-
Notifications
You must be signed in to change notification settings - Fork 554
Creating overrides
Use an override if you would like to modify a profile. Modifying a profile file (.profile
) in /etc/firejail
is discouraged. Changes will be overwritten when you update Firejail. This does not apply to .local
files.
You may want to use parameters instead if your change is temporary.
firejail --net=none --x11=xephyr vlc
Create ~/.config/firejail
if it does not exist. If you would like to add a globally available override, place the file in /etc/firejail
instead.
The override file has to be named appropriately. If you want to create an override for firefox.profile
, the override file has to be firefox.local
.
Use globals.local
to affect every profile.
net none
whitelist ~/MyPictures
noblacklist ~/MyPictures
whitelist /mydisk/videos
noblacklist /mydisk/videos
whitelist /srv/myimportant.file
noblacklist /srv/myimportant.file
IMPORTANT: Do NOT use whitelist
for non-whitelisting profiles. It will break the profile.
If a profile does not contain include whitelist-common.inc
, it is not a whitelisting profile and will break.
nowhitelist ~/MyPictures
blacklist ~/MyPictures
nowhitelist /mydisk/videos
blacklist /mydisk/videos
nowhitelist /myimportant.file
blacklist /srv/myimportant.file
Depending on the profile, the file or directory will still be visible but not accessible.
ignore nou2f
ignore net