diff options
author | SYN-cook <syncookongit@gmail.com> | 2017-04-09 16:32:22 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-09 16:32:22 +0200 |
commit | 605453cb75120ca456e655ab15670ab7beed7fca (patch) | |
tree | 0b67124121e10fdd6b689e023a4109dc410e8060 /etc/baloo_file.profile | |
parent | add x11 isolation (diff) | |
download | firejail-605453cb75120ca456e655ab15670ab7beed7fca.tar.gz firejail-605453cb75120ca456e655ab15670ab7beed7fca.tar.zst firejail-605453cb75120ca456e655ab15670ab7beed7fca.zip |
improve x11 isolation
taken from tracker.profile
Diffstat (limited to 'etc/baloo_file.profile')
-rw-r--r-- | etc/baloo_file.profile | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 6696cbad2..d9c37911b 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -23,10 +23,8 @@ protocol unix | |||
23 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 23 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
24 | # That's why we need to disable seccomp | 24 | # That's why we need to disable seccomp |
25 | #seccomp | 25 | #seccomp |
26 | # The Baloo file daemon can be isolated from X11. If there is an X11 | 26 | |
27 | # abstract Unix socket, it must be disabled first by passing "-nolisten local" | 27 | blacklist /tmp/.X11-unix |
28 | # to the X server. See the Firejail manual for further instructions | ||
29 | #x11 none | ||
30 | 28 | ||
31 | private-dev | 29 | private-dev |
32 | private-tmp | 30 | private-tmp |