recalibrate dbus access, deploy nodbus option

see #1822 and #1825. also systematically replaces 'blacklist /run/user/*/bus' with 'nodbus'. with contributions from @Fred-Barclay
author: smitsohu <smitsohu@gmail.com> 2018-03-28 01:20:21 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-03-28 03:23:59 +0200
commit: 7a37dc31ab907d55eb88f2fa259f37046952a0c5 (patch)
tree: b6a3e76842eeb8c455e00585de0ab9fc38ef4fe0 /etc/cpio.profile
parent: Enable nodbus for keepassx and keepassxc profiles. (diff)
download: firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.gz
firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.zst
firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile
index caee6570e..445e1cec7 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -6,7 +6,6 @@ include /etc/firejail/cpio.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-blacklist /run/user/*/bus
 blacklist /tmp/.X11-unix
 noblacklist /sbin
@@ -19,6 +18,7 @@ include /etc/firejail/disable-programs.inc
 caps.drop all
 net none
 no3d
+nodbus
 nodvd
 nonewprivs
 nosound
author	smitsohu <smitsohu@gmail.com>	2018-03-28 01:20:21 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-03-28 03:23:59 +0200
commit	7a37dc31ab907d55eb88f2fa259f37046952a0c5 (patch)
tree	b6a3e76842eeb8c455e00585de0ab9fc38ef4fe0 /etc/cpio.profile
parent	Enable nodbus for keepassx and keepassxc profiles. (diff)
download	firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.gz firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.zst firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.zip

diff --git a/etc/cpio.profile b/etc/cpio.profile index caee6570e..445e1cec7 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -6,7 +6,6 @@ include /etc/firejail/cpio.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include /etc/firejail/globals.local	7	include /etc/firejail/globals.local
8		8
9	blacklist /run/user/*/bus
10	blacklist /tmp/.X11-unix	9	blacklist /tmp/.X11-unix
11		10
12	noblacklist /sbin	11	noblacklist /sbin
@@ -19,6 +18,7 @@ include /etc/firejail/disable-programs.inc
19	caps.drop all	18	caps.drop all
20	net none	19	net none
21	no3d	20	no3d
		21	nodbus
22	nodvd	22	nodvd
23	nonewprivs	23	nonewprivs
24	nosound	24	nosound