diff options
author | Antonio Russo <antonio.e.russo@gmail.com> | 2017-10-03 10:34:08 -0400 |
---|---|---|
committer | Antonio Russo <antonio.e.russo@gmail.com> | 2017-10-03 10:34:08 -0400 |
commit | 14862197711e32aef6768f0c31b7ae071c5ae4e6 (patch) | |
tree | 7a51ef87b9a943306ddfe940192e41d36259d9ff | |
parent | potential fix for mutt/gnupg issue #1585 (diff) | |
download | firejail-14862197711e32aef6768f0c31b7ae071c5ae4e6.tar.gz firejail-14862197711e32aef6768f0c31b7ae071c5ae4e6.tar.zst firejail-14862197711e32aef6768f0c31b7ae071c5ae4e6.zip |
Enumerate root directories in apparmor profile
Replace opaque character class with an explicit list of
root-level directories to be granted access.
-rw-r--r-- | etc/firejail-default | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 07579454f..5e1f2975c 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -23,7 +23,7 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
23 | # enough to run "top" or "ps aux". | 23 | # enough to run "top" or "ps aux". |
24 | ########## | 24 | ########## |
25 | / r, | 25 | / r, |
26 | /[^proc,^sys]** mrwlk, | 26 | /{usr,bin,dev,etc,home,lib,media,mnt,opt,srv,tmp,var}** mrwlk, |
27 | /{,var/}run/ r, | 27 | /{,var/}run/ r, |
28 | /{,var/}run/** r, | 28 | /{,var/}run/** r, |
29 | /{,var/}run/user/**/dconf/ rw, | 29 | /{,var/}run/user/**/dconf/ rw, |