diff options
author | smitsohu <smitsohu@gmail.com> | 2018-11-04 19:22:15 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-11-04 19:22:15 +0100 |
commit | d69e0cf1b35cac9185081bd6d95d82024868ae76 (patch) | |
tree | 4927745c1ae749b9b544137c7306a7457c2cecf3 /etc/disable-common.inc | |
parent | recursive remounts: add fallback for old kernels, some improvements (diff) | |
download | firejail-d69e0cf1b35cac9185081bd6d95d82024868ae76.tar.gz firejail-d69e0cf1b35cac9185081bd6d95d82024868ae76.tar.zst firejail-d69e0cf1b35cac9185081bd6d95d82024868ae76.zip |
profile fixes for recursive read-write mounts
read-write and read-only are applied in sequence, don't
override read-only restrictions in ~/.local/share
issue #2200
Diffstat (limited to 'etc/disable-common.inc')
-rw-r--r-- | etc/disable-common.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b78af7917..d220f381b 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -2,6 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-common.local | 3 | include disable-common.local |
4 | 4 | ||
5 | # The following block breaks trash functionality in file managers | ||
6 | #read-only ${HOME}/.local | ||
7 | #read-write ${HOME}/.local/share | ||
8 | blacklist ${HOME}/.local/share/Trash | ||
9 | |||
5 | # History files in $HOME and clipboard managers | 10 | # History files in $HOME and clipboard managers |
6 | blacklist-nolog ${HOME}/.*_history | 11 | blacklist-nolog ${HOME}/.*_history |
7 | blacklist-nolog ${HOME}/.adobe | 12 | blacklist-nolog ${HOME}/.adobe |
@@ -263,11 +268,6 @@ read-only ${HOME}/.luarocks | |||
263 | read-only ${HOME}/.npm-packages | 268 | read-only ${HOME}/.npm-packages |
264 | read-only ${HOME}/bin | 269 | read-only ${HOME}/bin |
265 | 270 | ||
266 | # The following block breaks trash functionality in file managers | ||
267 | #read-only ${HOME}/.local | ||
268 | #read-write ${HOME}/.local/share | ||
269 | blacklist ${HOME}/.local/share/Trash | ||
270 | |||
271 | # Write-protection for desktop entries | 271 | # Write-protection for desktop entries |
272 | read-only ${HOME}/.config/menus | 272 | read-only ${HOME}/.config/menus |
273 | read-only ${HOME}/.local/share/applications | 273 | read-only ${HOME}/.local/share/applications |