diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-02-14 21:52:32 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-02-16 01:07:07 -0300 |
commit | b539d3e7587cc66d528de93f501868569fc34cfd (patch) | |
tree | d322bd304fed06a9525247685004f59f711b247c | |
parent | Merge pull request #4933 from kmk3/disable-nogroups-msg (diff) | |
download | firejail-b539d3e7587cc66d528de93f501868569fc34cfd.tar.gz firejail-b539d3e7587cc66d528de93f501868569fc34cfd.tar.zst firejail-b539d3e7587cc66d528de93f501868569fc34cfd.zip |
firejail.config: add warning about allow-tray
According to #4053, there is currently no safe (in the sense of not
allowing to escape the sandbox) implementation of
`org.kde.StatusNotifierWatcher`, but it is required by multiple programs
for tray functionality. Users may not be aware of this (for example,
see #4508), so add a warning about it.
Note: allow-tray was added on commit c86cae2d0 ("Add new condition
ALLOW_TRAY", 2021-09-04) / PR #4510.
-rw-r--r-- | etc/firejail.config | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 7912b746c..856018101 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -2,7 +2,8 @@ | |||
2 | # keyword-argument pairs, one per line. Most features are enabled by default. | 2 | # keyword-argument pairs, one per line. Most features are enabled by default. |
3 | # Use 'yes' or 'no' as configuration values. | 3 | # Use 'yes' or 'no' as configuration values. |
4 | 4 | ||
5 | # Allow programs to display a tray icon | 5 | # Allow programs to display a tray icon (warning: allows escaping the sandbox; |
6 | # see https://github.com/netblue30/firejail/discussions/4053) | ||
6 | # allow-tray no | 7 | # allow-tray no |
7 | 8 | ||
8 | # Enable AppArmor functionality, default enabled. | 9 | # Enable AppArmor functionality, default enabled. |