aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2018-11-04 19:22:15 +0100
committerLibravatar smitsohu <smitsohu@gmail.com>2018-11-04 19:22:15 +0100
commitd69e0cf1b35cac9185081bd6d95d82024868ae76 (patch)
tree4927745c1ae749b9b544137c7306a7457c2cecf3 /etc
parentrecursive remounts: add fallback for old kernels, some improvements (diff)
downloadfirejail-d69e0cf1b35cac9185081bd6d95d82024868ae76.tar.gz
firejail-d69e0cf1b35cac9185081bd6d95d82024868ae76.tar.zst
firejail-d69e0cf1b35cac9185081bd6d95d82024868ae76.zip
profile fixes for recursive read-write mounts
read-write and read-only are applied in sequence, don't override read-only restrictions in ~/.local/share issue #2200
Diffstat (limited to 'etc')
-rw-r--r--etc/baloo_file.profile10
-rw-r--r--etc/disable-common.inc10
2 files changed, 10 insertions, 10 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 307a16f9c..e094945b7 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -5,6 +5,11 @@ include baloo_file.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8# Make home directory read-only and allow writing only to ${HOME}/.local/share
9# Note: Baloo will not be able to update the "first run" key in its configuration files.
10# read-only ${HOME}
11# read-write ${HOME}/.local/share
12
8noblacklist ${HOME}/.config/baloofilerc 13noblacklist ${HOME}/.config/baloofilerc
9noblacklist ${HOME}/.kde/share/config/baloofilerc 14noblacklist ${HOME}/.kde/share/config/baloofilerc
10noblacklist ${HOME}/.kde/share/config/baloorc 15noblacklist ${HOME}/.kde/share/config/baloorc
@@ -42,8 +47,3 @@ private-tmp
42 47
43noexec ${HOME} 48noexec ${HOME}
44noexec /tmp 49noexec /tmp
45
46# Make home directory read-only and allow writing only to ${HOME}/.local/share
47# Note: Baloo will not be able to update the "first run" key in its configuration files.
48# read-only ${HOME}
49# read-write ${HOME}/.local/share
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index b78af7917..d220f381b 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -2,6 +2,11 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-common.local 3include disable-common.local
4 4
5# The following block breaks trash functionality in file managers
6#read-only ${HOME}/.local
7#read-write ${HOME}/.local/share
8blacklist ${HOME}/.local/share/Trash
9
5# History files in $HOME and clipboard managers 10# History files in $HOME and clipboard managers
6blacklist-nolog ${HOME}/.*_history 11blacklist-nolog ${HOME}/.*_history
7blacklist-nolog ${HOME}/.adobe 12blacklist-nolog ${HOME}/.adobe
@@ -263,11 +268,6 @@ read-only ${HOME}/.luarocks
263read-only ${HOME}/.npm-packages 268read-only ${HOME}/.npm-packages
264read-only ${HOME}/bin 269read-only ${HOME}/bin
265 270
266# The following block breaks trash functionality in file managers
267#read-only ${HOME}/.local
268#read-write ${HOME}/.local/share
269blacklist ${HOME}/.local/share/Trash
270
271# Write-protection for desktop entries 271# Write-protection for desktop entries
272read-only ${HOME}/.config/menus 272read-only ${HOME}/.config/menus
273read-only ${HOME}/.local/share/applications 273read-only ${HOME}/.local/share/applications
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 16:42:57 +0000