diff options
Diffstat (limited to 'etc/Xephyr.profile')
| -rw-r--r-- | etc/Xephyr.profile | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index bce6dc6e6..5ef75022b 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
| @@ -7,16 +7,13 @@ include globals.local | |||
| 7 | 7 | ||
| 8 | # | 8 | # |
| 9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. | 9 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. |
| 10 | # To enable it, create a firejail-Xephyr symlink in /usr/local/bin: | 10 | # To enable it, create a firejail-Xephyr symlink in /usr/local/bin: |
| 11 | # | 11 | # |
| 12 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr | 12 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr |
| 13 | # | 13 | # |
| 14 | # or run "sudo firecfg" | 14 | # or run "sudo firecfg" |
| 15 | # | 15 | # |
| 16 | 16 | ||
| 17 | |||
| 18 | blacklist /media | ||
| 19 | |||
| 20 | whitelist /var/lib/xkb | 17 | whitelist /var/lib/xkb |
| 21 | include whitelist-common.inc | 18 | include whitelist-common.inc |
| 22 | 19 | ||
| @@ -34,10 +31,11 @@ protocol unix | |||
| 34 | seccomp | 31 | seccomp |
| 35 | shell none | 32 | shell none |
| 36 | 33 | ||
| 34 | disable-mnt | ||
| 37 | # using a private home directory | 35 | # using a private home directory |
| 38 | private | 36 | private |
| 39 | # private-bin Xephyr,sh,xkbcomp | 37 | # private-bin sh,Xephyr,xkbcomp |
| 40 | # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls | 38 | # private-bin bash,cat,ls,sh,strace,Xephyr,xkbcomp |
| 41 | private-dev | 39 | private-dev |
| 42 | # private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 40 | # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf |
| 43 | #private-tmp | 41 | #private-tmp |