diff options
author | smitsohu <smitsohu@gmail.com> | 2018-02-01 22:39:21 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-02-01 22:39:21 +0100 |
commit | 8aec7694cb4c7c0d07b333b689ab19faacb519f9 (patch) | |
tree | d5cc911a2b94d80faf8d9bcfabc8fd156d75e887 /etc/krunner.profile | |
parent | unbound fix (part 2) - whitelist /var/run (diff) | |
download | firejail-8aec7694cb4c7c0d07b333b689ab19faacb519f9.tar.gz firejail-8aec7694cb4c7c0d07b333b689ab19faacb519f9.tar.zst firejail-8aec7694cb4c7c0d07b333b689ab19faacb519f9.zip |
KDE related enhancements
Diffstat (limited to 'etc/krunner.profile')
-rw-r--r-- | etc/krunner.profile | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/etc/krunner.profile b/etc/krunner.profile index 606b67677..1e97f4290 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile | |||
@@ -5,12 +5,15 @@ include /etc/firejail/krunner.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # start a program in krunner: program will run with this generic profile | 8 | # - programs started in krunner run with this generic profile. |
9 | # open a file in krunner: file viewer will run with its own profile (if firejailed automatically) | 9 | # - when a file is opened in krunner, the file viewer runs in its own sandbox |
10 | # with its own profile, if it is sandboxed automatically. | ||
10 | 11 | ||
12 | # noblacklist ${HOME}/.cache/krunner | ||
11 | noblacklist ${HOME}/.config/krunnerrc | 13 | noblacklist ${HOME}/.config/krunnerrc |
12 | noblacklist ${HOME}/.kde/share/config/krunnerrc | 14 | noblacklist ${HOME}/.kde/share/config/krunnerrc |
13 | noblacklist ${HOME}/.kde4/share/config/krunnerrc | 15 | noblacklist ${HOME}/.kde4/share/config/krunnerrc |
16 | # noblacklist ${HOME}/.local/share/baloo | ||
14 | 17 | ||
15 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
16 | # include /etc/firejail/disable-devel.inc | 19 | # include /etc/firejail/disable-devel.inc |
@@ -21,6 +24,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
21 | 24 | ||
22 | caps.drop all | 25 | caps.drop all |
23 | netfilter | 26 | netfilter |
27 | nogroups | ||
24 | nonewprivs | 28 | nonewprivs |
25 | noroot | 29 | noroot |
26 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |