diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-06-09 08:42:59 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-06-09 08:42:59 -0400 |
| commit | d073a425b3e3ed3829a0e042e8c41963f0f40f0e (patch) | |
| tree | 3241c3053a4d3ccba63c633015fddb6e21c9cf74 /etc/firejail.config | |
| parent | fixes (diff) | |
| download | firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.gz firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.tar.zst firejail-d073a425b3e3ed3829a0e042e8c41963f0f40f0e.zip | |
whitelist support in /etc/firejail/firejail.config
Diffstat (limited to 'etc/firejail.config')
| -rw-r--r-- | etc/firejail.config | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 55d2faa9f..4fcaee213 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
| @@ -12,6 +12,12 @@ | |||
| 12 | # Enable or disable file transfer support, default enabled. | 12 | # Enable or disable file transfer support, default enabled. |
| 13 | # file-transfer yes | 13 | # file-transfer yes |
| 14 | 14 | ||
| 15 | # Force use of nonewprivs. This mitigates the possibility of | ||
| 16 | # a user abusing firejail's features to trick a privileged (suid | ||
| 17 | # or file capabilities) process into loading code or configuration | ||
| 18 | # that is partially under their control. Default disabled | ||
| 19 | # force-nonewprivs no | ||
| 20 | |||
| 15 | # Enable or disable networking features, default enabled. | 21 | # Enable or disable networking features, default enabled. |
| 16 | # network yes | 22 | # network yes |
| 17 | 23 | ||
| @@ -27,15 +33,12 @@ | |||
| 27 | # Enable or disable user namespace support, default enabled. | 33 | # Enable or disable user namespace support, default enabled. |
| 28 | # userns yes | 34 | # userns yes |
| 29 | 35 | ||
| 36 | # Enable or disable whitelisting support, default enabled | ||
| 37 | # whitelist yes | ||
| 38 | |||
| 30 | # Enable or disable X11 sandboxing support, default enabled. | 39 | # Enable or disable X11 sandboxing support, default enabled. |
| 31 | # x11 yes | 40 | # x11 yes |
| 32 | 41 | ||
| 33 | # Force use of nonewprivs. This mitigates the possibility of | ||
| 34 | # a user abusing firejail's features to trick a privileged (suid | ||
| 35 | # or file capabilities) process into loading code or configuration | ||
| 36 | # that is partially under their control. Default disabled | ||
| 37 | # force-nonewprivs no | ||
| 38 | |||
| 39 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for | 42 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for |
| 40 | # a full list of resolutions available on your specific setup. | 43 | # a full list of resolutions available on your specific setup. |
| 41 | # xephyr-screen 640x480 | 44 | # xephyr-screen 640x480 |