diff options
author | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2017-01-12 00:21:52 +0100 |
---|---|---|
committer | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2017-01-12 00:21:52 +0100 |
commit | cbb8417abad24234979c6ade8ef87f764b2ad791 (patch) | |
tree | cfec71839449065c4cd523552e5ee9099a75f355 | |
parent | disable-common: Make directories commonly found in $PATH read-only (diff) | |
download | firejail-cbb8417abad24234979c6ade8ef87f764b2ad791.tar.gz firejail-cbb8417abad24234979c6ade8ef87f764b2ad791.tar.zst firejail-cbb8417abad24234979c6ade8ef87f764b2ad791.zip |
disable-common: Make ~/.local read-only
-rw-r--r-- | etc/disable-common.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 78698782b..184885c7f 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -123,6 +123,11 @@ read-only ${HOME}/.gem | |||
123 | read-only ${HOME}/.luarocks | 123 | read-only ${HOME}/.luarocks |
124 | read-only ${HOME}/.npm-packages | 124 | read-only ${HOME}/.npm-packages |
125 | 125 | ||
126 | # Make the contents of ~/.local read-only, | ||
127 | # except the commonly-used ~/.local/share | ||
128 | read-only ${HOME}/.local | ||
129 | read-write ${HOME}/.local/share | ||
130 | |||
126 | # top secret | 131 | # top secret |
127 | blacklist ${HOME}/.ecryptfs | 132 | blacklist ${HOME}/.ecryptfs |
128 | blacklist ${HOME}/.Private | 133 | blacklist ${HOME}/.Private |