Merge pull request #4071 from rusty-snake/open-game-wrapper

Commons of opengl-game-wrapper.sh

Author: rusty-snake

etc/inc/allow-opengl-game.inc

@@ -0,0 +1,3 @@
+noblacklist ${PATH}/bash
+whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh
+private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity

etc/inc/disable-programs.inc

@@ -52,6 +52,7 @@ blacklist ${HOME}/.atom
 blacklist ${HOME}/.attic
 blacklist ${HOME}/.audacity-data
 blacklist ${HOME}/.avidemux6
+blacklist ${HOME}/.ballbuster.hs
 blacklist ${HOME}/.balsa
 blacklist ${HOME}/.bcast5
 blacklist ${HOME}/.bibletime
@@ -220,6 +221,7 @@ blacklist ${HOME}/.config/d-feet
 blacklist ${HOME}/.config/electron-mail
 blacklist ${HOME}/.config/emaildefaults
 blacklist ${HOME}/.config/emailidentities
+blacklist ${HOME}/.config/emilia
 blacklist ${HOME}/.config/enchant
 blacklist ${HOME}/.config/eog
 blacklist ${HOME}/.config/epiphany
@@ -491,6 +493,8 @@ blacklist ${HOME}/.frozen-bubble
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.gist
 blacklist ${HOME}/.gitconfig
+blacklist ${HOME}/.gl-117
+blacklist ${HOME}/.glaxiumrc
 blacklist ${HOME}/.gnome/gnome-schedule
 blacklist ${HOME}/.googleearth
 blacklist ${HOME}/.gradle
@@ -638,6 +642,7 @@ blacklist ${HOME}/.local/share/cdprojektred
 blacklist ${HOME}/.local/share/clipit
 blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
 blacklist ${HOME}/.local/share/contacts
+blacklist ${HOME}/.local/share/cor-games
 blacklist ${HOME}/.local/share/data/Mendeley Ltd.
 blacklist ${HOME}/.local/share/data/Mumble
 blacklist ${HOME}/.local/share/data/MusE
@@ -845,6 +850,7 @@ blacklist ${HOME}/.steampid
 blacklist ${HOME}/.stellarium
 blacklist ${HOME}/.subversion
 blacklist ${HOME}/.surf
+blacklist ${HOME}/.suve/colorful
 blacklist ${HOME}/.swb.ini
 blacklist ${HOME}/.sword
 blacklist ${HOME}/.sylpheed-2.0

etc/profile-a-l/alienarena-wrapper.profile

@@ -0,0 +1,14 @@
+# Firejail profile for alienarena-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include alienarena-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin alienarena-wrapper
+
+# Redirect
+include alienarena.profile

etc/profile-a-l/alienarena.profile

@@ -0,0 +1,52 @@
+# Firejail profile for alienarena
+# Description: Multiplayer retro sci-fi deathmatch game
+# This file is overwritten after every install/update
+# Persistent local customizations
+include alienarena.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/cor-games
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.local/share/cor-games
+whitelist ${HOME}/.local/share/cor-games
+whitelist /usr/share/alienarena
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+
+disable-mnt
+private-bin alienarena
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11
+private-tmp
+
+dbus-user none
+dbus-system none

etc/profile-a-l/ballbuster-wrapper.profile

@@ -0,0 +1,14 @@
+# Firejail profile for ballbuster-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ballbuster-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin ballbuster-wrapper
+
+# Redirect
+include ballbuster.profile

etc/profile-a-l/ballbuster.profile

@@ -0,0 +1,52 @@
+# Firejail profile for ballbuster
+# Description: Move the paddle to bounce the ball and break all the bricks
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ballbuster.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.ballbuster.hs
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkfile ${HOME}/.ballbuster.hs
+whitelist ${HOME}/.ballbuster.hs
+whitelist /usr/share/ballbuster
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+
+disable-mnt
+private-bin ballbuster
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-tmp
+
+dbus-user none
+dbus-system none

etc/profile-a-l/colorful-wrapper.profile

@@ -0,0 +1,14 @@
+# Firejail profile for colorful-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include colorful-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin colorful-wrapper
+
+# Redirect
+include colorful.profile

etc/profile-a-l/colorful.profile

@@ -0,0 +1,52 @@
+# Firejail profile for colorful
+# Description: simple 2D sideview shooter
+# This file is overwritten after every install/update
+# Persistent local customizations
+include colorful.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.suve/colorful
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.suve/colorful
+whitelist ${HOME}/.suve/colorful
+whitelist /usr/share/suve
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+
+disable-mnt
+private-bin colorful
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse
+private-tmp
+
+dbus-user none
+dbus-system none

etc/profile-a-l/etr-wrapper.profile

@@ -0,0 +1,14 @@
+# Firejail profile for etr-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include etr-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin etr-wrapper
+
+# Redirect
+include etr.profile

etc/profile-a-l/gl-117-wrapper.profie

@@ -0,0 +1,14 @@
+# Firejail profile for gl-117-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gl-117-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin gl-117-wrapper
+
+# Redirect
+include gl-117.profile

etc/profile-a-l/gl-117-wrapper.profile

@@ -0,0 +1,14 @@
+# Firejail profile for gl-117-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gl-117-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin gl-117-wrapper
+
+# Redirect
+include gl-117.profile

etc/profile-a-l/gl-117.profile

@@ -0,0 +1,52 @@
+# Firejail profile for gl-117
+# Description: Action flight simulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gl-117.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.gl-117
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.gl-117
+whitelist ${HOME}/.gl-117
+whitelist /usr/share/gl-117
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+
+disable-mnt
+private-bin gl-117
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse
+private-tmp
+
+dbus-user none
+dbus-system none

etc/profile-a-l/glaxium-wrapper.profie

@@ -0,0 +1,14 @@
+# Firejail profile for glaxium-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include glaxium-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin glaxium-wrapper
+
+# Redirect
+include glaxium.profile

etc/profile-a-l/glaxium-wrapper.profile

@@ -0,0 +1,14 @@
+# Firejail profile for glaxium-wrapper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include glaxium-wrapper.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+include allow-opengl-game.inc
+
+private-bin glaxium-wrapper
+
+# Redirect
+include glaxium.profile