disable flatpak directories

author: netblue30 <netblue30@yahoo.com> 2018-06-20 18:23:54 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-06-20 18:23:54 -0400
commit: a6acf8761b02272c56014477bfceba3dfe2fff84 (patch)
tree: e4fbbdb031e19099afa01c7ca54ef8a99726f645 /etc
parent: wireshark.profile: allow lua for scripting (diff)
download: firejail-a6acf8761b02272c56014477bfceba3dfe2fff84.tar.gz
firejail-a6acf8761b02272c56014477bfceba3dfe2fff84.tar.zst
firejail-a6acf8761b02272c56014477bfceba3dfe2fff84.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 71d4ad97b..56121809a 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -383,3 +383,12 @@ blacklist /vmlinuz*
 # complement noexec ${HOME} and noexec /tmp
 noexec /tmp/.X11-unix
+# flatpak
+blacklist ${HOME}/*.config/flatpak
+blacklist ${HOME}/*.var
+blacklist ${HOME}/*.local/share/flatpak
+blacklist /var/lib/flatpak
+blacklist /usr/share/flatpak
+# most of the time bwrap is SUID binary
+blacklist /usr/bin/bwrap
+\ No newline at end of file
author	netblue30 <netblue30@yahoo.com>	2018-06-20 18:23:54 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-06-20 18:23:54 -0400
commit	a6acf8761b02272c56014477bfceba3dfe2fff84 (patch)
tree	e4fbbdb031e19099afa01c7ca54ef8a99726f645 /etc
parent	wireshark.profile: allow lua for scripting (diff)
download	firejail-a6acf8761b02272c56014477bfceba3dfe2fff84.tar.gz firejail-a6acf8761b02272c56014477bfceba3dfe2fff84.tar.zst firejail-a6acf8761b02272c56014477bfceba3dfe2fff84.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 71d4ad97b..56121809a 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -383,3 +383,12 @@ blacklist /vmlinuz*
383		383
384	# complement noexec ${HOME} and noexec /tmp	384	# complement noexec ${HOME} and noexec /tmp
385	noexec /tmp/.X11-unix	385	noexec /tmp/.X11-unix
		386
		387	# flatpak
		388	blacklist ${HOME}/*.config/flatpak
		389	blacklist ${HOME}/*.var
		390	blacklist ${HOME}/*.local/share/flatpak
		391	blacklist /var/lib/flatpak
		392	blacklist /usr/share/flatpak
		393	# most of the time bwrap is SUID binary
		394	blacklist /usr/bin/bwrap \ No newline at end of file