From 1328d523ed62dfcdb205580ce7c126813b592cb7 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 19 May 2017 09:11:34 -0400
Subject: support /dev/video* in private-dev, bringing back private-dev in
 firefox profile

---
 etc/firefox.profile   |  3 ++-
 src/firejail/fs_dev.c | 10 ++++++++++
 src/man/firejail.txt  |  2 +-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/etc/firefox.profile b/etc/firefox.profile
index fd9fb7fe7..a6fe04800 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -60,7 +60,8 @@ include /etc/firejail/whitelist-common.inc
 # experimental features
 #private-bin firefox,which,sh,dbus-launch,dbus-send,env
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
-# private-dev - prevents video calls going out
+# private-dev might prevent video calls going out
+private-dev
 private-tmp
 
 noexec ${HOME}
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 20fcf56e7..9b73ac9fc 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -54,6 +54,16 @@ static DevEntry dev[] = {
 	{"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", 0, 1},
 	{"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", 0, 1},
 	{"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", 0, 1},
+	{"/dev/video0", RUN_DEV_DIR "/video0", 0, 1},
+	{"/dev/video1", RUN_DEV_DIR "/video1", 0, 1},
+	{"/dev/video2", RUN_DEV_DIR "/video2", 0, 1},
+	{"/dev/video3", RUN_DEV_DIR "/video3", 0, 1},
+	{"/dev/video4", RUN_DEV_DIR "/video4", 0, 1},
+	{"/dev/video5", RUN_DEV_DIR "/video5", 0, 1},
+	{"/dev/video6", RUN_DEV_DIR "/video6", 0, 1},
+	{"/dev/video7", RUN_DEV_DIR "/video7", 0, 1},
+	{"/dev/video8", RUN_DEV_DIR "/video8", 0, 1},
+	{"/dev/video9", RUN_DEV_DIR "/video9", 0, 1},
 	{NULL, NULL, 0, 0}
 };
 
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 915a0d50d..38bb6a19e 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1218,7 +1218,7 @@ bash  cat  ls  sed
 
 .TP
 \fB\-\-private-dev
-Create a new /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, log and shm devices are available.
+Create a new /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available.
 .br
 
 .br
-- 
cgit v1.2.3-70-g09d2