Add a profile for Lutris

- Lutris isn't added to firecfg just yet, needs more testing - aria2c profile has a comment regarding Lutris/Winetricks, but it shouldn't matter since it can't be nested - Add commented wusc to wine.profile - Add vulkan and zenity to wusc.inc
author: Tad <tad@spotco.us> 2020-11-23 16:51:27 -0500
committer: Tad <tad@spotco.us> 2020-11-23 16:54:37 -0500
commit: 096b27c6b34801feb89748639e9588a0cf478aa7 (patch)
tree: fa7dc852522818abc5522640f39f3e9c2bef9ab8 /etc/profile-a-l/lutris.profile
parent: reorder disable-write-mnt.inc (diff)
download: firejail-096b27c6b34801feb89748639e9588a0cf478aa7.tar.gz
firejail-096b27c6b34801feb89748639e9588a0cf478aa7.tar.zst
firejail-096b27c6b34801feb89748639e9588a0cf478aa7.zip
1 files changed, 74 insertions, 0 deletions
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
new file mode 100644
index 000000000..fabf57861
--- /dev/null
+++ b/etc/profile-a-l/lutris.profile
@@ -0,0 +1,74 @@
+# Firejail profile for lutris
+# Description: Multi-library game handler with special support for Wine
+# This file is overwritten after every install/update
+# Persistent local customizations
+include lutris.local
+# Persistent global definitions
+include globals.local
+noblacklist ${PATH}/llvm*
+noblacklist ${HOME}/Games
+noblacklist ${HOME}/.cache/lutris
+noblacklist ${HOME}/.cache/winetricks
+noblacklist ${HOME}/.config/lutris
+noblacklist ${HOME}/.local/share/lutris
+# noblacklist ${HOME}/.wine
+noblacklist /tmp/.wine-*
+ignore noexec ${HOME}
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/Games
+mkdir ${HOME}/.cache/lutris
+mkdir ${HOME}/.cache/winetricks
+mkdir ${HOME}/.config/lutris
+mkdir ${HOME}/.local/share/lutris
+# mkdir ${HOME}/.wine
+whitelist ${HOME}/Downloads
+whitelist ${HOME}/Games
+whitelist ${HOME}/.cache/lutris
+whitelist ${HOME}/.cache/winetricks
+whitelist ${HOME}/.config/lutris
+whitelist ${HOME}/.local/share/lutris
+# whitelist ${HOME}/.wine
+whitelist /usr/share/lutris
+whitelist /usr/share/wine
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+# allow-debuggers
+# apparmor
+caps.drop all
+ipc-namespace
+# net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+# comment the following line if you don't need controller support
+# private-dev
+private-tmp
+dbus-user none
+dbus-system none
author	Tad <tad@spotco.us>	2020-11-23 16:51:27 -0500
committer	Tad <tad@spotco.us>	2020-11-23 16:54:37 -0500
commit	096b27c6b34801feb89748639e9588a0cf478aa7 (patch)
tree	fa7dc852522818abc5522640f39f3e9c2bef9ab8 /etc/profile-a-l/lutris.profile
parent	reorder disable-write-mnt.inc (diff)
download	firejail-096b27c6b34801feb89748639e9588a0cf478aa7.tar.gz firejail-096b27c6b34801feb89748639e9588a0cf478aa7.tar.zst firejail-096b27c6b34801feb89748639e9588a0cf478aa7.zip

diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile new file mode 100644 index 000000000..fabf57861 --- /dev/null +++ b/etc/profile-a-l/lutris.profile
@@ -0,0 +1,74 @@
	1	# Firejail profile for lutris
	2	# Description: Multi-library game handler with special support for Wine
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include lutris.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${PATH}/llvm*
	10	noblacklist ${HOME}/Games
	11	noblacklist ${HOME}/.cache/lutris
	12	noblacklist ${HOME}/.cache/winetricks
	13	noblacklist ${HOME}/.config/lutris
	14	noblacklist ${HOME}/.local/share/lutris
	15	# noblacklist ${HOME}/.wine
	16	noblacklist /tmp/.wine-*
	17
	18	ignore noexec ${HOME}
	19
	20	# Allow python (blacklisted by disable-interpreters.inc)
	21	include allow-python2.inc
	22	include allow-python3.inc
	23
	24	include disable-common.inc
	25	include disable-devel.inc
	26	include disable-exec.inc
	27	include disable-interpreters.inc
	28	include disable-passwdmgr.inc
	29	include disable-programs.inc
	30	include disable-xdg.inc
	31
	32	mkdir ${HOME}/Games
	33	mkdir ${HOME}/.cache/lutris
	34	mkdir ${HOME}/.cache/winetricks
	35	mkdir ${HOME}/.config/lutris
	36	mkdir ${HOME}/.local/share/lutris
	37	# mkdir ${HOME}/.wine
	38	whitelist ${HOME}/Downloads
	39	whitelist ${HOME}/Games
	40	whitelist ${HOME}/.cache/lutris
	41	whitelist ${HOME}/.cache/winetricks
	42	whitelist ${HOME}/.config/lutris
	43	whitelist ${HOME}/.local/share/lutris
	44	# whitelist ${HOME}/.wine
	45	whitelist /usr/share/lutris
	46	whitelist /usr/share/wine
	47	include whitelist-common.inc
	48	include whitelist-usr-share-common.inc
	49	include whitelist-runuser-common.inc
	50	include whitelist-var-common.inc
	51
	52	# allow-debuggers
	53	# apparmor
	54	caps.drop all
	55	ipc-namespace
	56	# net none
	57	netfilter
	58	nodvd
	59	nogroups
	60	nonewprivs
	61	noroot
	62	notv
	63	nou2f
	64	novideo
	65	protocol unix,inet,inet6,netlink
	66	seccomp
	67	shell none
	68
	69	# comment the following line if you don't need controller support
	70	# private-dev
	71	private-tmp
	72
	73	dbus-user none
	74	dbus-system none