diff options
author | SYN-cook <syncookongit@gmail.com> | 2017-05-11 01:49:20 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-05-11 01:49:20 +0200 |
commit | 2314c1155d7d2cbae59885054b95c62f28f7842e (patch) | |
tree | 37c8f33a2c965c2c270a58aaf0c043f86a5a139a /etc/disable-common.inc | |
parent | 32bit platform fixes (diff) | |
download | firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.tar.gz firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.tar.zst firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.zip |
add noexec folders (tmp/.X11-unix and .config/pulse)
Diffstat (limited to 'etc/disable-common.inc')
-rw-r--r-- | etc/disable-common.inc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 1c1b298a9..7ed99799d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -190,11 +190,9 @@ read-only ${HOME}/.npm-packages | |||
190 | #read-only ${HOME}/.local | 190 | #read-only ${HOME}/.local |
191 | #read-write ${HOME}/.local/share | 191 | #read-write ${HOME}/.local/share |
192 | #noexec ${HOME}/.local/share | 192 | #noexec ${HOME}/.local/share |
193 | read-only ${HOME}/.local/share/applications | 193 | read-only ${HOME}/.local/share/applications |
194 | blacklist ${HOME}/.local/share/Trash | 194 | blacklist ${HOME}/.local/share/Trash |
195 | 195 | ||
196 | |||
197 | |||
198 | # top secret | 196 | # top secret |
199 | blacklist ${HOME}/.ecryptfs | 197 | blacklist ${HOME}/.ecryptfs |
200 | blacklist ${HOME}/.Private | 198 | blacklist ${HOME}/.Private |
@@ -296,3 +294,7 @@ blacklist ${PATH}/urxvtcd | |||
296 | # kernel files | 294 | # kernel files |
297 | blacklist /vmlinuz* | 295 | blacklist /vmlinuz* |
298 | blacklist /initrd* | 296 | blacklist /initrd* |
297 | |||
298 | # completing noexec ${HOME} and noexec /tmp | ||
299 | noexec ${HOME}/.config/pulse | ||
300 | noexec /tmp/.X11-unix | ||