diff options
author | smitsohu <smitsohu@gmail.com> | 2018-03-28 01:20:21 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-03-28 03:23:59 +0200 |
commit | 7a37dc31ab907d55eb88f2fa259f37046952a0c5 (patch) | |
tree | b6a3e76842eeb8c455e00585de0ab9fc38ef4fe0 /etc/scribus.profile | |
parent | Enable nodbus for keepassx and keepassxc profiles. (diff) | |
download | firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.gz firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.zst firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.zip |
recalibrate dbus access, deploy nodbus option
see #1822 and #1825. also systematically replaces
'blacklist /run/user/*/bus' with 'nodbus'.
with contributions from @Fred-Barclay
Diffstat (limited to 'etc/scribus.profile')
-rw-r--r-- | etc/scribus.profile | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/scribus.profile b/etc/scribus.profile index 8ce63fbf0..7325b663d 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/scribus.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | # Support for PDF readers comes with Scribus 1.5 and higher | 8 | # Support for PDF readers comes with Scribus 1.5 and higher |
11 | noblacklist ${HOME}/.cache/okular | 9 | noblacklist ${HOME}/.cache/okular |
12 | noblacklist ${HOME}/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
@@ -33,6 +31,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
33 | 31 | ||
34 | caps.drop all | 32 | caps.drop all |
35 | net none | 33 | net none |
34 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -48,3 +47,6 @@ tracelog | |||
48 | # private-bin scribus,gs,gimp* | 47 | # private-bin scribus,gs,gimp* |
49 | private-dev | 48 | private-dev |
50 | private-tmp | 49 | private-tmp |
50 | |||
51 | # noexec ${HOME} | ||
52 | noexec /tmp | ||