diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-06-18 18:52:18 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-06-18 18:52:18 +0200 |
| commit | b59225f5d987d0467c659b0b5c0630009d519e98 (patch) | |
| tree | 35f672dda1ceb649c0689c9c069a021156d8c4c9 /etc/cpio.profile | |
| parent | fix logical OR in disable_file (diff) | |
| download | firejail-b59225f5d987d0467c659b0b5c0630009d519e98.tar.gz firejail-b59225f5d987d0467c659b0b5c0630009d519e98.tar.zst firejail-b59225f5d987d0467c659b0b5c0630009d519e98.zip | |
use 'x11 none' option
... instead of just blacklisting the X11 socket.
Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
Diffstat (limited to 'etc/cpio.profile')
| -rw-r--r-- | etc/cpio.profile | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile index 0bb45f5cd..17a765700 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
| @@ -10,8 +10,6 @@ include globals.local | |||
| 10 | noblacklist /sbin | 10 | noblacklist /sbin |
| 11 | noblacklist /usr/sbin | 11 | noblacklist /usr/sbin |
| 12 | 12 | ||
| 13 | blacklist /tmp/.X11-unix | ||
| 14 | |||
| 15 | include disable-common.inc | 13 | include disable-common.inc |
| 16 | # include disable-devel.inc | 14 | # include disable-devel.inc |
| 17 | include disable-exec.inc | 15 | include disable-exec.inc |
| @@ -36,6 +34,7 @@ novideo | |||
| 36 | seccomp | 34 | seccomp |
| 37 | shell none | 35 | shell none |
| 38 | tracelog | 36 | tracelog |
| 37 | x11 none | ||
| 39 | 38 | ||
| 40 | private-cache | 39 | private-cache |
| 41 | private-dev | 40 | private-dev |