diff options
author | netblue30 <netblue30@yahoo.com> | 2017-05-12 11:12:17 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-05-12 11:12:17 -0400 |
commit | c62e7c77986f232e3bf6d6e765d013f302f736a3 (patch) | |
tree | 5c2f9ffba41a9225089958b25e79450f780f1559 /etc/xpra.profile | |
parent | compile fixes on 32bit platforms (diff) | |
download | firejail-c62e7c77986f232e3bf6d6e765d013f302f736a3.tar.gz firejail-c62e7c77986f232e3bf6d6e765d013f302f736a3.tar.zst firejail-c62e7c77986f232e3bf6d6e765d013f302f736a3.zip |
automatic X server sandboxing for --x11=xpra and --x11=xephyr
Diffstat (limited to 'etc/xpra.profile')
-rw-r--r-- | etc/xpra.profile | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/etc/xpra.profile b/etc/xpra.profile index f4f28f9de..11bfec7eb 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
@@ -5,14 +5,11 @@ include /etc/firejail/xpra.local | |||
5 | 5 | ||
6 | # | 6 | # |
7 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. | 7 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. |
8 | # The target program is sandboxed with its own profile. By default the this functionality | 8 | # To enable it, create a firejail-xpra symlink in /usr/local/bin: |
9 | # is disabled. To enable it, create a firejail-xpra symlink in /usr/local/bin: | ||
10 | # | 9 | # |
11 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/xpra | 10 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/xpra |
12 | # | 11 | # |
13 | # We have this functionality disabled by default because it creates problems on | 12 | # or run "sudo firecfg" |
14 | # some Linux distributions. | ||
15 | # | ||
16 | 13 | ||
17 | # private home directory doesn't work on some distros, so we go for a regular home | 14 | # private home directory doesn't work on some distros, so we go for a regular home |
18 | #private | 15 | #private |
@@ -36,6 +33,7 @@ protocol unix | |||
36 | 33 | ||
37 | private-dev | 34 | private-dev |
38 | private-tmp | 35 | private-tmp |
36 | # older Xpra versions also use Xvfb | ||
39 | #private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls | 37 | #private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls |
40 | #private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 | 38 | #private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 |
41 | 39 | ||