add noexec folders (tmp/.X11-unix and .config/pulse)

author: SYN-cook <syncookongit@gmail.com> 2017-05-11 01:49:20 +0200
committer: GitHub <noreply@github.com> 2017-05-11 01:49:20 +0200
commit: 2314c1155d7d2cbae59885054b95c62f28f7842e (patch)
tree: 37c8f33a2c965c2c270a58aaf0c043f86a5a139a /etc
parent: 32bit platform fixes (diff)
download: firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.tar.gz
firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.tar.zst
firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 1c1b298a9..7ed99799d 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -190,11 +190,9 @@ read-only ${HOME}/.npm-packages
 #read-only  ${HOME}/.local
 #read-write ${HOME}/.local/share
 #noexec     ${HOME}/.local/share
-read-only  ${HOME}/.local/share/applications
+read-only ${HOME}/.local/share/applications
 blacklist ${HOME}/.local/share/Trash
 # top secret
 blacklist ${HOME}/.ecryptfs
 blacklist ${HOME}/.Private
@@ -296,3 +294,7 @@ blacklist ${PATH}/urxvtcd
 # kernel files
 blacklist /vmlinuz*
 blacklist /initrd*
+# completing noexec ${HOME} and noexec /tmp
+noexec ${HOME}/.config/pulse
+noexec /tmp/.X11-unix
author	SYN-cook <syncookongit@gmail.com>	2017-05-11 01:49:20 +0200
committer	GitHub <noreply@github.com>	2017-05-11 01:49:20 +0200
commit	2314c1155d7d2cbae59885054b95c62f28f7842e (patch)
tree	37c8f33a2c965c2c270a58aaf0c043f86a5a139a /etc
parent	32bit platform fixes (diff)
download	firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.tar.gz firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.tar.zst firejail-2314c1155d7d2cbae59885054b95c62f28f7842e.zip