mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
0060b5105b
That is, make "X11" lowercase so that the order of the includes in the
disable- section remain the same when sorted with `LC_ALL=C`, as is the
case for most of the other sections. That is also likely to be the
default in text editors (such as in vim on Arch), so this should make
the disable- section more consistent and easier to sort when editing the
profile.
Also, keep the old include as a redirect to the new one for now to avoid
breakage.
Commands used to search and replace:
git mv etc/inc/disable-X11.inc etc/inc/disable-x11.inc
git grep -Ilz 'disable-X11' -- etc | xargs -0 \
perl -pi -e 's/disable-X11/disable-x11/'
Relates to #4462 #4854 #6070 #6289.
This is a follow-up to #6286.
62 lines
1.6 KiB
Text
62 lines
1.6 KiB
Text
# This file is overwritten during software install.
|
|
# Persistent customizations should go in a .local file.
|
|
include links-common.local
|
|
|
|
# common profile for links browsers
|
|
|
|
blacklist ${RUNUSER}/wayland-*
|
|
|
|
include disable-common.inc
|
|
include disable-devel.inc
|
|
include disable-exec.inc
|
|
include disable-interpreters.inc
|
|
# Additional noblacklist files/directories (blacklisted in disable-programs.inc)
|
|
# used as associated programs can be added in your links-common.local.
|
|
include disable-programs.inc
|
|
include disable-x11.inc
|
|
include disable-xdg.inc
|
|
|
|
whitelist ${DOWNLOADS}
|
|
include whitelist-runuser-common.inc
|
|
include whitelist-usr-share-common.inc
|
|
include whitelist-var-common.inc
|
|
|
|
caps.drop all
|
|
ipc-namespace
|
|
# Add 'ignore machine-id' to your links-common.local if you want to restrict access to
|
|
# the user-configured associated media player.
|
|
machine-id
|
|
netfilter
|
|
# Add 'ignore no3d' to your links-common.local if you want to restrict access to
|
|
# the user-configured associated media player.
|
|
no3d
|
|
nodvd
|
|
nogroups
|
|
noinput
|
|
nonewprivs
|
|
noroot
|
|
# Add 'ignore nosound' to your links-common.local if you want to restrict access to
|
|
# the user-configured associated media player.
|
|
nosound
|
|
notv
|
|
nou2f
|
|
novideo
|
|
protocol unix,inet,inet6
|
|
seccomp
|
|
tracelog
|
|
|
|
disable-mnt
|
|
# Add 'private-bin PROGRAM1,PROGRAM2' to your links-common.local if you want to use user-configured programs.
|
|
private-bin sh
|
|
private-cache
|
|
private-dev
|
|
private-etc @tls-ca
|
|
# Add the next line to your links-common.local to allow external media players.
|
|
#private-etc alsa,asound.conf,machine-id,openal,pulse
|
|
private-tmp
|
|
|
|
dbus-user none
|
|
dbus-system none
|
|
|
|
memory-deny-write-execute
|
|
restrict-namespaces
|