diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-07 08:20:15 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-07 08:20:15 -0500 |
commit | 7b48318477da5a4c7509670b55270cc7d14125b3 (patch) | |
tree | 5b55d6b857fd915f9973abe5fd7c2de6a71b255d /etc/firejail.config | |
parent | spelling (diff) | |
download | firejail-7b48318477da5a4c7509670b55270cc7d14125b3.tar.gz firejail-7b48318477da5a4c7509670b55270cc7d14125b3.tar.zst firejail-7b48318477da5a4c7509670b55270cc7d14125b3.zip |
Following links in private-bin command ported from #1100 created problems for some users. I added a follow-symlink-private-bin entry in /etc/firejail/firejail.config file to enable/disable this functionality - default disabled.
Diffstat (limited to 'etc/firejail.config')
-rw-r--r-- | etc/firejail.config | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 766802a7d..858ac4ec1 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -26,6 +26,10 @@ | |||
26 | # Enabled by default | 26 | # Enabled by default |
27 | # follow-symlink-as-user yes | 27 | # follow-symlink-as-user yes |
28 | 28 | ||
29 | # Follow symlink for private-bin command. | ||
30 | # Disabled by default | ||
31 | # follow-symlink-private-bin no | ||
32 | |||
29 | # Force use of nonewprivs. This mitigates the possibility of | 33 | # Force use of nonewprivs. This mitigates the possibility of |
30 | # a user abusing firejail's features to trick a privileged (suid | 34 | # a user abusing firejail's features to trick a privileged (suid |
31 | # or file capabilities) process into loading code or configuration | 35 | # or file capabilities) process into loading code or configuration |