diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-05-25 09:47:35 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-05-25 09:47:35 -0400 |
| commit | 8ddba33900df5cc7e816dde2f2b4c453f37b32e6 (patch) | |
| tree | 4e947965d0eebf221d2ed6ed699cfdaaabeb4f14 /etc | |
| parent | Merge pull request #534 from ValdikSS/extra-profiles (diff) | |
| parent | Add force-nonewprivs setting (diff) | |
| download | firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.tar.gz firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.tar.zst firejail-8ddba33900df5cc7e816dde2f2b4c453f37b32e6.zip | |
Merge pull request #536 from KellerFuchs/no_new_privs
Enable using the NO_NEW_PRIVS prctl(2) flag
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/firejail.config | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 41cd08e68..caaeb6792 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
| @@ -30,6 +30,12 @@ | |||
| 30 | # Enable or disable X11 sandboxing support, default enabled. | 30 | # Enable or disable X11 sandboxing support, default enabled. |
| 31 | # x11 yes | 31 | # x11 yes |
| 32 | 32 | ||
| 33 | # Force use of nonewprivs. This mitigates the possibility of | ||
| 34 | # a user abusing firejail's features to trick a privileged (suid | ||
| 35 | # or file capabilities) process into loading code or configuration | ||
| 36 | # that is partially under their control. Default disabled | ||
| 37 | # force-nonewprivs no | ||
| 38 | |||
| 33 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for | 39 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for |
| 34 | # a full list of resolutions available on your specific setup. | 40 | # a full list of resolutions available on your specific setup. |
| 35 | # xephyr-screen 640x480 | 41 | # xephyr-screen 640x480 |