From 10598a84e62b0c75ae81c87bf06790212ff8c2b0 Mon Sep 17 00:00:00 2001 From: jc_gargma Date: Wed, 23 Jun 2021 00:52:28 -0700 Subject: Add profiles for stellaris, cataclysm-bn, cataclysm-bn-tiles, amfora --- profiles/amfora.profile | 56 +++++++++++++++++++++++++++++++++++++ profiles/cataclysm-bn-tiles.profile | 4 +++ profiles/cataclysm-bn.profile | 28 +++++++++++++++++++ profiles/stellaris.profile | 26 +++++++++++++++++ 4 files changed, 114 insertions(+) create mode 100644 profiles/amfora.profile create mode 100644 profiles/cataclysm-bn-tiles.profile create mode 100644 profiles/cataclysm-bn.profile create mode 100644 profiles/stellaris.profile (limited to 'profiles') diff --git a/profiles/amfora.profile b/profiles/amfora.profile new file mode 100644 index 0000000..d4d6fa8 --- /dev/null +++ b/profiles/amfora.profile @@ -0,0 +1,56 @@ +# Firejail profile for amfora +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include amfora.local +# Persistent global definitions +include globals.local + + +noblacklist ${HOME}/.config/amfora +noblacklist ${HOME}/.local/share/amfora + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* + +mkdir ${HOME}/.config/amfora +whitelist ${HOME}/.config/amfora +mkdir ${HOME}/.local/share/amfora +whitelist ${HOME}/.local/share/amfora + + +include allow-perl.inc + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-runuser-common.inc + +caps.drop all +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol inet,inet6 +seccomp +shell none +tracelog + +private-bin amfora +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl +private-tmp + +# # Use with hardened-malloc package +env LD_PRELOAD=/usr/lib/libhardened_malloc.so diff --git a/profiles/cataclysm-bn-tiles.profile b/profiles/cataclysm-bn-tiles.profile new file mode 100644 index 0000000..d21cc21 --- /dev/null +++ b/profiles/cataclysm-bn-tiles.profile @@ -0,0 +1,4 @@ +# This file is overwritten after every install/update + +# Redirect +include cataclysm-bn.profile diff --git a/profiles/cataclysm-bn.profile b/profiles/cataclysm-bn.profile new file mode 100644 index 0000000..d3aff32 --- /dev/null +++ b/profiles/cataclysm-bn.profile @@ -0,0 +1,28 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include cataclysm-bn.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/cataclysm-bn +noblacklist ${HOME}/.local/share/cataclysm-bn +mkdir ${HOME}/.config/cataclysm-bn +mkdir ${HOME}/.local/share/cataclysm-bn +mkdir ${HOME}/.local/share/cataclysm-bn/font +mkdir ${HOME}/.local/share/cataclysm-bn/gfx +mkdir ${HOME}/.local/share/cataclysm-bn/mods +mkdir ${HOME}/.local/share/cataclysm-bn/sound +whitelist ${HOME}/.config/cataclysm-bn +whitelist ${HOME}/.local/share/cataclysm-bn +read-only ${HOME}/.local/share/cataclysm-bn/font +read-only ${HOME}/.local/share/cataclysm-bn/gfx +read-only ${HOME}/.local/share/cataclysm-bn/mods +read-only ${HOME}/.local/share/cataclysm-bn/sound + +seccomp !name_to_handle_at + +private-bin cataclysm-bn,cataclysm-bn-tiles + +ignore memory-deny-write-execute + +include generic-game.inc diff --git a/profiles/stellaris.profile b/profiles/stellaris.profile new file mode 100644 index 0000000..edd30ae --- /dev/null +++ b/profiles/stellaris.profile @@ -0,0 +1,26 @@ +# This file is overwritten after every install/update +# Persistent local customizations +include stellaris.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/games/Stellaris +noblacklist ${HOME}/.local/share/Paradox Interactive +noblacklist ${HOME}/.local/share/Paradox Interactive/Stellaris + +whitelist ${HOME}/games/Stellaris +read-only ${HOME}/games/Stellaris +mkdir ${HOME}/.local/share/Paradox Interactive +mkdir ${HOME}/.local/share/Paradox Interactive/Stellaris +whitelist ${HOME}/.local/share/Paradox Interactive +read-only ${HOME}/.local/share/Paradox Interactive +whitelist ${HOME}/.local/share/Paradox Interactive/Stellaris +read-write ${HOME}/.local/share/Paradox Interactive/Stellaris + +private-etc asound.conf,group,localtime,machine-id,passwd,pulse + +ignore memory-deny-write-execute + +ignore noexec ${HOME} + +include generic-game.inc -- cgit v1.2.1