Small fixes

- gimp: allow mbind syscall. no start on Fedora 33 without
- minetest: disable private-cache. without persistent cache connecting to servers can take many minutes
- supertuxkart: allow bluetooth protocol. stk can directly connect/pair to WiiMote controllers
- supertuxkart: comment private-dev to allow controller use
- profiles: unify controller support comments
- firecfg: comment evolution with a note, and add a note to epiphany #3647 + #2995

etc/profile-a-l/gimp.profile

@@ -52,7 +52,7 @@ nosound
 notv
 nou2f
 protocol unix
-seccomp
+seccomp !mbind
 shell none
 tracelog
 

etc/profile-a-l/lutris.profile

@@ -66,7 +66,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
-# comment the following line if you don't need controller support
+# uncomment the following line if you do not need controller support
 # private-dev
 private-tmp
 

etc/profile-m-z/minetest.profile

@@ -53,7 +53,8 @@ tracelog
 
 disable-mnt
 private-bin minetest,rm
-private-cache
+# cache is used for storing assets when connecting to servers
+#private-cache
 private-dev
 # private-etc needs to be updated, see #1702
 #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl

etc/profile-m-z/ostrichriders.profile

@@ -42,7 +42,7 @@ tracelog
 disable-mnt
 private-bin ostrichriders
 private-cache
-# private-dev should be commented for controllers
+# comment the following line if you need controller support
 private-dev
 private-tmp
 

etc/profile-m-z/ppsspp.profile

@@ -32,7 +32,7 @@ protocol unix,netlink
 seccomp
 shell none
 
-# private-dev is disabled to allow controller support
+# uncomment the following line if you do not need controller support
 #private-dev
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
 private-opt ppsspp

etc/profile-m-z/steam.profile

@@ -109,7 +109,7 @@ shell none
 # picture viewers are needed for viewing screenshots
 #private-bin eog,eom,gthumb,pix,viewnior,xviewer
 
-# private-dev should be commented for controllers
+# comment the following line if you need controller support
 private-dev
 # private-etc breaks a small selection of games on some systems, comment to support those
 private-etc alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl

etc/profile-m-z/supertuxkart.profile

@@ -41,7 +41,7 @@ noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,bluetooth
 seccomp
 seccomp.block-secondary
 shell none
@@ -50,7 +50,8 @@ tracelog
 disable-mnt
 private-bin supertuxkart
 private-cache
-private-dev
+# uncomment the following line if you do not need controller support
+#private-dev
 private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,ssl
 private-tmp
 private-opt none

src/firecfg/firecfg.config

@@ -197,14 +197,14 @@ enpass
 eog
 eom
 ephemeral
-#epiphany
+#epiphany - see #2995
 equalx
 et
 etr
 evince
 evince-previewer
 evince-thumbnailer
-evolution
+#evolution - see #3647
 exfalso
 exiftool
 falkon