Skip to content

Commit

Permalink
firejail.config: add warning about allow-tray
Browse files Browse the repository at this point in the history 
According to netblue30#4053, `dbus-user.talk org.kde.StatusNotifierWatcher` is
unsafe and allows escaping the sandbox, but it is required by multiple
programs for tray functionality.  Users may not be aware of this (for
example, see netblue30#4508), so add a warning about it.

Note: allow-tray was added on commit c86cae2 ("Add new condition
ALLOW_TRAY", 2021-09-04) / PR netblue30#4510.
  • Loading branch information
@kmk3
kmk3 committed Feb 15, 2022
1 parent 6f266db commit 3fb276d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion etc/firejail.config
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
# keyword-argument pairs, one per line. Most features are enabled by default.
# Use 'yes' or 'no' as configuration values.

# Allow programs to display a tray icon
# Allow programs to display a tray icon (WARNING: allows escaping the sandbox;
# see https://github.com/netblue30/firejail/discussions/4053)
# allow-tray no

# Enable AppArmor functionality, default enabled.
Expand Down

0 comments on commit 3fb276d

Please sign in to comment.