diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-03-15 09:31:20 +0100 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-03-15 09:31:20 +0100 |
commit | bd04804306028e82fd190a29c9e926e57acbcd94 (patch) | |
tree | c005bde36b88cae771dfd9f4a921315280fa04a3 /etc | |
parent | allow ro access to .local/share/flatpak/exports (diff) | |
download | firejail-bd04804306028e82fd190a29c9e926e57acbcd94.tar.gz firejail-bd04804306028e82fd190a29c9e926e57acbcd94.tar.zst firejail-bd04804306028e82fd190a29c9e926e57acbcd94.zip |
Update file.profile
* fix private-lib, closes #3233
* make private-etc and private-lib opt-in
see https://github.com/netblue30/firejail/issues/3233#issuecomment-589871765
disable-devel.inc: remove duplicated line
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-devel.inc | 1 | ||||
-rw-r--r-- | etc/file.profile | 4 |
2 files changed, 2 insertions, 3 deletions
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 59df9fb0f..e1ba13380 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -26,7 +26,6 @@ blacklist ${PATH}/*-gcc* | |||
26 | blacklist ${PATH}/*-g++* | 26 | blacklist ${PATH}/*-g++* |
27 | blacklist ${PATH}/*-gcc* | 27 | blacklist ${PATH}/*-gcc* |
28 | blacklist ${PATH}/*-g++* | 28 | blacklist ${PATH}/*-g++* |
29 | blacklist /usr/include | ||
30 | # seems to create problems on Gentoo | 29 | # seems to create problems on Gentoo |
31 | #blacklist /usr/lib/gcc | 30 | #blacklist /usr/lib/gcc |
32 | 31 | ||
diff --git a/etc/file.profile b/etc/file.profile index 9b21818f8..82b161d48 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -38,8 +38,8 @@ x11 none | |||
38 | #private-bin bzip2,file,gzip,lrzip,lz4,lzip,xz,zstd | 38 | #private-bin bzip2,file,gzip,lrzip,lz4,lzip,xz,zstd |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,localtime,magic,magic.mgc | 41 | #private-etc alternatives,localtime,magic,magic.mgc |
42 | private-lib file,libarchive.so.*,libfakeroot,libmagic.so.* | 42 | #private-lib file,libarchive.so.*,libfakeroot,libmagic.so.*,libseccomp.so.* |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | read-only ${HOME} | 45 | read-only ${HOME} |