diff options
author | SYN-cook <syncookongit@gmail.com> | 2017-04-09 15:45:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-09 15:45:35 +0200 |
commit | e76037947da2fd60b3e54b88e191ad6fc768829b (patch) | |
tree | 4306b7b33f944c0c8c68cc38514a6d6e895ab2cc /etc/baloo_file.profile | |
parent | complete baloo blacklist (diff) | |
download | firejail-e76037947da2fd60b3e54b88e191ad6fc768829b.tar.gz firejail-e76037947da2fd60b3e54b88e191ad6fc768829b.tar.zst firejail-e76037947da2fd60b3e54b88e191ad6fc768829b.zip |
add x11 isolation
Diffstat (limited to 'etc/baloo_file.profile')
-rw-r--r-- | etc/baloo_file.profile | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 1acb5def2..6696cbad2 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -20,9 +20,13 @@ nonewprivs | |||
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | protocol unix | 22 | protocol unix |
23 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 23 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
24 | # That's why we need to disable seccomp | 24 | # That's why we need to disable seccomp |
25 | #seccomp | 25 | #seccomp |
26 | # The Baloo file daemon can be isolated from X11. If there is an X11 | ||
27 | # abstract Unix socket, it must be disabled first by passing "-nolisten local" | ||
28 | # to the X server. See the Firejail manual for further instructions | ||
29 | #x11 none | ||
26 | 30 | ||
27 | private-dev | 31 | private-dev |
28 | private-tmp | 32 | private-tmp |