diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-02-14 21:52:32 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-02-16 01:07:07 -0300 |
| commit | b539d3e7587cc66d528de93f501868569fc34cfd (patch) | |
| tree | d322bd304fed06a9525247685004f59f711b247c /etc/firejail.config | |
| parent | Merge pull request #4933 from kmk3/disable-nogroups-msg (diff) | |
| download | firejail-b539d3e7587cc66d528de93f501868569fc34cfd.tar.gz firejail-b539d3e7587cc66d528de93f501868569fc34cfd.tar.zst firejail-b539d3e7587cc66d528de93f501868569fc34cfd.zip | |
firejail.config: add warning about allow-tray
According to #4053, there is currently no safe (in the sense of not
allowing to escape the sandbox) implementation of
`org.kde.StatusNotifierWatcher`, but it is required by multiple programs
for tray functionality. Users may not be aware of this (for example,
see #4508), so add a warning about it.
Note: allow-tray was added on commit c86cae2d0 ("Add new condition
ALLOW_TRAY", 2021-09-04) / PR #4510.
Diffstat (limited to 'etc/firejail.config')
| -rw-r--r-- | etc/firejail.config | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 7912b746c..856018101 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
| @@ -2,7 +2,8 @@ | |||
| 2 | # keyword-argument pairs, one per line. Most features are enabled by default. | 2 | # keyword-argument pairs, one per line. Most features are enabled by default. |
| 3 | # Use 'yes' or 'no' as configuration values. | 3 | # Use 'yes' or 'no' as configuration values. |
| 4 | 4 | ||
| 5 | # Allow programs to display a tray icon | 5 | # Allow programs to display a tray icon (warning: allows escaping the sandbox; |
| 6 | # see https://github.com/netblue30/firejail/discussions/4053) | ||
| 6 | # allow-tray no | 7 | # allow-tray no |
| 7 | 8 | ||
| 8 | # Enable AppArmor functionality, default enabled. | 9 | # Enable AppArmor functionality, default enabled. |