diff options
Diffstat (limited to 'etc/Xephyr.profile')
-rw-r--r-- | etc/Xephyr.profile | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index d9b7f8c26..230a88472 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
@@ -7,16 +7,13 @@ include globals.local | |||
7 | 7 | ||
8 | # | 8 | # |
9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. | 9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. |
10 | # To enable it, create a firejail-Xephyr symlink in /usr/local/bin: | 10 | # To enable it, create a firejail-Xephyr symlink in /usr/local/bin: |
11 | # | 11 | # |
12 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr | 12 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr |
13 | # | 13 | # |
14 | # or run "sudo firecfg" | 14 | # or run "sudo firecfg" |
15 | # | 15 | # |
16 | 16 | ||
17 | |||
18 | blacklist /media | ||
19 | |||
20 | whitelist /var/lib/xkb | 17 | whitelist /var/lib/xkb |
21 | include whitelist-common.inc | 18 | include whitelist-common.inc |
22 | 19 | ||
@@ -34,10 +31,11 @@ protocol unix | |||
34 | seccomp | 31 | seccomp |
35 | shell none | 32 | shell none |
36 | 33 | ||
34 | disable-mnt | ||
37 | # using a private home directory | 35 | # using a private home directory |
38 | private | 36 | private |
39 | # private-bin Xephyr,sh,xkbcomp | 37 | # private-bin Xephyr,sh,xkbcomp |
40 | # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls | 38 | # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls |
41 | private-dev | 39 | private-dev |
42 | # private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 40 | # private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
43 | private-tmp | 41 | #private-tmp |