diff options
-rw-r--r-- | etc/firejail.config | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 410bd0ccb..589109c64 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -70,6 +70,13 @@ | |||
70 | # Enable or disable sandbox name change, default enabled. | 70 | # Enable or disable sandbox name change, default enabled. |
71 | # name-change yes | 71 | # name-change yes |
72 | 72 | ||
73 | # Change default netfilter configuration. When using --netfilter option without | ||
74 | # a file argument, the default filter is hardcoded (see man 1 firejail). This | ||
75 | # configuration entry allows the user to change the default by specifying | ||
76 | # a file containing the filter configuration. The filter file format is the | ||
77 | # format of iptables-save and iptable-restore commands. Example: | ||
78 | # netfilter-default /etc/iptables.iptables.rules | ||
79 | |||
73 | # Enable or disable networking features, default enabled. | 80 | # Enable or disable networking features, default enabled. |
74 | # network yes | 81 | # network yes |
75 | 82 | ||
@@ -79,12 +86,12 @@ | |||
79 | # Remove /usr/local directories from private-bin list, default disabled. | 86 | # Remove /usr/local directories from private-bin list, default disabled. |
80 | # private-bin-no-local no | 87 | # private-bin-no-local no |
81 | 88 | ||
82 | # Enable or disable private-home feature, default enabled | ||
83 | # private-home yes | ||
84 | |||
85 | # Enable or disable private-cache feature, default enabled | 89 | # Enable or disable private-cache feature, default enabled |
86 | # private-cache yes | 90 | # private-cache yes |
87 | 91 | ||
92 | # Enable or disable private-home feature, default enabled | ||
93 | # private-home yes | ||
94 | |||
88 | # Enable or disable private-lib feature, default enabled | 95 | # Enable or disable private-lib feature, default enabled |
89 | # private-lib yes | 96 | # private-lib yes |
90 | 97 | ||
@@ -97,16 +104,12 @@ | |||
97 | # --netfilter only to root user. Regular users are only allowed --net=none. | 104 | # --netfilter only to root user. Regular users are only allowed --net=none. |
98 | # restricted-network no | 105 | # restricted-network no |
99 | 106 | ||
100 | # Change default netfilter configuration. When using --netfilter option without | ||
101 | # a file argument, the default filter is hardcoded (see man 1 firejail). This | ||
102 | # configuration entry allows the user to change the default by specifying | ||
103 | # a file containing the filter configuration. The filter file format is the | ||
104 | # format of iptables-save and iptable-restore commands. Example: | ||
105 | # netfilter-default /etc/iptables.iptables.rules | ||
106 | |||
107 | # Enable or disable seccomp support, default enabled. | 107 | # Enable or disable seccomp support, default enabled. |
108 | # seccomp yes | 108 | # seccomp yes |
109 | 109 | ||
110 | # Seccomp error action, kill or errno (EPERM, ENOSYS etc) | ||
111 | # seccomp-error-action EPERM | ||
112 | |||
110 | # Enable or disable user namespace support, default enabled. | 113 | # Enable or disable user namespace support, default enabled. |
111 | # userns yes | 114 | # userns yes |
112 | 115 | ||
@@ -116,6 +119,10 @@ | |||
116 | # Enable or disable X11 sandboxing support, default enabled. | 119 | # Enable or disable X11 sandboxing support, default enabled. |
117 | # x11 yes | 120 | # x11 yes |
118 | 121 | ||
122 | # Xephyr command extra parameters. None by default; these are examples. | ||
123 | # xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev | ||
124 | # xephyr-extra-params -grayscale | ||
125 | |||
119 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for | 126 | # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for |
120 | # a full list of resolutions available on your specific setup. | 127 | # a full list of resolutions available on your specific setup. |
121 | # xephyr-screen 640x480 | 128 | # xephyr-screen 640x480 |
@@ -126,17 +133,13 @@ | |||
126 | # Firejail window title in Xephyr, default enabled. | 133 | # Firejail window title in Xephyr, default enabled. |
127 | # xephyr-window-title yes | 134 | # xephyr-window-title yes |
128 | 135 | ||
129 | # Xephyr command extra parameters. None by default; these are examples. | ||
130 | # xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev | ||
131 | # xephyr-extra-params -grayscale | ||
132 | |||
133 | # Xpra server command extra parameters. None by default; this is an example. | ||
134 | # xpra-extra-params --dpi 96 | ||
135 | |||
136 | # Enable this option if you have a version of Xpra that supports --attach switch | 136 | # Enable this option if you have a version of Xpra that supports --attach switch |
137 | # for start command, default disabled. | 137 | # for start command, default disabled. |
138 | # xpra-attach no | 138 | # xpra-attach no |
139 | 139 | ||
140 | # Xpra server command extra parameters. None by default; this is an example. | ||
141 | # xpra-extra-params --dpi 96 | ||
142 | |||
140 | # Screen size for --x11=xvfb, default 800x600x24. The third dimension is | 143 | # Screen size for --x11=xvfb, default 800x600x24. The third dimension is |
141 | # color depth; use 24 unless you know exactly what you're doing. | 144 | # color depth; use 24 unless you know exactly what you're doing. |
142 | # xvfb-screen 640x480x24 | 145 | # xvfb-screen 640x480x24 |
@@ -146,6 +149,3 @@ | |||
146 | 149 | ||
147 | # Xvfb command extra parameters. None by default; this is an example. | 150 | # Xvfb command extra parameters. None by default; this is an example. |
148 | # xvfb-extra-params -pixdepths 8 24 32 | 151 | # xvfb-extra-params -pixdepths 8 24 32 |
149 | |||
150 | # Seccomp error action, kill or errno (EPERM, ENOSYS etc) | ||
151 | # seccomp-error-action EPERM | ||