Add profile for guvcview

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-01-18 18:59:35 +0100
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-01-18 18:59:35 +0100
commit: 6613769d6c06bbc7cf989bd23c10dce957ff68ff (patch)
tree: 2f6856b0847341c8c91097a41cd5dcd9d3d9bd34 /etc
parent: harden and fix cheese.profile (diff)
download: firejail-6613769d6c06bbc7cf989bd23c10dce957ff68ff.tar.gz
firejail-6613769d6c06bbc7cf989bd23c10dce957ff68ff.tar.zst
firejail-6613769d6c06bbc7cf989bd23c10dce957ff68ff.zip
2 files changed, 56 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 26bcb987f..8b81927e3 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -253,6 +253,7 @@ blacklist ${HOME}/.config/google-chrome-unstable
 blacklist ${HOME}/.config/gpicview
 blacklist ${HOME}/.config/gthumb
 blacklist ${HOME}/.config/gummi
+blacklist ${HOME}/.config/guvcview2
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/homebank
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile
new file mode 100644
index 000000000..46fc06940
--- /dev/null
+++ b/etc/profile-a-l/guvcview.profile
@@ -0,0 +1,55 @@
+# Firejail profile for guvcview
+# Description: GTK+ base UVC Viewer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include guvcview.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/guvcview2
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/guvcview2
+whitelist ${HOME}/.config/guvcview2
+whitelist ${PICTURES}
+whitelist ${VIDEOS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,netlink
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin guvcview
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,glvnd,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pango,pulse,X11
+private-tmp
+dbus-user none
+dbus-system none
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-01-18 18:59:35 +0100
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-01-18 18:59:35 +0100
commit	6613769d6c06bbc7cf989bd23c10dce957ff68ff (patch)
tree	2f6856b0847341c8c91097a41cd5dcd9d3d9bd34 /etc
parent	harden and fix cheese.profile (diff)
download	firejail-6613769d6c06bbc7cf989bd23c10dce957ff68ff.tar.gz firejail-6613769d6c06bbc7cf989bd23c10dce957ff68ff.tar.zst firejail-6613769d6c06bbc7cf989bd23c10dce957ff68ff.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 26bcb987f..8b81927e3 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -253,6 +253,7 @@ blacklist ${HOME}/.config/google-chrome-unstable
253	blacklist ${HOME}/.config/gpicview	253	blacklist ${HOME}/.config/gpicview
254	blacklist ${HOME}/.config/gthumb	254	blacklist ${HOME}/.config/gthumb
255	blacklist ${HOME}/.config/gummi	255	blacklist ${HOME}/.config/gummi
		256	blacklist ${HOME}/.config/guvcview2
256	blacklist ${HOME}/.config/gwenviewrc	257	blacklist ${HOME}/.config/gwenviewrc
257	blacklist ${HOME}/.config/hexchat	258	blacklist ${HOME}/.config/hexchat
258	blacklist ${HOME}/.config/homebank	259	blacklist ${HOME}/.config/homebank


diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile new file mode 100644 index 000000000..46fc06940 --- /dev/null +++ b/etc/profile-a-l/guvcview.profile
@@ -0,0 +1,55 @@
		1	# Firejail profile for guvcview
		2	# Description: GTK+ base UVC Viewer
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include guvcview.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/guvcview2
		10
		11	noblacklist ${PICTURES}
		12	noblacklist ${VIDEOS}
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-passwdmgr.inc
		19	include disable-programs.inc
		20	include disable-shell.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.config/guvcview2
		24	whitelist ${HOME}/.config/guvcview2
		25	whitelist ${PICTURES}
		26	whitelist ${VIDEOS}
		27	include whitelist-common.inc
		28	include whitelist-runuser-common.inc
		29	include whitelist-usr-share-common.inc
		30	include whitelist-var-common.inc
		31
		32	apparmor
		33	caps.drop all
		34	net none
		35	nodvd
		36	nogroups
		37	nonewprivs
		38	noroot
		39	notv
		40	nou2f
		41	protocol unix,netlink
		42	seccomp
		43	seccomp.block-secondary
		44	shell none
		45	tracelog
		46
		47	disable-mnt
		48	private-bin guvcview
		49	private-cache
		50	private-dev
		51	private-etc alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,glvnd,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pango,pulse,X11
		52	private-tmp
		53
		54	dbus-user none
		55	dbus-system none