Documentation

Get Started with WineWarden

Everything you need to secure your gaming experience on Linux. From quick start guides to advanced configuration.

Installation

5 minute setup • Rust toolchain required

Requirements
  • Linux kernel 5.11 or higher
  • Rust 1.75+ (install from rustup.rs)
  • libseccomp-dev package

Build from Source

Terminal 
# Clone the repository
git clone https://github.com/S1b-Team/winewarden.git
cd winewarden

# Build release binary
cargo build --release

# Install to local bin
cargo install --path crates/winewarden-cli

Initialize

Create the default configuration and required directories:

Terminal 
winewarden init

Quick Start

Run your first game

1

Initialize WineWarden

Set up the default configuration

winewarden init
2

Run a Game

Launch with WineWarden protection

winewarden run -- wine game.exe
3

Monitor

Watch real-time security events

winewarden monitor

Configuration

Customize WineWarden behavior

Configuration file location: ~/.config/winewarden/config.toml

config.toml 
[winewarden]
enabled = true
no_prompts_during_gameplay = true

[trust]
default_tier = "yellow"
auto_promote = true

[process]
allowed_patterns = ["wine*", "*.exe"]
blocked_patterns = ["*nc*", "*powershell*"]
max_child_processes = 50

[network]
mode = "observe"
dns_awareness = true

Key Options

trust.default_tier

Starting trust level: green, yellow, red

network.mode

Action on suspicious traffic: observe, block, allow

process.max_child_processes

Limit game process spawning

Steam Integration

Use with your Steam library

Launch Options

Add this to your game's launch options in Steam:

Steam Launch Options 
winewarden run -- %command%

Lutris

In Lutris, go to System Options → Command prefix:

Lutris Settings 
winewarden run --

Heroic Games Launcher

In game settings, add to Launch Arguments:

Heroic Settings 
winewarden run -- %command%

Security Features

How WineWarden protects you

Filesystem Virtualization

Games run in isolated mount namespaces with Landlock LSM enforcement. They can only see their designated sandbox, not your personal files.

  • Copy-on-write efficiency
  • Automatic prefix isolation
  • Sacred zones protection

Network Intelligence

Full DNS packet parsing reveals every domain your games contact. Real-time connection tracking exposes hidden telemetry.

  • DNS query monitoring
  • Outbound connection tracking
  • Destination analysis

Process Control

Block shell execution, script interpreters, and suspicious child processes. Prevent privilege escalation attempts.

  • Shell/script blocking
  • Process limits
  • Wildcard pattern matching

Dynamic Trust

Games earn trust based on behavior. Automatic tier adjustments with manual override capabilities.

  • 0-100 scoring system
  • Behavior analysis
  • Tier recommendations

Need More Help?

Check out our GitHub repository for detailed documentation, examples, and community support.

View on GitHub