From e391930dca9ccb4fce225f8364813b6bf127dd9b Mon Sep 17 00:00:00 2001 From: smitsohu Date: Fri, 21 May 2021 23:25:09 +0200 Subject: add firejail.config switch for private-{bin,etc,opt,srv} --- etc/firejail.config | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'etc') diff --git a/etc/firejail.config b/etc/firejail.config index 731e744dd..592d77aff 100644 --- a/etc/firejail.config +++ b/etc/firejail.config @@ -35,11 +35,6 @@ # cannot be overridden by --noblacklist or --ignore. # disable-mnt no -# Set the limit for file copy in several --private-* options. The size is set -# in megabytes. By default we allow up to 500MB. -# Note: the files are copied in RAM. -# file-copy-limit 500 - # Enable or disable file transfer support, default enabled. # file-transfer yes @@ -83,18 +78,35 @@ # Enable or disable overlayfs features, default enabled. # overlayfs yes +# Set the limit for file copy in several --private-* options. The size is set +# in megabytes. By default we allow up to 500MB. +# Note: the files are copied in RAM. +# file-copy-limit 500 + +# Enable or disable private-bin feature, default enabled. +# private-bin yes + # Remove /usr/local directories from private-bin list, default disabled. # private-bin-no-local no # Enable or disable private-cache feature, default enabled # private-cache yes +# Enable or disable private-etc feature, default enabled. +# private-etc yes + # Enable or disable private-home feature, default enabled # private-home yes # Enable or disable private-lib feature, default enabled # private-lib yes +# Enable or disable private-opt feature, default enabled. +# private-opt yes + +# Enable or disable private-srv feature, default enabled. +# private-srv yes + # Enable --quiet as default every time the sandbox is started. Default disabled. # quiet-by-default no -- cgit v1.2.3-70-g09d2