xonotic.profile 1.18 KB
Newer Older
Tad's avatar
Tad committed
1
# Firejail profile for xonotic
2
# Description: A free, fast-paced crossplatform first-person shooter
Tad's avatar
Tad committed
3 4
# This file is overwritten after every install/update
# Persistent local customizations
5
include xonotic.local
Tad's avatar
Tad committed
6
# Persistent global definitions
7
include globals.local
8

Tad's avatar
Tad committed
9 10
noblacklist ${HOME}/.xonotic

11 12 13 14 15
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
Tad's avatar
Tad committed
16 17 18

mkdir ${HOME}/.xonotic
whitelist ${HOME}/.xonotic
19 20
include whitelist-common.inc
include whitelist-var-common.inc
Tad's avatar
Tad committed
21 22 23

caps.drop all
netfilter
24
nodbus
Tad's avatar
Tad committed
25
nodvd
Tad's avatar
Tad committed
26
nogroups
Tad's avatar
Tad committed
27 28
nonewprivs
noroot
Tad's avatar
Tad committed
29
notv
30
nou2f
Tad's avatar
Tad committed
31
novideo
Tad's avatar
Tad committed
32 33
protocol unix,inet,inet6
seccomp
Tad's avatar
Tad committed
34 35
shell none

Tad's avatar
Tad committed
36
disable-mnt
37
private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
Tad's avatar
Tad committed
38
private-dev
39
private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
Tad's avatar
Tad committed
40 41 42 43
private-tmp

noexec ${HOME}
noexec /tmp