mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
improve x11 isolation
taken from tracker.profile
This commit is contained in:
SYN-cook
GitHub
parent
e76037947d
commit
605453cb75
1 changed files with 2 additions and 4 deletions
|
|
@ -23,10 +23,8 @@ protocol unix
|
|||
# Baloo makes ioprio_set system calls, which are blacklisted by default.
|
||||
# That's why we need to disable seccomp
|
||||
#seccomp
|
||||
# The Baloo file daemon can be isolated from X11. If there is an X11
|
||||
# abstract Unix socket, it must be disabled first by passing "-nolisten local"
|
||||
# to the X server. See the Firejail manual for further instructions
|
||||
#x11 none
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
private-dev
|
||||
private-tmp
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue