diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2024-02-16 20:21:11 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-16 20:21:11 +0000 |
commit | 15fc09ec77263746a7081d2d58d8afa257be4322 (patch) | |
tree | 34731f98d54ee84554c069b633b004319d467128 | |
parent | build: ensure fnettrace prints to stdout (diff) | |
download | firejail-15fc09ec77263746a7081d2d58d8afa257be4322.tar.gz firejail-15fc09ec77263746a7081d2d58d8afa257be4322.tar.zst firejail-15fc09ec77263746a7081d2d58d8afa257be4322.zip |
nextcloud: harden D-Bus filtering
-rw-r--r-- | etc/profile-m-z/nextcloud.profile | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index d4bad2f67..f6d3d5b6b 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -65,7 +65,12 @@ private-etc @tls-ca,@x11,Nextcloud,host.conf,os-release | |||
65 | private-dev | 65 | private-dev |
66 | private-tmp | 66 | private-tmp |
67 | 67 | ||
68 | dbus-user filter | 68 | # IMPORTANT: create ~/.local/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service |
69 | # referencing the firejailed /usr/local/bin/nextcloud to keep nextcloud running sandboxed | ||
70 | # even when started via systemd user service | ||
71 | # see https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-sandbox-systemd-started-applications | ||
72 | dbus-user filter | ||
73 | dbus-user.own com.nextcloudgmbh.Nextcloud | ||
69 | dbus-user.talk org.freedesktop.secrets | 74 | dbus-user.talk org.freedesktop.secrets |
70 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | 75 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher |
71 | dbus-system none | 76 | dbus-system none |