diff options
author | netblue30 <netblue30@yahoo.com> | 2017-05-05 17:57:53 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-05-05 17:57:53 -0400 |
commit | e965ee09600f3f6e4fa4ba2b21e3fe96ad686341 (patch) | |
tree | e90ec85fedf210c3a7be9cacd03c3b66e7a76a03 /etc | |
parent | LXDE/LXQT integration (diff) | |
parent | harden baloo_file (diff) | |
download | firejail-e965ee09600f3f6e4fa4ba2b21e3fe96ad686341.tar.gz firejail-e965ee09600f3f6e4fa4ba2b21e3fe96ad686341.tar.zst firejail-e965ee09600f3f6e4fa4ba2b21e3fe96ad686341.zip |
Merge pull request #1266 from SYN-cook/patch-2
harden baloo_file
Diffstat (limited to 'etc')
-rw-r--r-- | etc/baloo_file.profile | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index bf0e924d8..d306a1b45 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -28,9 +28,11 @@ x11 xorg | |||
28 | private-dev | 28 | private-dev |
29 | private-tmp | 29 | private-tmp |
30 | 30 | ||
31 | # Make home directory read-only and allow writing only to Baloo's database. | 31 | noexec ${HOME} |
32 | # Note: Baloo will not be able to update the first run key in its configuration files. | 32 | noexec /tmp |
33 | # Older versions will issue a warning message. | 33 | |
34 | # Make home directory read-only and allow writing only to ~/.local/share | ||
35 | # Note: Baloo will not be able to update the "first run" key in its configuration files. | ||
34 | #read-only ${HOME} | 36 | #read-only ${HOME} |
35 | #read-write ${HOME}/.local/share/baloo | 37 | #read-write ${HOME}/.local/share |
36 | #read-write ${HOME}/.local/share/akonadi/search_db | 38 | #noexec ${HOME}/.local/share |