diff options
author | Tad <tad@spotco.us> | 2018-11-05 18:32:22 -0500 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-11-05 18:38:16 -0500 |
commit | 1a03225b4407f1cf88410573c8fc67031de511c1 (patch) | |
tree | 2009560b8baf536c96a6f36087a6c490a9bc8b04 /etc | |
parent | Merge pull request #2246 from glitsj16/dig (diff) | |
download | firejail-1a03225b4407f1cf88410573c8fc67031de511c1.tar.gz firejail-1a03225b4407f1cf88410573c8fc67031de511c1.tar.zst firejail-1a03225b4407f1cf88410573c8fc67031de511c1.zip |
Add new config option to disable U2F in browsers, enabled by default
Diffstat (limited to 'etc')
-rw-r--r-- | etc/chromium-common.profile | 2 | ||||
-rw-r--r-- | etc/firefox-common.profile | 2 | ||||
-rw-r--r-- | etc/firejail.config | 3 |
3 files changed, 5 insertions, 2 deletions
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index e7062c5b8..13ed13058 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -27,7 +27,7 @@ nodbus | |||
27 | nodvd | 27 | nodvd |
28 | nogroups | 28 | nogroups |
29 | notv | 29 | notv |
30 | nou2f | 30 | ?BROWSER_DISABLE_U2F: nou2f |
31 | shell none | 31 | shell none |
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 31b071fe1..722a398cb 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -37,7 +37,7 @@ nogroups | |||
37 | nonewprivs | 37 | nonewprivs |
38 | noroot | 38 | noroot |
39 | notv | 39 | notv |
40 | nou2f | 40 | ?BROWSER_DISABLE_U2F: nou2f |
41 | protocol unix,inet,inet6,netlink | 41 | protocol unix,inet,inet6,netlink |
42 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 42 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
43 | shell none | 43 | shell none |
diff --git a/etc/firejail.config b/etc/firejail.config index d7106e76c..00f2c1b5d 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -5,6 +5,9 @@ | |||
5 | # Enable AppArmor functionality, default enabled. | 5 | # Enable AppArmor functionality, default enabled. |
6 | # apparmor yes | 6 | # apparmor yes |
7 | 7 | ||
8 | # Disable U2F in browsers, default enabled. | ||
9 | # browser-disable-u2f yes | ||
10 | |||
8 | # Number of ARP probes sent when assigning an IP address for --net option, | 11 | # Number of ARP probes sent when assigning an IP address for --net option, |
9 | # default 2. This is a partial implementation of RFC 5227. A 0.5 seconds | 12 | # default 2. This is a partial implementation of RFC 5227. A 0.5 seconds |
10 | # timeout is implemented for each probe. Increase this number to 4 if your | 13 | # timeout is implemented for each probe. Increase this number to 4 if your |