diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-06-03 18:13:50 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-06-03 18:14:57 +0200 |
commit | 151312bc24a56b3c5104af0378096c3b54725c97 (patch) | |
tree | ae92ceedd6bcf79878373edf2f3f5ff7a1bf64b3 /etc | |
parent | kodi.profile: Add note for CEC Adapters (diff) | |
download | firejail-151312bc24a56b3c5104af0378096c3b54725c97.tar.gz firejail-151312bc24a56b3c5104af0378096c3b54725c97.tar.zst firejail-151312bc24a56b3c5104af0378096c3b54725c97.zip |
Update profile.template
The header of profile.template define this order:
IGNORES
NOBLACKLISTS
ALLOW INCLUDES
BLACKLISTS
DISABLE INCLUDES
Diffstat (limited to 'etc')
-rw-r--r-- | etc/templates/profile.template | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index fcc7fe949..61e9c9fd8 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -59,14 +59,6 @@ include globals.local | |||
59 | ##ignore noexec ${HOME} | 59 | ##ignore noexec ${HOME} |
60 | ##ignore noexec /tmp | 60 | ##ignore noexec /tmp |
61 | 61 | ||
62 | ##blacklist PATH | ||
63 | # Disable X11 (CLI only), see also 'x11 none' below | ||
64 | #blacklist /tmp/.X11-unix | ||
65 | # Disable Wayland | ||
66 | #blacklist ${RUNUSER}/wayland-* | ||
67 | # Disable RUNUSER (cli only; supersedes Disable Wayland) | ||
68 | #blacklist ${RUNUSER} | ||
69 | |||
70 | # It is common practice to add files/dirs containing program-specific configuration | 62 | # It is common practice to add files/dirs containing program-specific configuration |
71 | # (often ${HOME}/PROGRAMNAME or ${HOME}/.config/PROGRAMNAME) into disable-programs.inc | 63 | # (often ${HOME}/PROGRAMNAME or ${HOME}/.config/PROGRAMNAME) into disable-programs.inc |
72 | # (keep list sorted) and then disable blacklisting below. | 64 | # (keep list sorted) and then disable blacklisting below. |
@@ -109,6 +101,17 @@ include globals.local | |||
109 | # Allow ssh (blacklisted by disable-common.inc) | 101 | # Allow ssh (blacklisted by disable-common.inc) |
110 | #include allow-ssh.inc | 102 | #include allow-ssh.inc |
111 | 103 | ||
104 | ##blacklist PATH | ||
105 | # Disable X11 (CLI only), see also 'x11 none' below | ||
106 | #blacklist /tmp/.X11-unix | ||
107 | # Disable Wayland | ||
108 | #blacklist ${RUNUSER}/wayland-* | ||
109 | # Disable RUNUSER (cli only; supersedes Disable Wayland) | ||
110 | #blacklist ${RUNUSER} | ||
111 | # Remove the next blacklist if you system has no /usr/libexec dir, | ||
112 | # otherwise try to add it. | ||
113 | #blacklist /usr/libexec | ||
114 | |||
112 | # disable-*.inc includes | 115 | # disable-*.inc includes |
113 | # remove disable-write-mnt.inc if you set disable-mnt | 116 | # remove disable-write-mnt.inc if you set disable-mnt |
114 | #include disable-common.inc | 117 | #include disable-common.inc |