Merge pull request #6463 from NetSysFire/endgame-singularity

netblue30 · web-flow · commit d4cd125200c4 · 2024-12-15T09:48:29.000-05:00
New profile: singularity (Endgame: Singularity)
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
@@ -642,6 +642,7 @@ blacklist ${HOME}/.config/scribus
 blacklist ${HOME}/.config/scribusrc
 blacklist ${HOME}/.config/sendgmail
 blacklist ${HOME}/.config/sinew.in
+blacklist ${HOME}/.config/singularity
 blacklist ${HOME}/.config/sink
 blacklist ${HOME}/.config/skypeforlinux
 blacklist ${HOME}/.config/slimjet
@@ -1057,6 +1058,7 @@ blacklist ${HOME}/.local/share/rtv
 blacklist ${HOME}/.local/share/scribus
 blacklist ${HOME}/.local/share/shotwell
 blacklist ${HOME}/.local/share/signal-cli
+blacklist ${HOME}/.local/share/singularity
 blacklist ${HOME}/.local/share/sink
 blacklist ${HOME}/.local/share/smuxi
 blacklist ${HOME}/.local/share/spotify
diff --git a/etc/profile-a-l/singularity.profile b/etc/profile-a-l/singularity.profile
@@ -0,0 +1,66 @@
+# Firejail profile for singularity
+# Description: Simulation game about playing as an artificial intelligence
+# This file is overwritten after every install/update
+# Persistent local customizations
+include singularity.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/singularity
+noblacklist ${HOME}/.local/share/singularity
+
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/singularity
+mkdir ${HOME}/.local/share/singularity
+whitelist ${HOME}/.config/singularity
+whitelist ${HOME}/.local/share/singularity
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+#no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+#nosound
+notpm
+notv
+nou2f
+novideo
+seccomp
+seccomp.block-secondary
+tracelog
+
+disable-mnt
+#private-bin dirname,git,python*,singularity,sh
+private-cache
+private-dev
+private-etc @games,@x11
+private-tmp
+
+dbus-user none
+dbus-system none
+
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
@@ -814,6 +814,7 @@ silentarmy
 simple-scan
 simplescreenrecorder
 simutrans
+singularity
 skanlite
 skypeforlinux
 slack
