diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-04 09:15:42 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-04 09:15:42 -0400 |
commit | 25fa6746617e034e13e8d14cf7e2a0e7661d37ed (patch) | |
tree | cbcfe1e8992813dc635b2caec9289ae1954bdd10 | |
parent | apparmor (diff) | |
download | firejail-25fa6746617e034e13e8d14cf7e2a0e7661d37ed.tar.gz firejail-25fa6746617e034e13e8d14cf7e2a0e7661d37ed.tar.zst firejail-25fa6746617e034e13e8d14cf7e2a0e7661d37ed.zip |
apparmor fixes for Arch Linux
-rw-r--r-- | Makefile.in | 3 | ||||
-rw-r--r-- | etc/firejail-default | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/Makefile.in b/Makefile.in index 4d7526826..978cbf92d 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -86,7 +86,8 @@ realinstall: | |||
86 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 86 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
87 | rm -fr .etc | 87 | rm -fr .etc |
88 | # install apparmor profile | 88 | # install apparmor profile |
89 | sh -c "if [ -d /etc/apparmor.d ]; then install -c -m 0644 etc/firejail-default /etc/apparmor.d/firejail-default; fi;" | 89 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" |
90 | install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/. | ||
90 | # man pages | 91 | # man pages |
91 | install -m 0755 -d $(DESTDIR)/$(mandir)/man1 | 92 | install -m 0755 -d $(DESTDIR)/$(mandir)/man1 |
92 | install -m 0755 -d $(DESTDIR)/$(mandir)/man5 | 93 | install -m 0755 -d $(DESTDIR)/$(mandir)/man5 |
diff --git a/etc/firejail-default b/etc/firejail-default index cf4524648..8abf2400b 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -28,6 +28,8 @@ profile firejail-default { | |||
28 | /{,var/}run/** r, | 28 | /{,var/}run/** r, |
29 | /{,var/}run/user/**/dconf/ rw, | 29 | /{,var/}run/user/**/dconf/ rw, |
30 | /{,var/}run/user/**/dconf/user rw, | 30 | /{,var/}run/user/**/dconf/user rw, |
31 | /{,var/}run/user/**/pulse/ rw, | ||
32 | /{,var/}run/user/**/pulse/** rw, | ||
31 | /{,var/}run/firejail/mnt/fslogger r, | 33 | /{,var/}run/firejail/mnt/fslogger r, |
32 | /{run,dev}/shm/ r, | 34 | /{run,dev}/shm/ r, |
33 | /{run,dev}/shm/** rmwk, | 35 | /{run,dev}/shm/** rmwk, |
@@ -51,6 +53,9 @@ profile firejail-default { | |||
51 | /proc/@{PID}/task/@{PID}/stat r, | 53 | /proc/@{PID}/task/@{PID}/stat r, |
52 | /proc/sys/kernel/pid_max r, | 54 | /proc/sys/kernel/pid_max r, |
53 | /proc/sys/kernel/shmmax r, | 55 | /proc/sys/kernel/shmmax r, |
56 | /proc/sys/vm/overcommit_memory r, | ||
57 | /proc/sys/vm/overcommit_ratio r, | ||
58 | |||
54 | /sys/ r, | 59 | /sys/ r, |
55 | /sys/bus/ r, | 60 | /sys/bus/ r, |
56 | /sys/bus/** r, | 61 | /sys/bus/** r, |