diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-08-19 17:29:44 +0200 |
---|---|---|
committer | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-08-19 17:29:44 +0200 |
commit | 1e6af96b3975edd20b161f4fefde8e6275de68b3 (patch) | |
tree | 1cdfc6b8e8b317346c4e74ec23c9c19800c1b327 | |
parent | Fix for #2062 (diff) | |
download | firejail-1e6af96b3975edd20b161f4fefde8e6275de68b3.tar.gz firejail-1e6af96b3975edd20b161f4fefde8e6275de68b3.tar.zst firejail-1e6af96b3975edd20b161f4fefde8e6275de68b3.zip |
Revert "apparmor fix: somehow it cannot find the firejail profile to load it"
This reverts commit 949a221a1b92e422e6dcb7ea6089ed5c8d5cc22a.
The 'firejail-default' is the name of 'unnatached' profile not path
to it. Moreover names starting with '/' are changing profile type
back to 'standard' which in this case means we literally create
profile for the profile file itself '/etc/apparmor.d/firejail-default'.
That means firejail would never load this profile to contain any
app thus we have to revert this. For more info, see
https://www.suse.com/documentation/sles-15/singlehtml/book_security/book_security.html#sec.apparmor.profiles.types.unattached
-rw-r--r-- | etc/firejail-default | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 3542d9bc9..09dc896e6 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -10,7 +10,7 @@ | |||
10 | ########## | 10 | ########## |
11 | @{PID}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9]} | 11 | @{PID}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9]} |
12 | 12 | ||
13 | profile /etc/apparmor.d/firejail-default flags=(attach_disconnected,mediate_deleted) { | 13 | profile firejail-default flags=(attach_disconnected,mediate_deleted) { |
14 | 14 | ||
15 | ########## | 15 | ########## |
16 | # Allow D-Bus access. It may negatively affect security. Comment those lines or | 16 | # Allow D-Bus access. It may negatively affect security. Comment those lines or |