diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-04-07 16:14:25 -0500 |
|---|---|---|
| committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-04-07 16:14:25 -0500 |
| commit | 3848b98961614e1776b29ecfb76ef4c750b6b25f (patch) | |
| tree | 3c7f0b623978562ee23fba7f52b6a039571cebea /etc/celluloid.profile | |
| parent | dbus-proxy (gnome_games) (diff) | |
| download | firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.tar.gz firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.tar.zst firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.zip | |
Replace `nodbus` with dbus-* filters
See
- 07fac581f6b9b5ed068f4c54a9521b51826375c5 for new dbus filters
- https://github.com/netblue30/firejail/pull/3326#issuecomment-610423183
Except for ocenaudio, access/restrictions on dbus options should
be unchanged
Ocenaudio profile: dbus filters were sandboxed (initially `nodbus`
was enabled) since comments indicated blocking dbus meant
preferences were broken
Diffstat (limited to 'etc/celluloid.profile')
| -rw-r--r-- | etc/celluloid.profile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/celluloid.profile b/etc/celluloid.profile index daed19634..9be6b1631 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile | |||
| @@ -31,7 +31,6 @@ include whitelist-var-common.inc | |||
| 31 | apparmor | 31 | apparmor |
| 32 | caps.drop all | 32 | caps.drop all |
| 33 | netfilter | 33 | netfilter |
| 34 | # nodbus -- uses dconf, MPRIS | ||
| 35 | nogroups | 34 | nogroups |
| 36 | nonewprivs | 35 | nonewprivs |
| 37 | noroot | 36 | noroot |
| @@ -47,5 +46,9 @@ private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3 | |||
| 47 | private-dev | 46 | private-dev |
| 48 | private-tmp | 47 | private-tmp |
| 49 | 48 | ||
| 49 | # uses dconf, MPRIS | ||
| 50 | # dbus-user none | ||
| 51 | # dbus-system none | ||
| 52 | |||
| 50 | read-only ${HOME} | 53 | read-only ${HOME} |
| 51 | read-write ${HOME}/.config/celluloid | 54 | read-write ${HOME}/.config/celluloid |