diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-27 10:24:46 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-27 10:24:46 -0400 |
commit | 37890f6973afcf100f35072ad31a152dc3e67b6d (patch) | |
tree | ed3f9cc56e52c1e939bc71a5a601b880de9e32ae | |
parent | fixed servers.profile (diff) | |
download | firejail-37890f6973afcf100f35072ad31a152dc3e67b6d.tar.gz firejail-37890f6973afcf100f35072ad31a152dc3e67b6d.tar.zst firejail-37890f6973afcf100f35072ad31a152dc3e67b6d.zip |
openbox fix
-rw-r--r-- | etc/disable-common.inc | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/openbox.profile | 12 | ||||
-rw-r--r-- | src/firejail/fs.c | 1 |
4 files changed, 6 insertions, 11 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 71439e10d..06ced4e53 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -3,6 +3,8 @@ blacklist-nolog ${HOME}/.history | |||
3 | blacklist-nolog ${HOME}/.*_history | 3 | blacklist-nolog ${HOME}/.*_history |
4 | 4 | ||
5 | blacklist ${HOME}/.local/share/systemd | 5 | blacklist ${HOME}/.local/share/systemd |
6 | blacklist-nolog ${HOME}/.adobe | ||
7 | blacklist-nolog ${HOME}/.macromedia | ||
6 | 8 | ||
7 | # X11 session autostart | 9 | # X11 session autostart |
8 | blacklist ${HOME}/.xinitrc | 10 | blacklist ${HOME}/.xinitrc |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6379253aa..00879b908 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -6,8 +6,6 @@ blacklist ${HOME}/.FBReader | |||
6 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
7 | 7 | ||
8 | # HTTP / FTP / Mail | 8 | # HTTP / FTP / Mail |
9 | blacklist-nolog ${HOME}/.adobe | ||
10 | blacklist-nolog ${HOME}/.macromedia | ||
11 | blacklist ${HOME}/.icedove | 9 | blacklist ${HOME}/.icedove |
12 | blacklist ${HOME}/.thunderbird | 10 | blacklist ${HOME}/.thunderbird |
13 | blacklist ${HOME}/.sylpheed-2.0 | 11 | blacklist ${HOME}/.sylpheed-2.0 |
diff --git a/etc/openbox.profile b/etc/openbox.profile index 8a46e6841..6e2e5d6fd 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile | |||
@@ -1,15 +1,9 @@ | |||
1 | ################################ | 1 | ####################################### |
2 | # OpenBox window manager profile | 2 | # OpenBox window manager profile |
3 | # - all applications started in OpenBox will run in | 3 | # - all applications started in OpenBox will run in this profile |
4 | # this profile | 4 | ####################################### |
5 | ################################ | ||
6 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
7 | 6 | ||
8 | blacklist ${HOME}/.pki/nssdb | ||
9 | blacklist ${HOME}/.lastpass | ||
10 | blacklist ${HOME}/.keepassx | ||
11 | blacklist ${HOME}/.password-store | ||
12 | |||
13 | caps.drop all | 7 | caps.drop all |
14 | seccomp | 8 | seccomp |
15 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 8a81b6e8e..4695d8d26 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -732,6 +732,7 @@ void fs_basic_fs(void) { | |||
732 | fs_rdonly("/lib"); | 732 | fs_rdonly("/lib"); |
733 | fs_rdonly("/lib64"); | 733 | fs_rdonly("/lib64"); |
734 | fs_rdonly("/lib32"); | 734 | fs_rdonly("/lib32"); |
735 | fs_rdonly("/libx32"); | ||
735 | fs_rdonly("/usr"); | 736 | fs_rdonly("/usr"); |
736 | fs_rdonly("/etc"); | 737 | fs_rdonly("/etc"); |
737 | fs_rdonly("/var"); | 738 | fs_rdonly("/var"); |