diff options
author | smitsohu <smitsohu@gmail.com> | 2018-03-28 01:20:21 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-03-28 03:23:59 +0200 |
commit | 7a37dc31ab907d55eb88f2fa259f37046952a0c5 (patch) | |
tree | b6a3e76842eeb8c455e00585de0ab9fc38ef4fe0 /etc/xplayer.profile | |
parent | Enable nodbus for keepassx and keepassxc profiles. (diff) | |
download | firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.gz firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.tar.zst firejail-7a37dc31ab907d55eb88f2fa259f37046952a0c5.zip |
recalibrate dbus access, deploy nodbus option
see #1822 and #1825. also systematically replaces
'blacklist /run/user/*/bus' with 'nodbus'.
with contributions from @Fred-Barclay
Diffstat (limited to 'etc/xplayer.profile')
-rw-r--r-- | etc/xplayer.profile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 8ea361d79..ef1eb38e7 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -15,8 +15,12 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | # following line makes settings immutable | ||
19 | apparmor | ||
18 | caps.drop all | 20 | caps.drop all |
19 | netfilter | 21 | netfilter |
22 | # following line makes settings immutable | ||
23 | nodbus | ||
20 | nogroups | 24 | nogroups |
21 | nonewprivs | 25 | nonewprivs |
22 | noroot | 26 | noroot |