1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Author: Reiner Herrmann <reiner@reiner-h.de>
Description: change global default settings
- restrict networking feature; new network namespace can be used to
circumvent packet filter of default namespace (see #916920).
- disable cgroup by default; can be used to move processes into
less restricted cgroups.
Bug-Debian: https://bugs.debian.org/916920
Forwarded: not-needed
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -22,7 +22,7 @@
# browser-disable-u2f yes
# Enable or disable cgroup support, default enabled.
-# cgroup yes
+cgroup no
# Enable or disable chroot support, default enabled.
# chroot yes
@@ -102,7 +102,7 @@
# networking features should also be enabled (network yes).
# Restricted networking grants access to --interface, --net=ethXXX and
# --netfilter only to root user. Regular users are only allowed --net=none.
-# restricted-network no
+restricted-network yes
# Enable or disable seccomp support, default enabled.
# seccomp yes
|
