diff options
author | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 14:59:30 +0200 |
---|---|---|
committer | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2016-05-25 15:01:13 +0200 |
commit | 1c0428dba28299b66380c8c05770d6619383d758 (patch) | |
tree | 9930a2e13d8b9b7c51228af50db9337b31e456a2 /etc | |
parent | Document nonewprivs (diff) | |
download | firejail-1c0428dba28299b66380c8c05770d6619383d758.tar.gz firejail-1c0428dba28299b66380c8c05770d6619383d758.tar.zst firejail-1c0428dba28299b66380c8c05770d6619383d758.zip |
Add force-nonewprivs setting
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firejail.config | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 41cd08e68..caaeb6792 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -30,6 +30,12 @@ | |||
30 | # Enable or disable X11 sandboxing support, default enabled. | 30 | # Enable or disable X11 sandboxing support, default enabled. |
31 | # x11 yes | 31 | # x11 yes |
32 | 32 | ||
33 | # Force use of nonewprivs. This mitigates the possibility of | ||
34 | # a user abusing firejail's features to trick a privileged (suid | ||
35 | # or file capabilities) process into loading code or configuration | ||
36 | # that is partially under their control. Default disabled | ||
37 | # force-nonewprivs no | ||
38 | |||
33 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for | 39 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for |
34 | # a full list of resolutions available on your specific setup. | 40 | # a full list of resolutions available on your specific setup. |
35 | # xephyr-screen 640x480 | 41 | # xephyr-screen 640x480 |