Add profile for guvcview

4 files changed, 59 insertions, 2 deletions

diff --git a/README.md b/README.md
index 69e059bba..2f118ab11 100644
--- a/README.md
+++ b/README.md
@@ -195,4 +195,4 @@ Stats:
 
 ### New profiles:
 
-spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi
+spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi, guvcview
diff --git a/RELNOTES b/RELNOTES
index 705ef8500..fc4f0144d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -7,7 +7,8 @@ firejail (0.9.65) baseline; urgency=low
   * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer
   * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer
   * new profiles: straw-viewer, lutris, dolphin-emu, authenticator-rs, servo
-  * new profiles: npm, marker
+  * new profiles: npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi
+  * new profiles: guvcview
 
  -- netblue30 <netblue30@yahoo.com>  Wed, 21 Oct 2020 09:00:00 -0500
 
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 26bcb987f..8b81927e3 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -253,6 +253,7 @@ blacklist ${HOME}/.config/google-chrome-unstable
 blacklist ${HOME}/.config/gpicview
 blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/gummi
+blacklist ${HOME}/.config/guvcview2
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/homebank
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
new file mode 100644
index 000000000..46fc06940
--- /dev/null
+++ b/etc/profile-a-l/guvcview.profile
@@ -0,0 +1,55 @@
+# Firejail profile for guvcview
+# Description: GTK+ base UVC Viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include guvcview.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/guvcview2
+
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/guvcview2
+whitelist ${HOME}/.config/guvcview2
+whitelist ${PICTURES}
+whitelist ${VIDEOS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,netlink
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+
+disable-mnt
+private-bin guvcview
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,glvnd,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pango,pulse,X11
+private-tmp
+
+dbus-user none
+dbus-system none