diff options
author | smitsohu <smitsohu@gmail.com> | 2019-06-18 18:52:18 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-06-18 18:52:18 +0200 |
commit | b59225f5d987d0467c659b0b5c0630009d519e98 (patch) | |
tree | 35f672dda1ceb649c0689c9c069a021156d8c4c9 /etc/exiftool.profile | |
parent | fix logical OR in disable_file (diff) | |
download | firejail-b59225f5d987d0467c659b0b5c0630009d519e98.tar.gz firejail-b59225f5d987d0467c659b0b5c0630009d519e98.tar.zst firejail-b59225f5d987d0467c659b0b5c0630009d519e98.zip |
use 'x11 none' option
... instead of just blacklisting the X11 socket.
Systematically added to all profiles with 'net none' and
'blacklist /tmp/.X11-unix', and a few more
Diffstat (limited to 'etc/exiftool.profile')
-rw-r--r-- | etc/exiftool.profile | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 52e090b89..e76a4ca4c 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -9,8 +9,6 @@ include globals.local | |||
9 | # Allow perl (blacklisted by disable-interpreters.inc) | 9 | # Allow perl (blacklisted by disable-interpreters.inc) |
10 | include allow-perl.inc | 10 | include allow-perl.inc |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | |||
14 | include disable-common.inc | 12 | include disable-common.inc |
15 | include disable-devel.inc | 13 | include disable-devel.inc |
16 | include disable-exec.inc | 14 | include disable-exec.inc |
@@ -37,6 +35,7 @@ protocol unix | |||
37 | seccomp | 35 | seccomp |
38 | shell none | 36 | shell none |
39 | tracelog | 37 | tracelog |
38 | x11 none | ||
40 | 39 | ||
41 | # To support exiftool in private-bin on Arch Linux (and derivatives), symlink /usr/bin/vendor_perl/exiftool to /usr/bin/exiftool and uncomment the below. | 40 | # To support exiftool in private-bin on Arch Linux (and derivatives), symlink /usr/bin/vendor_perl/exiftool to /usr/bin/exiftool and uncomment the below. |
42 | # Users on non-Arch Linux distributions can safely uncomment (or put in exiftool.local) the line below to enable extra hardening. | 41 | # Users on non-Arch Linux distributions can safely uncomment (or put in exiftool.local) the line below to enable extra hardening. |