm-bn-tiles.profile
@@ -0,0 +1,4 @@
+# This file is overwritten after every install/update
+
+# Redirect
+include cataclysm-bn.profile
diff --git a/profiles/cataclysm-bn.profile b/profiles/cataclysm-bn.profile
new file mode 100644
index 0000000..d3aff32
--- /dev/null
+++ b/profiles/cataclysm-bn.profile
@@ -0,0 +1,28 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include cataclysm-bn.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/cataclysm-bn
+noblacklist ${HOME}/.local/share/cataclysm-bn
+mkdir ${HOME}/.config/cataclysm-bn
+mkdir ${HOME}/.local/share/cataclysm-bn
+mkdir ${HOME}/.local/share/cataclysm-bn/font
+mkdir ${HOME}/.local/share/cataclysm-bn/gfx
+mkdir ${HOME}/.local/share/cataclysm-bn/mods
+mkdir ${HOME}/.local/share/cataclysm-bn/sound
+whitelist ${HOME}/.config/cataclysm-bn
+whitelist ${HOME}/.local/share/cataclysm-bn
+read-only ${HOME}/.local/share/cataclysm-bn/font
+read-only ${HOME}/.local/share/cataclysm-bn/gfx
+read-only ${HOME}/.local/share/cataclysm-bn/mods
+read-only ${HOME}/.local/share/cataclysm-bn/sound
+
+seccomp !name_to_handle_at
+
+private-bin cataclysm-bn,cataclysm-bn-tiles
+
+ignore memory-deny-write-execute
+
+include generic-game.inc
diff --git a/profiles/stellaris.profile b/profiles/stellaris.profile
new file mode 100644
index 0000000..edd30ae
--- /dev/null
+++ b/profiles/stellaris.profile
@@ -0,0 +1,26 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include stellaris.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/games/Stellaris
+noblacklist ${HOME}/.local/share/Paradox Interactive
+noblacklist ${HOME}/.local/share/Paradox Interactive/Stellaris
+
+whitelist ${HOME}/games/Stellaris
+read-only ${HOME}/games/Stellaris
+mkdir ${HOME}/.local/share/Paradox Interactive
+mkdir ${HOME}/.local/share/Paradox Interactive/Stellaris
+whitelist ${HOME}/.local/share/Paradox Interactive
+read-only ${HOME}/.local/share/Paradox Interactive
+whitelist ${HOME}/.local/share/Paradox Interactive/Stellaris
+read-write ${HOME}/.local/share/Paradox Interactive/Stellaris
+
+private-etc asound.conf,group,localtime,machine-id,passwd,pulse
+
+ignore memory-deny-write-execute
+
+ignore noexec ${HOME}
+
+include generic-game.inc