diff options
-rw-r--r-- | etc/inc/whitelist-common.inc | 1 | ||||
-rw-r--r-- | src/firejail/fs.c | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc index 1d3728521..fedfb2bc2 100644 --- a/etc/inc/whitelist-common.inc +++ b/etc/inc/whitelist-common.inc | |||
@@ -23,6 +23,7 @@ read-only ${HOME}/.local/share/applications | |||
23 | whitelist ${HOME}/.local/share/icons | 23 | whitelist ${HOME}/.local/share/icons |
24 | whitelist ${HOME}/.local/share/mime | 24 | whitelist ${HOME}/.local/share/mime |
25 | whitelist ${HOME}/.mime.types | 25 | whitelist ${HOME}/.mime.types |
26 | whitelist ${HOME}/.sndio/cookie | ||
26 | whitelist ${HOME}/.uim.d | 27 | whitelist ${HOME}/.uim.d |
27 | 28 | ||
28 | # dconf | 29 | # dconf |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6c32c849d..0e26eb505 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -1277,6 +1277,9 @@ void fs_private_tmp(void) { | |||
1277 | // read-only x11 directory | 1277 | // read-only x11 directory |
1278 | profile_add("read-only /tmp/.X11-unix"); | 1278 | profile_add("read-only /tmp/.X11-unix"); |
1279 | 1279 | ||
1280 | // whitelist sndio directory | ||
1281 | profile_add("whitelist /tmp/sndio"); | ||
1282 | |||
1280 | // whitelist any pulse* file in /tmp directory | 1283 | // whitelist any pulse* file in /tmp directory |
1281 | // some distros use PulseAudio sockets under /tmp instead of the socket in /urn/user | 1284 | // some distros use PulseAudio sockets under /tmp instead of the socket in /urn/user |
1282 | DIR *dir; | 1285 | DIR *dir; |