Firejail: For --private-tmp expose /tmp/.X11-unix as read-only

Created on 22 Nov 2018 · 3Comments · Source: netblue30/firejail

Currently in case of private-tmp option we mount an empty /tmp with whitelisted /tmp/.X11-unix. Additionally we may expose it as read-only. The read-only mount flag does not prevent using connect() syscall on the socket.

Source

Vincent43

Most helpful comment

I think it should be built into --private-tmp directly to avoid cluttering profiles.

Vincent43 on 10 Dec 2018

👍3

@Vincent43 Is the easiest way to do this to build it in to --private-tmp or to just add it to the profiles directly?

chiraag-nataraj on 9 Dec 2018

I think it should be built into --private-tmp directly to avoid cluttering profiles.

Vincent43 on 10 Dec 2018

👍3

Going to close this as this should now be implemented.

chiraag-nataraj on 20 May 2019

Was this page helpful?

0 / 5 - 0 ratings

private-lib doesn't work with Palemoon & Firefox

Fincer · 4Comments

Desktop integration does not work with Google Play Music desktop player profile

semente · 4Comments

Firefox 59.0b1, pulseaudio

yourcelf · 4Comments

Option to disable warnings/errors in production environments

nuxwin · 3Comments

Error clone: main.c:2517 main: Invalid argument

fl-chris · 4Comments