diff options
author | SYN-cook <syncookongit@gmail.com> | 2017-05-05 22:21:31 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-05-05 22:21:31 +0200 |
commit | 7c8b3d1bd8f8ed5d32a744bf3bbaf49f9477ad0a (patch) | |
tree | 78ccc552e9cc948f2ba5ddeafdb075b80dc3699a | |
parent | Merge pull request #1265 from SYN-cook/patch-1 (diff) | |
download | firejail-7c8b3d1bd8f8ed5d32a744bf3bbaf49f9477ad0a.tar.gz firejail-7c8b3d1bd8f8ed5d32a744bf3bbaf49f9477ad0a.tar.zst firejail-7c8b3d1bd8f8ed5d32a744bf3bbaf49f9477ad0a.zip |
harden baloo_file
but loosen write-protections in commented section. due to KDE creating write-lock files, stricter settings for ~/.local/share don't work
-rw-r--r-- | etc/baloo_file.profile | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index bf0e924d8..d306a1b45 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -28,9 +28,11 @@ x11 xorg | |||
28 | private-dev | 28 | private-dev |
29 | private-tmp | 29 | private-tmp |
30 | 30 | ||
31 | # Make home directory read-only and allow writing only to Baloo's database. | 31 | noexec ${HOME} |
32 | # Note: Baloo will not be able to update the first run key in its configuration files. | 32 | noexec /tmp |
33 | # Older versions will issue a warning message. | 33 | |
34 | # Make home directory read-only and allow writing only to ~/.local/share | ||
35 | # Note: Baloo will not be able to update the "first run" key in its configuration files. | ||
34 | #read-only ${HOME} | 36 | #read-only ${HOME} |
35 | #read-write ${HOME}/.local/share/baloo | 37 | #read-write ${HOME}/.local/share |
36 | #read-write ${HOME}/.local/share/akonadi/search_db | 38 | #noexec ${HOME}/.local/share |