diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-05-19 09:11:34 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-05-19 09:11:34 -0400 |
| commit | 1328d523ed62dfcdb205580ce7c126813b592cb7 (patch) | |
| tree | c32a024f1cb4b1a1c1b7df819e49f68bd1b4f40f | |
| parent | removed ipc-namespace from firefox profile (diff) | |
| download | firejail-1328d523ed62dfcdb205580ce7c126813b592cb7.tar.gz firejail-1328d523ed62dfcdb205580ce7c126813b592cb7.tar.zst firejail-1328d523ed62dfcdb205580ce7c126813b592cb7.zip | |
support /dev/video* in private-dev, bringing back private-dev in firefox profile
| -rw-r--r-- | etc/firefox.profile | 3 | ||||
| -rw-r--r-- | src/firejail/fs_dev.c | 10 | ||||
| -rw-r--r-- | src/man/firejail.txt | 2 |
3 files changed, 13 insertions, 2 deletions
diff --git a/etc/firefox.profile b/etc/firefox.profile index fd9fb7fe7..a6fe04800 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
| @@ -60,7 +60,8 @@ include /etc/firejail/whitelist-common.inc | |||
| 60 | # experimental features | 60 | # experimental features |
| 61 | #private-bin firefox,which,sh,dbus-launch,dbus-send,env | 61 | #private-bin firefox,which,sh,dbus-launch,dbus-send,env |
| 62 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | 62 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse |
| 63 | # private-dev - prevents video calls going out | 63 | # private-dev might prevent video calls going out |
| 64 | private-dev | ||
| 64 | private-tmp | 65 | private-tmp |
| 65 | 66 | ||
| 66 | noexec ${HOME} | 67 | noexec ${HOME} |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 20fcf56e7..9b73ac9fc 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
| @@ -54,6 +54,16 @@ static DevEntry dev[] = { | |||
| 54 | {"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", 0, 1}, | 54 | {"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", 0, 1}, |
| 55 | {"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", 0, 1}, | 55 | {"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", 0, 1}, |
| 56 | {"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", 0, 1}, | 56 | {"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", 0, 1}, |
| 57 | {"/dev/video0", RUN_DEV_DIR "/video0", 0, 1}, | ||
| 58 | {"/dev/video1", RUN_DEV_DIR "/video1", 0, 1}, | ||
| 59 | {"/dev/video2", RUN_DEV_DIR "/video2", 0, 1}, | ||
| 60 | {"/dev/video3", RUN_DEV_DIR "/video3", 0, 1}, | ||
| 61 | {"/dev/video4", RUN_DEV_DIR "/video4", 0, 1}, | ||
| 62 | {"/dev/video5", RUN_DEV_DIR "/video5", 0, 1}, | ||
| 63 | {"/dev/video6", RUN_DEV_DIR "/video6", 0, 1}, | ||
| 64 | {"/dev/video7", RUN_DEV_DIR "/video7", 0, 1}, | ||
| 65 | {"/dev/video8", RUN_DEV_DIR "/video8", 0, 1}, | ||
| 66 | {"/dev/video9", RUN_DEV_DIR "/video9", 0, 1}, | ||
| 57 | {NULL, NULL, 0, 0} | 67 | {NULL, NULL, 0, 0} |
| 58 | }; | 68 | }; |
| 59 | 69 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 915a0d50d..38bb6a19e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1218,7 +1218,7 @@ bash cat ls sed | |||
| 1218 | 1218 | ||
| 1219 | .TP | 1219 | .TP |
| 1220 | \fB\-\-private-dev | 1220 | \fB\-\-private-dev |
| 1221 | Create a new /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, log and shm devices are available. | 1221 | Create a new /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. |
| 1222 | .br | 1222 | .br |
| 1223 | 1223 | ||
| 1224 | .br | 1224 | .br |