Updated for firejail 0.9.68

8 files changed, 296 insertions, 0 deletions

diff --git a/unmaintained/aa_readme.txt b/unmaintained/aa_readme.txt
new file mode 100644
index 0000000..8d1c8b6
--- /dev/null
+++ b/unmaintained/aa_readme.txt
@@ -0,0 +1 @@
+ 
diff --git a/unmaintained/amfora.profile b/unmaintained/amfora.profile
new file mode 100644
index 0000000..411a4ff
--- /dev/null
+++ b/unmaintained/amfora.profile
@@ -0,0 +1,62 @@
+# Firejail profile for amfora
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include amfora.local
+# Persistent global definitions
+include globals.local
+
+
+noblacklist ${HOME}/.config/amfora
+noblacklist ${HOME}/.local/share/amfora
+
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/amfora
+mkdir ${HOME}/.local/share/amfora
+
+whitelist ${HOME}/.config/amfora
+whitelist ${HOME}/.local/share/amfora
+include whitelist-runuser-common.inc
+
+caps.drop all
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin amfora
+private-cache
+private-dev
+private-etc ca-certificates,resolv.conf,ssl
+private-tmp
+
+dbus-user none
+dbus-system none
+
+noexec ${HOME}
+noexec /tmp
+
+# # Use with hardened-malloc package
+env LD_PRELOAD=/usr/lib/libhardened_malloc.so
diff --git a/unmaintained/hg.profile b/unmaintained/hg.profile
new file mode 100644
index 0000000..57eb45b
--- /dev/null
+++ b/unmaintained/hg.profile
@@ -0,0 +1,70 @@
+# Firejail profile for hg
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include hg.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.hgrc
+#noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.oh-my-zsh
+#noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+
+# Allow ssh (blacklisted by disable-common.inc)
+include allow-ssh.inc
+
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+
+include disable-common.inc
+include disable-exec.inc
+include disable-programs.inc
+
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.hgrc
+#whitelist ${HOME}/.gnupg
+#read-only ${HOME}/.gnupg
+whitelist ${HOME}/.nanorc
+read-only ${HOME}/.nanorc
+whitelist ${HOME}/.oh-my-zsh
+#whitelist ${HOME}/.ssh
+#read-only ${HOME}/.ssh
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/build
+whitelist ${HOME}/workspace
+
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+#protocol unix,inet,inet6
+seccomp
+shell none
+
+private-bin hg,python2
+private-cache
+private-dev
+
+memory-deny-write-execute
+
diff --git a/unmaintained/legend-of-grimrock.profile b/unmaintained/legend-of-grimrock.profile
new file mode 100644
index 0000000..7921296
--- /dev/null
+++ b/unmaintained/legend-of-grimrock.profile
@@ -0,0 +1,18 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include legend-of-grimrock.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/Almost Human
+noblacklist ${HOME}/.local/share/Almost Human/Legend of Grimrock
+
+mkdir ${HOME}/.local/share/Almost Human
+mkdir ${HOME}/.local/share/Almost Human/Legend of Grimrock
+whitelist ${HOME}/.local/share/Almost Human/Legend of Grimrock
+whitelist ${HOME}/games/Legend of Grimrock
+read-only ${HOME}/games/Legend of Grimrock
+
+ignore memory-deny-write-execute
+
+include generic-game.inc
diff --git a/unmaintained/nyamp.profile b/unmaintained/nyamp.profile
new file mode 100644
index 0000000..2b3ffa8
--- /dev/null
+++ b/unmaintained/nyamp.profile
@@ -0,0 +1,56 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nyamp.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/iserlohn-fortress.net/nyamp
+noblacklist ${MUSIC}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/iserlohn-fortress.net
+mkdir ${HOME}/.config/iserlohn-fortress.net/nyamp
+
+whitelist ${HOME}/.config/iserlohn-fortress.net/nyamp
+whitelist ${MUSIC}
+read-only ${MUSIC}
+include whitelist-common.inc
+
+
+caps.drop all
+# machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin bash,nyamp
+private-cache
+private-dev
+private-etc fonts,machine-id
+# private-etc asound.conf,fonts,machine-id,pulse
+private-tmp
+
+memory-deny-write-execute
+
+dbus-user none
+dbus-system none
diff --git a/unmaintained/objects-in-space.profile b/unmaintained/objects-in-space.profile
new file mode 100644
index 0000000..c8d89ef
--- /dev/null
+++ b/unmaintained/objects-in-space.profile
@@ -0,0 +1,22 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include objects-in-space.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/Documents
+noblacklist ${HOME}/Documents/ObjectsInSpace
+
+mkdir ${HOME}/Documents
+mkdir ${HOME}/Documents/ObjectsInSpace
+whitelist ${HOME}/Documents/ObjectsInSpace
+whitelist ${HOME}/games/Objects In Space
+read-only ${HOME}/games/Objects In Space
+
+private-etc asound.conf,group,localtime,machine-id,passwd,pulse
+
+ignore memory-deny-write-execute
+
+ignore noexec ${HOME}
+
+include generic-game.inc
diff --git a/unmaintained/qimv.profile b/unmaintained/qimv.profile
new file mode 100644
index 0000000..02d7962
--- /dev/null
+++ b/unmaintained/qimv.profile
@@ -0,0 +1,53 @@
+# Firejail profile for qimv
+# Description: Image viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include qimv.local
+# Persistent global definitions
+include globals.local
+
+# Comment in these two lines to enable testing the binary from ${HOME}
+#ignore noexec ${HOME}
+#ignore private-bin qimv,imv
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+
+#include whitelist-common.inc
+#include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+# no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+# disable-mnt
+private-bin qimv,imv
+private-cache
+private-dev
+private-etc fonts,machine-id,localtime,passwd
+private-tmp
+
+memory-deny-write-execute
+
+dbus-user none
+dbus-system none
diff --git a/unmaintained/strawberry.local b/unmaintained/strawberry.local
new file mode 100644
index 0000000..a605392
--- /dev/null
+++ b/unmaintained/strawberry.local
@@ -0,0 +1,14 @@
+whitelist ${HOME}/.cache/strawberry
+whitelist ${HOME}/.config/strawberry
+whitelist ${HOME}/.local/share/strawberry
+whitelist ${MUSIC}
+
+include disable-shell.inc
+include disable-write-mnt.inc
+
+include whitelist-common.inc
+
+#net none
+protocol unix,inet,inet6
+
+private-etc asound.conf,group,localtime,machine-id,pulse,resolv.conf