From ff097d8113d9c0caf27ad3c86ebf54823c9151dc Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 12 Mar 2016 11:16:34 -0500
Subject: added firejail.config

---
 Makefile.in         |  1 +
 configure           |  4 ++--
 configure.ac        |  4 ++--
 etc/firejail.config | 30 ++++++++++++++++++++++++++++++
 4 files changed, 35 insertions(+), 4 deletions(-)
 create mode 100644 etc/firejail.config

diff --git a/Makefile.in b/Makefile.in
index e60fde529..1a22700e8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -147,6 +147,7 @@ realinstall:
 	install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
+	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	rm -fr .etc
 	# man pages
 	rm -f firejail.1.gz
diff --git a/configure b/configure
index 258417e3c..937ab8445 100755
--- a/configure
+++ b/configure
@@ -1322,7 +1322,7 @@ Optional Features:
   --enable-network=restricted
                           restrict --net= to root only
   --disable-userns        disable user namespace
-  --disable-x11           disable X11 support
+  --disable-x11           disable X11 sandboxing support
   --disable-file-transfer disable file transfer
   --enable-fatal-warnings -W -Wall -Werror
 
@@ -4821,7 +4821,7 @@ echo "   chroot: $HAVE_CHROOT"
 echo "   bind: $HAVE_BIND"
 echo "   network: $HAVE_NETWORK"
 echo "   user namespace: $HAVE_USERNS"
-echo "   X11 support: $HAVE_X11"
+echo "   X11 sandboxing support: $HAVE_X11"
 echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo
diff --git a/configure.ac b/configure.ac
index 71e3eb410..c59f5a28b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -56,7 +56,7 @@ AS_IF([test "x$enable_userns" != "xno"], [
 
 HAVE_X11=""
 AC_ARG_ENABLE([x11],
-    AS_HELP_STRING([--disable-x11], [disable X11 support]))
+    AS_HELP_STRING([--disable-x11], [disable X11 sandboxing support]))
 AS_IF([test "x$enable_x11" != "xno"], [
 	HAVE_X11="-DHAVE_X11"
 	AC_SUBST(HAVE_X11)
@@ -102,7 +102,7 @@ echo "   chroot: $HAVE_CHROOT"
 echo "   bind: $HAVE_BIND"
 echo "   network: $HAVE_NETWORK"
 echo "   user namespace: $HAVE_USERNS"
-echo "   X11 support: $HAVE_X11"
+echo "   X11 sandboxing support: $HAVE_X11"
 echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo
diff --git a/etc/firejail.config b/etc/firejail.config
new file mode 100644
index 000000000..19525c942
--- /dev/null
+++ b/etc/firejail.config
@@ -0,0 +1,30 @@
+# This is Firejail system-wide configuration file, see firejail-config(5) for
+# more information. The file contains keyword-argument pairs, one per line.
+# Most features are enabled by default. Use 'yes' or 'no' as configuration
+# values.
+
+# Enable or disable seccomp support, default enabled.
+# seccomp yes
+
+# Enable or disable chroot support, default enabled.
+# chroot yes
+
+# Enable or disable bind support, default enabled.
+# bind yes
+
+# Enable or disable networking features, default enabled.
+# network yes
+
+# Enable or disable restricted network support, default disabled. If enabled,
+# networking features (network yes) above should also be enabled.
+# restricted-network no
+
+# Enable or disable user namespace support, default enabled.
+# userns yes
+
+# Enable or disable X11 sandboxing support, default enabled.
+# x11 yes
+
+# Enable or disable file transfer support, default enabled.
+# file-transfer yes
+
-- 
cgit v1.2.3-54-g00ecf