diff options
author | SYN-cook <syncookongit@gmail.com> | 2017-05-02 16:39:13 +0200 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-05-02 09:39:13 -0500 |
commit | 444e153aab9830247c74f20247868612b5fbce7b (patch) | |
tree | 3543cd7915935216f59016c1ad3a523a8cc493dd /etc/nautilus.profile | |
parent | adding knotes profile (diff) | |
download | firejail-444e153aab9830247c74f20247868612b5fbce7b.tar.gz firejail-444e153aab9830247c74f20247868612b5fbce7b.tar.zst firejail-444e153aab9830247c74f20247868612b5fbce7b.zip |
blacklist file-manager python scripts (#1260)
* blacklist python scripts in caja
~/.local/share/caja is not used by Caja, so it can be removed
* blacklist python scripts in nautilus
* blacklist python scripts in nemo
* permit access to Trash
* blacklist file-manager python bindings
Diffstat (limited to 'etc/nautilus.profile')
-rw-r--r-- | etc/nautilus.profile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 8b86efbd2..49b3ccffd 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -5,10 +5,12 @@ include /etc/firejail/nautilus.local | |||
5 | # nautilus profile | 5 | # nautilus profile |
6 | 6 | ||
7 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there | 7 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there |
8 | # is already a nautilus process running on gnome desktops firejail will have no effect. | 8 | # is already a nautilus process running on gnome desktops firejail will have no effect. |
9 | 9 | ||
10 | noblacklist ~/.config/nautilus | 10 | noblacklist ~/.config/nautilus |
11 | noblacklist ~/.local/share/nautilus | 11 | noblacklist ~/.local/share/nautilus |
12 | noblacklist ~/.local/share/nautilus-python | ||
13 | noblacklist ~/.local/share/Trash | ||
12 | 14 | ||
13 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
14 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files | 16 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files |