Add a profile for dolphin-emu

Games folder must be whitelisted in a dolphin-emu.local
Its private-etc can likely be shortened

README.md

@@ -194,4 +194,4 @@ Stats:
 
 ### New profiles:
 
-spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris
+spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu

RELNOTES

@@ -4,7 +4,7 @@ firejail (0.9.65) baseline; urgency=low
  * allow AF_BLUETOOTH via --protocol=bluetooth
  * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer
  * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer
- * new profiles: straw-viewer, lutris
+ * new profiles: straw-viewer, lutris, dolphin-emu
 
  -- netblue30 <[email protected]> Wed, 21 Oct 2020 09:00:00 -0500
 

etc/inc/disable-programs.inc

@@ -200,6 +200,7 @@ blacklist ${HOME}/.config/discord
 blacklist ${HOME}/.config/discordcanary
 blacklist ${HOME}/.config/dkl
 blacklist ${HOME}/.config/dnox
+blacklist ${HOME}/.config/dolphin-emu
 blacklist ${HOME}/.config/dolphinrc
 blacklist ${HOME}/.config/dragonplayerrc
 blacklist ${HOME}/.config/draw.io
@@ -605,6 +606,7 @@ blacklist ${HOME}/.local/share/data/nomacs
 blacklist ${HOME}/.local/share/data/qBittorrent
 blacklist ${HOME}/.local/share/dino
 blacklist ${HOME}/.local/share/dolphin
+blacklist ${HOME}/.local/share/dolphin-emu
 blacklist ${HOME}/.local/share/emailidentities
 blacklist ${HOME}/.local/share/epiphany
 blacklist ${HOME}/.local/share/evolution
@@ -886,6 +888,7 @@ blacklist ${HOME}/.cache/deja-dup
 blacklist ${HOME}/.cache/discover
 blacklist ${HOME}/.cache/dnox
 blacklist ${HOME}/.cache/dolphin
+blacklist ${HOME}/.cache/dolphin-emu
 blacklist ${HOME}/.cache/ephemeral
 blacklist ${HOME}/.cache/epiphany
 blacklist ${HOME}/.cache/evolution

etc/profile-a-l/dolphin-emu.profile

@@ -0,0 +1,63 @@
+# Firejail profile for dolphin-emu
+# Description: An emulator for Gamecube and Wii games
+# This file is overwritten after every install/update
+# Persistent local customizations
+include dolphin-emu.local
+# Persistent global definitions
+include globals.local
+
+# Note: you must whitelist your games folder in a dolphin-emu.local
+
+noblacklist ${HOME}/.cache/dolphin-emu
+noblacklist ${HOME}/.config/dolphin-emu
+noblacklist ${HOME}/.local/share/dolphin-emu
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/dolphin-emu
+mkdir ${HOME}/.config/dolphin-emu
+mkdir ${HOME}/.local/share/dolphin-emu
+whitelist ${HOME}/.cache/dolphin-emu
+whitelist ${HOME}/.config/dolphin-emu
+whitelist ${HOME}/.local/share/dolphin-emu
+whitelist /usr/share/dolphin-emu
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+# uncomment the following line if you do not need NetPlay support
+# net none
+netfilter
+# uncomment the following line if you do not need disc support
+#nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink,bluetooth
+seccomp
+shell none
+tracelog
+
+private-bin bash,dolphin-emu,dolphin-emu-x11,sh
+private-cache
+# uncomment the following line if you do not need controller support
+#private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
+private-opt none
+private-tmp
+
+dbus-user none
+dbus-system none

src/firecfg/firecfg.config

@@ -173,6 +173,7 @@ dnox
 dnscrypt-proxy
 dnsmasq
 dolphin
+dolphin-emu
 dooble
 dooble-qt4
 dosbox