Add a profile for Lutris

- Lutris isn't added to firecfg just yet, needs more testing
- aria2c profile has a comment regarding Lutris/Winetricks,
  but it shouldn't matter since it can't be nested
- Add commented wusc to wine.profile
- Add vulkan and zenity to wusc.inc

6 files changed, 85 insertions, 2 deletions

diff --git a/README.md b/README.md
index a9a89a63c..9df16da7e 100644
--- a/README.md
+++ b/README.md
@@ -194,4 +194,4 @@ Stats:
 
 ### New profiles:
 
-spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer
+spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris
diff --git a/RELNOTES b/RELNOTES
index 8662125f5..3d6fa5adb 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.65) baseline; urgency=low
   * allow AF_BLUETOOTH via --protocol=bluetooth
   * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer
   * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer
-  * new profiles: straw-viewer
+  * new profiles: straw-viewer, lutris
 
  -- netblue30 <netblue30@yahoo.com>  Wed, 21 Oct 2020 09:00:00 -0500
 
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 976f988b2..942dbb2bc 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -293,6 +293,7 @@ blacklist ${HOME}/.config/libreoffice
 blacklist ${HOME}/.config/liferea
 blacklist ${HOME}/.config/linphone
 blacklist ${HOME}/.config/lugaru
+blacklist ${HOME}/.config/lutris
 blacklist ${HOME}/.config/lximage-qt
 blacklist ${HOME}/.config/mailtransports
 blacklist ${HOME}/.local/share/man
@@ -662,6 +663,7 @@ blacklist ${HOME}/.local/share/local-mail
 blacklist ${HOME}/.local/share/lollypop
 blacklist ${HOME}/.local/share/love
 blacklist ${HOME}/.local/share/lugaru
+blacklist ${HOME}/.local/share/lutris
 blacklist ${HOME}/.local/share/mana
 blacklist ${HOME}/.local/share/maps-places.json
 blacklist ${HOME}/.local/share/meld
@@ -933,6 +935,7 @@ blacklist ${HOME}/.cache/kube
 blacklist ${HOME}/.cache/kwin
 blacklist ${HOME}/.cache/libgweather
 blacklist ${HOME}/.cache/liferea
+blacklist ${HOME}/.cache/lutris
 blacklist ${HOME}/.cache/Mendeley Ltd.
 blacklist ${HOME}/.cache/midori
 blacklist ${HOME}/.cache/minetest
@@ -988,6 +991,7 @@ blacklist ${HOME}/.cache/vmware
 blacklist ${HOME}/.cache/warsow-2.1
 blacklist ${HOME}/.cache/waterfox
 blacklist ${HOME}/.cache/wesnoth
+blacklist ${HOME}/.cache/winetricks
 blacklist ${HOME}/.cache/xmms2
 blacklist ${HOME}/.cache/xreader
 blacklist ${HOME}/.cache/yandex-browser
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index de4ae2101..785a1d7d4 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -60,6 +60,8 @@ whitelist /usr/share/texlive
 whitelist /usr/share/texmf
 whitelist /usr/share/themes
 whitelist /usr/share/thumbnail.so
+whitelist /usr/share/vulkan
 whitelist /usr/share/X11
 whitelist /usr/share/xml
+whitelist /usr/share/zenity
 whitelist /usr/share/zoneinfo
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
new file mode 100644
index 000000000..fabf57861
--- /dev/null
+++ b/etc/profile-a-l/lutris.profile
@@ -0,0 +1,74 @@
+# Firejail profile for lutris
+# Description: Multi-library game handler with special support for Wine
+# This file is overwritten after every install/update
+# Persistent local customizations
+include lutris.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PATH}/llvm*
+noblacklist ${HOME}/Games
+noblacklist ${HOME}/.cache/lutris
+noblacklist ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.config/lutris
+noblacklist ${HOME}/.local/share/lutris
+# noblacklist ${HOME}/.wine
+noblacklist /tmp/.wine-*
+
+ignore noexec ${HOME}
+
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/Games
+mkdir ${HOME}/.cache/lutris
+mkdir ${HOME}/.cache/winetricks
+mkdir ${HOME}/.config/lutris
+mkdir ${HOME}/.local/share/lutris
+# mkdir ${HOME}/.wine
+whitelist ${HOME}/Downloads
+whitelist ${HOME}/Games
+whitelist ${HOME}/.cache/lutris
+whitelist ${HOME}/.cache/winetricks
+whitelist ${HOME}/.config/lutris
+whitelist ${HOME}/.local/share/lutris
+# whitelist ${HOME}/.wine
+whitelist /usr/share/lutris
+whitelist /usr/share/wine
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+
+# allow-debuggers
+# apparmor
+caps.drop all
+ipc-namespace
+# net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+
+# comment the following line if you don't need controller support
+# private-dev
+private-tmp
+
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile
index 901340052..6ac74b9da 100644
--- a/etc/profile-m-z/wine.profile
+++ b/etc/profile-m-z/wine.profile
@@ -6,6 +6,7 @@ include wine.local
 # Persistent global definitions
 include globals.local
 
+noblacklist ${HOME}/.cache/winetricks
 noblacklist ${HOME}/.Steam
 noblacklist ${HOME}/.local/share/Steam
 noblacklist ${HOME}/.local/share/steam
@@ -19,6 +20,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
+# whitelist /usr/share/wine
+# include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 # some applications don't need allow-debuggers, comment the next line