diff options
Diffstat (limited to 'etc/baloo_file.profile')
| -rw-r--r-- | etc/baloo_file.profile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 9c2909b0f..2809089e6 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
| @@ -18,10 +18,12 @@ include /etc/firejail/disable-passwdmgr.inc | |||
| 18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | nodvd | ||
| 21 | nogroups | 22 | nogroups |
| 22 | nonewprivs | 23 | nonewprivs |
| 23 | noroot | 24 | noroot |
| 24 | nosound | 25 | nosound |
| 26 | notv | ||
| 25 | novideo | 27 | novideo |
| 26 | protocol unix | 28 | protocol unix |
| 27 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 29 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
| @@ -36,6 +38,6 @@ noexec /tmp | |||
| 36 | 38 | ||
| 37 | # Make home directory read-only and allow writing only to ~/.local/share | 39 | # Make home directory read-only and allow writing only to ~/.local/share |
| 38 | # Note: Baloo will not be able to update the "first run" key in its configuration files. | 40 | # Note: Baloo will not be able to update the "first run" key in its configuration files. |
| 39 | # noexec ${HOME}/.local/share | ||
| 40 | # read-only ${HOME} | 41 | # read-only ${HOME} |
| 41 | # read-write ${HOME}/.local/share | 42 | # read-write ${HOME}/.local/share |
| 43 | # noexec ${HOME}/.local/share | ||