From 1a03225b4407f1cf88410573c8fc67031de511c1 Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 5 Nov 2018 18:32:22 -0500 Subject: Add new config option to disable U2F in browsers, enabled by default --- etc/chromium-common.profile | 2 +- etc/firefox-common.profile | 2 +- etc/firejail.config | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index e7062c5b8..13ed13058 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile @@ -27,7 +27,7 @@ nodbus nodvd nogroups notv -nou2f +?BROWSER_DISABLE_U2F: nou2f shell none disable-mnt diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 31b071fe1..722a398cb 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile @@ -37,7 +37,7 @@ nogroups nonewprivs noroot notv -nou2f +?BROWSER_DISABLE_U2F: nou2f protocol unix,inet,inet6,netlink seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice shell none diff --git a/etc/firejail.config b/etc/firejail.config index d7106e76c..00f2c1b5d 100644 --- a/etc/firejail.config +++ b/etc/firejail.config @@ -5,6 +5,9 @@ # Enable AppArmor functionality, default enabled. # apparmor yes +# Disable U2F in browsers, default enabled. +# browser-disable-u2f yes + # Number of ARP probes sent when assigning an IP address for --net option, # default 2. This is a partial implementation of RFC 5227. A 0.5 seconds # timeout is implemented for each probe. Increase this number to 4 if your -- cgit v1.2.3-54-g00ecf