diff options
-rw-r--r-- | etc/firejail-default | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 5e1f2975c..5aacaec97 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -23,7 +23,7 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
23 | # enough to run "top" or "ps aux". | 23 | # enough to run "top" or "ps aux". |
24 | ########## | 24 | ########## |
25 | / r, | 25 | / r, |
26 | /{usr,bin,dev,etc,home,lib,media,mnt,opt,srv,tmp,var}** mrwlk, | 26 | /{usr,bin,sbin,dev,etc,home,root,lib,media,mnt,opt,srv,tmp,var}** mrwlk, |
27 | /{,var/}run/ r, | 27 | /{,var/}run/ r, |
28 | /{,var/}run/** r, | 28 | /{,var/}run/** r, |
29 | /{,var/}run/user/**/dconf/ rw, | 29 | /{,var/}run/user/**/dconf/ rw, |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 83ac12d86..20f2b7f8c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2262,8 +2262,13 @@ programs and scripts from user home or other directories writable by the user is | |||
2262 | .br | 2262 | .br |
2263 | 2263 | ||
2264 | .br | 2264 | .br |
2265 | - Allow access to files only in the following standard directories: /bin, /dev, /etc, /home, /lib*, /media, /mnt, /opt, | ||
2266 | /proc, /root, /run, /sbin, /srv, /sys, /tmp, /usr, and /var | ||
2267 | .br | ||
2268 | |||
2269 | .br | ||
2265 | - Disable D-Bus. D-Bus has long been a huge security hole, and most programs don't use it anyway. | 2270 | - Disable D-Bus. D-Bus has long been a huge security hole, and most programs don't use it anyway. |
2266 | You should have no problems running Chromium or Firefox. | 2271 | You should have no problems running Chromium or Firefox. This feature is available only on Ubuntu kernels. |
2267 | 2272 | ||
2268 | .TP | 2273 | .TP |
2269 | To enable AppArmor confinement on top of your current Firejail security features, pass \fB\-\-apparmor\fR flag to Firejail command line. You can also include \fBapparmor\fR command in a Firejail profile file. Example: | 2274 | To enable AppArmor confinement on top of your current Firejail security features, pass \fB\-\-apparmor\fR flag to Firejail command line. You can also include \fBapparmor\fR command in a Firejail profile file. Example: |