diff options
author | 2019-06-18 18:52:18 +0200 | |
---|---|---|
committer | 2019-06-18 18:52:18 +0200 | |
commit | b59225f5d987d0467c659b0b5c0630009d519e98 (patch) | |
tree | 35f672dda1ceb649c0689c9c069a021156d8c4c9 /etc/atool.profile | |
parent | fix logical OR in disable_file (diff) | |
download | firejail-b59225f5d987d0467c659b0b5c0630009d519e98.tar.gz firejail-b59225f5d987d0467c659b0b5c0630009d519e98.tar.zst firejail-b59225f5d987d0467c659b0b5c0630009d519e98.zip |
use 'x11 none' option
... instead of just blacklisting the X11 socket.
Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
Diffstat (limited to 'etc/atool.profile')
-rw-r--r-- | etc/atool.profile | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/etc/atool.profile b/etc/atool.profile index 7bcfdb935..c9d950259 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -10,8 +10,6 @@ include globals.local | |||
10 | # Allow perl (blacklisted by disable-interpreters.inc) | 10 | # Allow perl (blacklisted by disable-interpreters.inc) |
11 | include allow-perl.inc | 11 | include allow-perl.inc |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | ||
14 | |||
15 | include disable-common.inc | 13 | include disable-common.inc |
16 | # include disable-devel.inc | 14 | # include disable-devel.inc |
17 | include disable-exec.inc | 15 | include disable-exec.inc |
@@ -40,6 +38,7 @@ protocol unix | |||
40 | seccomp | 38 | seccomp |
41 | shell none | 39 | shell none |
42 | tracelog | 40 | tracelog |
41 | x11 none | ||
43 | 42 | ||
44 | # private-bin atool,perl | 43 | # private-bin atool,perl |
45 | private-cache | 44 | private-cache |