aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2017-05-12 11:12:17 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2017-05-12 11:12:17 -0400
commitc62e7c77986f232e3bf6d6e765d013f302f736a3 (patch)
tree5c2f9ffba41a9225089958b25e79450f780f1559 /etc
parentcompile fixes on 32bit platforms (diff)
downloadfirejail-c62e7c77986f232e3bf6d6e765d013f302f736a3.tar.gz
firejail-c62e7c77986f232e3bf6d6e765d013f302f736a3.tar.zst
firejail-c62e7c77986f232e3bf6d6e765d013f302f736a3.zip
automatic X server sandboxing for --x11=xpra and --x11=xephyr
Diffstat (limited to 'etc')
-rw-r--r--etc/Xephyr.profile6
-rw-r--r--etc/Xvfb.profile2
-rw-r--r--etc/xpra.profile8
3 files changed, 6 insertions, 10 deletions
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile
index 362318bb1..d3349f7f7 100644
--- a/etc/Xephyr.profile
+++ b/etc/Xephyr.profile
@@ -4,13 +4,11 @@ include /etc/firejail/Xephyr.local
4 4
5# 5#
6# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. 6# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr.
7# The target program is sandboxed with its own profile. By default the this functionality 7# To enable it, create a firejail-Xephyr symlink in /usr/local/bin:
8# is disabled. To enable it, create a firejail-Xephyr symlink in /usr/local/bin:
9# 8#
10# $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr 9# $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr
11# 10#
12# We have this functionality disabled by default because it creates problems on 11# or run "sudo firecfg"
13# some Linux distributions.
14# 12#
15 13
16 14
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 9c919f432..0cf9b7e1c 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -10,7 +10,7 @@ include /etc/firejail/xvfb.local
10# $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xvfb 10# $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xvfb
11# 11#
12# We have this functionality disabled by default because it creates problems on 12# We have this functionality disabled by default because it creates problems on
13# some Linux distributions. 13# some Linux distributions. Also, older versions of Xpra use Xvfb.
14# 14#
15 15
16 16
diff --git a/etc/xpra.profile b/etc/xpra.profile
index f4f28f9de..11bfec7eb 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -5,14 +5,11 @@ include /etc/firejail/xpra.local
5 5
6# 6#
7# This profile will sandbox Xpra server itself when used with firejail --x11=xpra. 7# This profile will sandbox Xpra server itself when used with firejail --x11=xpra.
8# The target program is sandboxed with its own profile. By default the this functionality 8# To enable it, create a firejail-xpra symlink in /usr/local/bin:
9# is disabled. To enable it, create a firejail-xpra symlink in /usr/local/bin:
10# 9#
11# $ sudo ln -s /usr/bin/firejail /usr/local/bin/xpra 10# $ sudo ln -s /usr/bin/firejail /usr/local/bin/xpra
12# 11#
13# We have this functionality disabled by default because it creates problems on 12# or run "sudo firecfg"
14# some Linux distributions.
15#
16 13
17# private home directory doesn't work on some distros, so we go for a regular home 14# private home directory doesn't work on some distros, so we go for a regular home
18#private 15#private
@@ -36,6 +33,7 @@ protocol unix
36 33
37private-dev 34private-dev
38private-tmp 35private-tmp
36# older Xpra versions also use Xvfb
39#private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls 37#private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls
40#private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 38#private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11
41 39
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 15:12:54 +0000