diff options
author | smitsohu <smitsohu@gmail.com> | 2021-05-21 23:25:09 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-05-22 15:26:57 +0200 |
commit | e391930dca9ccb4fce225f8364813b6bf127dd9b (patch) | |
tree | 3a3d3437220a78b30f62ff2ba1f1c3588da4d7aa /etc/firejail.config | |
parent | Fix #4282 -- Unable to open X display when running firejail chromium command (diff) | |
download | firejail-e391930dca9ccb4fce225f8364813b6bf127dd9b.tar.gz firejail-e391930dca9ccb4fce225f8364813b6bf127dd9b.tar.zst firejail-e391930dca9ccb4fce225f8364813b6bf127dd9b.zip |
add firejail.config switch for private-{bin,etc,opt,srv}
Diffstat (limited to 'etc/firejail.config')
-rw-r--r-- | etc/firejail.config | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 731e744dd..592d77aff 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -35,11 +35,6 @@ | |||
35 | # cannot be overridden by --noblacklist or --ignore. | 35 | # cannot be overridden by --noblacklist or --ignore. |
36 | # disable-mnt no | 36 | # disable-mnt no |
37 | 37 | ||
38 | # Set the limit for file copy in several --private-* options. The size is set | ||
39 | # in megabytes. By default we allow up to 500MB. | ||
40 | # Note: the files are copied in RAM. | ||
41 | # file-copy-limit 500 | ||
42 | |||
43 | # Enable or disable file transfer support, default enabled. | 38 | # Enable or disable file transfer support, default enabled. |
44 | # file-transfer yes | 39 | # file-transfer yes |
45 | 40 | ||
@@ -83,18 +78,35 @@ | |||
83 | # Enable or disable overlayfs features, default enabled. | 78 | # Enable or disable overlayfs features, default enabled. |
84 | # overlayfs yes | 79 | # overlayfs yes |
85 | 80 | ||
81 | # Set the limit for file copy in several --private-* options. The size is set | ||
82 | # in megabytes. By default we allow up to 500MB. | ||
83 | # Note: the files are copied in RAM. | ||
84 | # file-copy-limit 500 | ||
85 | |||
86 | # Enable or disable private-bin feature, default enabled. | ||
87 | # private-bin yes | ||
88 | |||
86 | # Remove /usr/local directories from private-bin list, default disabled. | 89 | # Remove /usr/local directories from private-bin list, default disabled. |
87 | # private-bin-no-local no | 90 | # private-bin-no-local no |
88 | 91 | ||
89 | # Enable or disable private-cache feature, default enabled | 92 | # Enable or disable private-cache feature, default enabled |
90 | # private-cache yes | 93 | # private-cache yes |
91 | 94 | ||
95 | # Enable or disable private-etc feature, default enabled. | ||
96 | # private-etc yes | ||
97 | |||
92 | # Enable or disable private-home feature, default enabled | 98 | # Enable or disable private-home feature, default enabled |
93 | # private-home yes | 99 | # private-home yes |
94 | 100 | ||
95 | # Enable or disable private-lib feature, default enabled | 101 | # Enable or disable private-lib feature, default enabled |
96 | # private-lib yes | 102 | # private-lib yes |
97 | 103 | ||
104 | # Enable or disable private-opt feature, default enabled. | ||
105 | # private-opt yes | ||
106 | |||
107 | # Enable or disable private-srv feature, default enabled. | ||
108 | # private-srv yes | ||
109 | |||
98 | # Enable --quiet as default every time the sandbox is started. Default disabled. | 110 | # Enable --quiet as default every time the sandbox is started. Default disabled. |
99 | # quiet-by-default no | 111 | # quiet-by-default no |
100 | 112 | ||