diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-05-21 23:25:09 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-05-22 15:26:57 +0200 |
| commit | e391930dca9ccb4fce225f8364813b6bf127dd9b (patch) | |
| tree | 3a3d3437220a78b30f62ff2ba1f1c3588da4d7aa /etc | |
| parent | Fix #4282 -- Unable to open X display when running firejail chromium command (diff) | |
| download | firejail-e391930dca9ccb4fce225f8364813b6bf127dd9b.tar.gz firejail-e391930dca9ccb4fce225f8364813b6bf127dd9b.tar.zst firejail-e391930dca9ccb4fce225f8364813b6bf127dd9b.zip | |
add firejail.config switch for private-{bin,etc,opt,srv}
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/firejail.config | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 731e744dd..592d77aff 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
| @@ -35,11 +35,6 @@ | |||
| 35 | # cannot be overridden by --noblacklist or --ignore. | 35 | # cannot be overridden by --noblacklist or --ignore. |
| 36 | # disable-mnt no | 36 | # disable-mnt no |
| 37 | 37 | ||
| 38 | # Set the limit for file copy in several --private-* options. The size is set | ||
| 39 | # in megabytes. By default we allow up to 500MB. | ||
| 40 | # Note: the files are copied in RAM. | ||
| 41 | # file-copy-limit 500 | ||
| 42 | |||
| 43 | # Enable or disable file transfer support, default enabled. | 38 | # Enable or disable file transfer support, default enabled. |
| 44 | # file-transfer yes | 39 | # file-transfer yes |
| 45 | 40 | ||
| @@ -83,18 +78,35 @@ | |||
| 83 | # Enable or disable overlayfs features, default enabled. | 78 | # Enable or disable overlayfs features, default enabled. |
| 84 | # overlayfs yes | 79 | # overlayfs yes |
| 85 | 80 | ||
| 81 | # Set the limit for file copy in several --private-* options. The size is set | ||
| 82 | # in megabytes. By default we allow up to 500MB. | ||
| 83 | # Note: the files are copied in RAM. | ||
| 84 | # file-copy-limit 500 | ||
| 85 | |||
| 86 | # Enable or disable private-bin feature, default enabled. | ||
| 87 | # private-bin yes | ||
| 88 | |||
| 86 | # Remove /usr/local directories from private-bin list, default disabled. | 89 | # Remove /usr/local directories from private-bin list, default disabled. |
| 87 | # private-bin-no-local no | 90 | # private-bin-no-local no |
| 88 | 91 | ||
| 89 | # Enable or disable private-cache feature, default enabled | 92 | # Enable or disable private-cache feature, default enabled |
| 90 | # private-cache yes | 93 | # private-cache yes |
| 91 | 94 | ||
| 95 | # Enable or disable private-etc feature, default enabled. | ||
| 96 | # private-etc yes | ||
| 97 | |||
| 92 | # Enable or disable private-home feature, default enabled | 98 | # Enable or disable private-home feature, default enabled |
| 93 | # private-home yes | 99 | # private-home yes |
| 94 | 100 | ||
| 95 | # Enable or disable private-lib feature, default enabled | 101 | # Enable or disable private-lib feature, default enabled |
| 96 | # private-lib yes | 102 | # private-lib yes |
| 97 | 103 | ||
| 104 | # Enable or disable private-opt feature, default enabled. | ||
| 105 | # private-opt yes | ||
| 106 | |||
| 107 | # Enable or disable private-srv feature, default enabled. | ||
| 108 | # private-srv yes | ||
| 109 | |||
| 98 | # Enable --quiet as default every time the sandbox is started. Default disabled. | 110 | # Enable --quiet as default every time the sandbox is started. Default disabled. |
| 99 | # quiet-by-default no | 111 | # quiet-by-default no |
| 100 | 112 | ||