Restrict DBus

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 06:06:02 -06:00

Firejail can restrict the D-Bus access to only allow access to whitelisted names. See the manual pages for more details. This table shows evaluations of certain names.

Legend

⚠️ : You do not get what you expect
🛡️ : Access to sensitive things (e.g. passwords, keyring, ...)
💥 : Can be used to escape the sandbox (in theory)
❗ : Potentially unwanted things, but no sandbox escape is possible
✔️ : Everything is fine, there is no risk

name	flags	notes	capabilities	Policy
`ca.desrt.dconf`	🛡️ 💥		Write to the dconf database.	All profiles using dconf, no others.
`org.freedesktop.Notifications`	⚠️ 💥 ❗	This is ✔️ for GNOME >= 3.36.1
`org.freedesktop.ScreenSaver`	❗	Can be used to unlock a locked screen.	(Un-)Lock your screen. Inhibit ScreenLocking. GetSessionIdle	Only Video-Player
`org.freedesktop.login1`	❗
`org.freedesktop.secrets`	🛡️			Opt-In, with exceptions (e.g. seahorse).
`org.gnome.OnlineAccounts`	🛡️
`org.gnome.Mutter.DisplayConfig`	⚠️ 💥 ❗
`org.gnome.Mutter.IdleMonitor`	⚠️ 💥 ❗
`org.gnome.Mutter.RemoteDesktop`	⚠️ 💥 ❗
`org.gnome.Mutter.ScreenCast`	⚠️ 💥 ❗
`org.gnome.Panel`	⚠️ 💥 ❗
`org.gnome.ScreenSaver`	⚠️ 💥 ❗
`org.gnome.SessionManager`	❗
`org.gnome.SettingsDaemon.Color`	✔️		NightMode (Screen temperature) interaction.
`org.gnome.SettingsDaemon.MediaKeys`	✔️		Handle media-keys
`org.gnome.SettingsDaemon.ScreensaverProxy`	❗
`org.gnome.Shell`	💥
`org.gnome.Shell.CalendarServer`	✔️
`org.gnome.Shell.Extensions`	💥		(un)install/update/enable/disable gnome-shell extensions
`org.gnome.Shell.Notifications`	✔️		Show native notifications
`org.gnome.Shell.Screencast`	⚠️ 💥 ❗
`org.gnome.Shell.Screenshot`	⚠️ 💥 ❗
`org.gnome.keyring`	🛡️
`org.gnome.keyring.PrivatePrompter`	✔️
`org.gnome.keyring.SystemPrompter`	⚠️ 💥 ❗

Home
firejail for users
firejail for contributors
Firejail Universe
Comparison of firejail and systemd hardening options