Alphabetically order firejail.config (#3324)

1 files changed, 20 insertions, 20 deletions

diff --git a/etc/firejail.config b/etc/firejail.config
index 410bd0ccb..589109c64 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -70,6 +70,13 @@
 # Enable or disable sandbox name change, default enabled.
 # name-change yes
 
+# Change default netfilter configuration. When using --netfilter option without
+# a file argument, the default filter is hardcoded (see man 1 firejail). This
+# configuration entry allows the user to change the default by specifying
+# a file containing the filter configuration. The filter file format is the
+# format of  iptables-save  and iptable-restore commands. Example:
+# netfilter-default /etc/iptables.iptables.rules
+
 # Enable or disable networking features, default enabled.
 # network yes
 
@@ -79,12 +86,12 @@
 # Remove /usr/local directories from private-bin list, default disabled.
 # private-bin-no-local no
 
-# Enable or disable private-home feature, default enabled
-# private-home yes
-
 # Enable or disable private-cache feature, default enabled
 # private-cache yes
 
+# Enable or disable private-home feature, default enabled
+# private-home yes
+
 # Enable or disable private-lib feature, default enabled
 # private-lib yes
 
@@ -97,16 +104,12 @@
 # --netfilter only to root user. Regular users are only allowed --net=none.
 # restricted-network no
 
-# Change default netfilter configuration. When using --netfilter option without
-# a file argument, the default filter is hardcoded (see man 1 firejail). This
-# configuration entry allows the user to change the default by specifying
-# a file containing the filter configuration. The filter file format is the
-# format of  iptables-save  and iptable-restore commands. Example:
-# netfilter-default /etc/iptables.iptables.rules
-
 # Enable or disable seccomp support, default enabled.
 # seccomp yes
 
+# Seccomp error action, kill or errno (EPERM, ENOSYS etc)
+# seccomp-error-action EPERM
+
 # Enable or disable user namespace support, default enabled.
 # userns yes
 
@@ -116,6 +119,10 @@
 # Enable or disable X11 sandboxing support, default enabled.
 # x11 yes
 
+# Xephyr command extra parameters. None by default; these are examples.
+# xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev
+# xephyr-extra-params -grayscale
+
 # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for
 # a full list of resolutions available on your specific setup.
 # xephyr-screen 640x480
@@ -126,17 +133,13 @@
 # Firejail window title in Xephyr, default enabled.
 # xephyr-window-title yes
 
-# Xephyr command extra parameters. None by default; these are examples.
-# xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev
-# xephyr-extra-params -grayscale
-
-# Xpra server command extra parameters. None by default; this is an example.
-# xpra-extra-params --dpi 96
-
 # Enable this option if you have a version of Xpra that supports --attach switch
 # for start command, default disabled.
 # xpra-attach no
 
+# Xpra server command extra parameters. None by default; this is an example.
+# xpra-extra-params --dpi 96
+
 # Screen size for --x11=xvfb, default 800x600x24.  The third dimension is
 # color depth; use 24 unless you know exactly what you're doing.
 # xvfb-screen 640x480x24
@@ -146,6 +149,3 @@
 
 # Xvfb command extra parameters.  None by default; this is an example.
 # xvfb-extra-params -pixdepths 8 24 32
-
-# Seccomp error action, kill or errno (EPERM, ENOSYS etc)
-# seccomp-error-action EPERM