diff options
author | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2019-05-19 22:56:36 +0000 |
---|---|---|
committer | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2019-05-19 22:56:36 +0000 |
commit | feae44c4ff406f6191426762cc2edec000bed0af (patch) | |
tree | 1f5a64630180d9a00428c9e7f770154570894b98 | |
parent | Refactor eog and eom profiles with common redirect (#2708) (diff) | |
download | firejail-feae44c4ff406f6191426762cc2edec000bed0af.tar.gz firejail-feae44c4ff406f6191426762cc2edec000bed0af.tar.zst firejail-feae44c4ff406f6191426762cc2edec000bed0af.zip |
Expose /tmp/.X11-unix as read-only as per Issue #2269
-rw-r--r-- | src/firejail/fs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index bf7c0a4b2..f3ef97aeb 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1519,6 +1519,8 @@ void fs_private_tmp(void) { | |||
1519 | 1519 | ||
1520 | // whitelist x11 directory | 1520 | // whitelist x11 directory |
1521 | profile_add("whitelist /tmp/.X11-unix"); | 1521 | profile_add("whitelist /tmp/.X11-unix"); |
1522 | // read-only x11 directory | ||
1523 | profile_add("read-only /tmp/.X11-unix"); | ||
1522 | 1524 | ||
1523 | // whitelist any pulse* file in /tmp directory | 1525 | // whitelist any pulse* file in /tmp directory |
1524 | // some distros use PulseAudio sockets under /tmp instead of the socket in /urn/user | 1526 | // some distros use PulseAudio sockets under /tmp instead of the socket in /urn/user |