diff options
author | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-04-07 16:14:25 -0500 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-04-07 16:14:25 -0500 |
commit | 3848b98961614e1776b29ecfb76ef4c750b6b25f (patch) | |
tree | 3c7f0b623978562ee23fba7f52b6a039571cebea /etc/rsync-download_only.profile | |
parent | dbus-proxy (gnome_games) (diff) | |
download | firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.tar.gz firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.tar.zst firejail-3848b98961614e1776b29ecfb76ef4c750b6b25f.zip |
Replace `nodbus` with dbus-* filters
See
- 07fac581f6b9b5ed068f4c54a9521b51826375c5 for new dbus filters
- https://github.com/netblue30/firejail/pull/3326#issuecomment-610423183
Except for ocenaudio, access/restrictions on dbus options should
be unchanged
Ocenaudio profile: dbus filters were sandboxed (initially `nodbus`
was enabled) since comments indicated blocking dbus meant
preferences were broken
Diffstat (limited to 'etc/rsync-download_only.profile')
-rw-r--r-- | etc/rsync-download_only.profile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/rsync-download_only.profile b/etc/rsync-download_only.profile index 500656a4b..a39ff759a 100644 --- a/etc/rsync-download_only.profile +++ b/etc/rsync-download_only.profile | |||
@@ -33,7 +33,6 @@ ipc-namespace | |||
33 | machine-id | 33 | machine-id |
34 | netfilter | 34 | netfilter |
35 | no3d | 35 | no3d |
36 | nodbus | ||
37 | nodvd | 36 | nodvd |
38 | nogroups | 37 | nogroups |
39 | nonewprivs | 38 | nonewprivs |
@@ -54,4 +53,7 @@ private-dev | |||
54 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 53 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl |
55 | private-tmp | 54 | private-tmp |
56 | 55 | ||
56 | dbus-user none | ||
57 | dbus-system none | ||
58 | |||
57 | memory-deny-write-execute | 59 | memory-deny-write-execute |