-
Notifications
You must be signed in to change notification settings - Fork 578
Creating overrides
Use an override if you would like to modify a profile. Modifying a profile file (.profile) in /etc/firejail is discouraged. Changes will be overwritten when you update Firejail. This does not apply to .local files.
You may want to use parameters instead if your change is temporary.
firejail --net=none --x11=xephyr vlc
Create ~/.config/firejail if it does not exist. If you would like to add a globally available override, place the file in /etc/firejail instead.
The override file has to be named appropriately. If you want to create an override for firefox.profile, the override file has to be firefox.local.
Use globals.local to affect every profile.
net none
whitelist ~/MyPictures
noblacklist ~/MyPictures
whitelist /mydisk/videos
noblacklist /mydisk/videos
whitelist /srv/myimportant.file
noblacklist /srv/myimportant.file
IMPORTANT: Do NOT use whitelist for non-whitelisting profiles. It will break the profile.
If a profile or any of its includes do not contain any whitelist ${HOME}/… or include whitelist-common.inc statements, it is not a whitelisting profile and will break.
This happens because whitelist statements affecting /home will make everything in /home inaccessible except the whitelisted paths.
nowhitelist ~/MyPictures
blacklist ~/MyPictures
nowhitelist /mydisk/videos
blacklist /mydisk/videos
nowhitelist /srv/myimportant.file
blacklist /srv/myimportant.file
If the profile does not contain include whitelist-common.inc, the file or directory will still be visible but not accessible.
ignore nou2f
ignore net