diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-04-07 16:14:25 -0500 |
|---|---|---|
| committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-04-07 16:14:25 -0500 |
| commit | 3848b98961614e1776b29ecfb76ef4c750b6b25f (patch) | |
| tree | 3c7f0b623978562ee23fba7f52b6a039571cebea /etc/file.profile | |
| parent | dbus-proxy (gnome_games) (diff) | |
| download | firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.tar.gz firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.tar.zst firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.zip | |
Replace `nodbus` with dbus-* filters
See
- 07fac581f6b9b5ed068f4c54a9521b51826375c5 for new dbus filters
- https://github.com/netblue30/firejail/pull/3326#issuecomment-610423183
Except for ocenaudio, access/restrictions on dbus options should
be unchanged
Ocenaudio profile: dbus filters were sandboxed (initially `nodbus`
was enabled) since comments indicated blocking dbus meant
preferences were broken
Diffstat (limited to 'etc/file.profile')
| -rw-r--r-- | etc/file.profile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/file.profile b/etc/file.profile index 854586354..74620d4cd 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
| @@ -22,7 +22,6 @@ ipc-namespace | |||
| 22 | machine-id | 22 | machine-id |
| 23 | net none | 23 | net none |
| 24 | no3d | 24 | no3d |
| 25 | nodbus | ||
| 26 | nodvd | 25 | nodvd |
| 27 | nogroups | 26 | nogroups |
| 28 | nonewprivs | 27 | nonewprivs |
| @@ -42,5 +41,8 @@ private-dev | |||
| 42 | #private-etc alternatives,localtime,magic,magic.mgc | 41 | #private-etc alternatives,localtime,magic,magic.mgc |
| 43 | #private-lib file,libarchive.so.*,libfakeroot,libmagic.so.*,libseccomp.so.* | 42 | #private-lib file,libarchive.so.*,libfakeroot,libmagic.so.*,libseccomp.so.* |
| 44 | 43 | ||
| 44 | dbus-user none | ||
| 45 | dbus-system none | ||
| 46 | |||
| 45 | memory-deny-write-execute | 47 | memory-deny-write-execute |
| 46 | read-only ${HOME} | 48 | read-only ${HOME} |