Restrict DBus
rusty-snake edited this page Aug 4, 2021
·
1 revision
Firejail can restrict the D-Bus access to only allow access to whitelisted names. See the manual pages for more details. This table shows evaluations of certain names.
Legend
β οΈ : You do not get what you expect- π‘οΈ : Access to sensitive things (e.g. passwords, keyring, ...)
- π₯ : Can be used to escape the sandbox (in theory)
- β : Potentially unwanted things, but no sandbox escape is possible
- βοΈ : Everything is fine, there is no risk
| name | flags | notes | capabilities | Policy |
|---|---|---|---|---|
ca.desrt.dconf |
π‘οΈ π₯ | Write to the dconf database. | All profiles using dconf, no others. | |
org.freedesktop.Notifications |
This is βοΈ for GNOME >= 3.36.1 | |||
org.freedesktop.ScreenSaver |
β | Can be used to unlock a locked screen. | (Un-)Lock your screen. Inhibit ScreenLocking. GetSessionIdle | Only Video-Player |
org.freedesktop.login1 |
β | |||
org.freedesktop.secrets |
π‘οΈ | Opt-In, with exceptions (e.g. seahorse). | ||
org.gnome.OnlineAccounts |
π‘οΈ | |||
org.gnome.Mutter.DisplayConfig |
||||
org.gnome.Mutter.IdleMonitor |
||||
org.gnome.Mutter.RemoteDesktop |
||||
org.gnome.Mutter.ScreenCast |
||||
org.gnome.Panel |
||||
org.gnome.ScreenSaver |
||||
org.gnome.SessionManager |
β | |||
org.gnome.SettingsDaemon.Color |
βοΈ | NightMode (Screen temperature) interaction. | ||
org.gnome.SettingsDaemon.MediaKeys |
βοΈ | Handle media-keys | ||
org.gnome.SettingsDaemon.ScreensaverProxy |
β | |||
org.gnome.Shell |
π₯ | |||
org.gnome.Shell.CalendarServer |
βοΈ | |||
org.gnome.Shell.Extensions |
π₯ | (un)install/update/enable/disable gnome-shell extensions | ||
org.gnome.Shell.Notifications |
βοΈ | Show native notifications | ||
org.gnome.Shell.Screencast |
||||
org.gnome.Shell.Screenshot |
||||
org.gnome.keyring |
π‘οΈ | |||
org.gnome.keyring.PrivatePrompter |
βοΈ | |||
org.gnome.keyring.SystemPrompter |