DESCRIPTION
/etc/firejail/firejail.config is the system-wide configuration file for Firejail. It allows the system administrator to enable or disable a number of features and Linux kernel security technologies used by Firejail sandbox. The file contains keyword-argument pairs, one per line. Use 'yes' or 'no' as configuration values.Note that some of these features can also be enabled or disabled at compile time. Most features are enabled by default both at compile time and at run time.
- bind
- Enable or disable bind support, default enabled.
- chroot
- Enable or disable chroot support, default enabled.
- file-transfer
- Enable or disable file transfer support, default enabled.
- network
- Enable or disable networking features, default enabled.
- restricted-network
- Enable or disable restricted network support, default disabled. If enabled, networking features should also be enabled (network yes). Restricted networking grants access to --interface, --net=ethXXX and --netfilter only to root user. Regular users are only allowed --net=none.
- secomp
- Enable or disable seccomp support, default enabled.
- userns
- Enable or disable user namespace support, default enabled.
- x11
- Enable or disable X11 sandboxing support, default enabled.
- force-nonewprivs
- Force use of nonewprivs. This mitigates the possibility of a user abusing firejail's features to trick a privileged (suid or file capabilities) process into loading code or configuration that is partially under their control. Default disabled.
- xephyr-screen
- Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for a full list of resolutions available on your specific setup. Examples:
xephyr-screen 640x480
xephyr-screen 800x600
xephyr-screen 1024x768
xephyr-screen 1280x1024 - Enable or disable bind support, default enabled.
FILES
/etc/firejail/firejail.config
LICENSE
Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.Homepage: http://firejail.wordpress.com