Update README.md
This commit is contained in:
@@ -75,6 +75,7 @@ Note: a similar effect could be achived via crontab by making an entry along the
|
||||
Simply put when a program is ran through an application launcher the .desktop file is what is what is being read from and executed in the background
|
||||
|
||||
They are typically located within ~/.local/share/applications
|
||||
|
||||
An example of a program which I want to deny network access to due to its persistent and bothersome connections is Lutris
|
||||
|
||||
Before modification it's Exec value will likely look something like
|
||||
@@ -87,7 +88,8 @@ This may be achieved by changing the line like so:
|
||||
Exec=/usr/bin/sg no-internet /usr/bin/lutris
|
||||
```
|
||||
Note: your binaries may be located in a different place type "which [program_name]" to find their path
|
||||
|
||||
Now any time lutris is launched from my desktop it will be ran through the "no-internet" group
|
||||
|
||||
### Limitations
|
||||
As iptables operates at layer 3 programs ran through this sandboxed group will still be able to reach devices within the same broadcast domain
|
||||
As iptables operates at layer 3 programs ran through this sandboxed group will still be able to reach devices within the same broadcast domain
|
||||
|
||||
Reference in New Issue
Block a user