diff options
author | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-07-11 19:35:19 -0400 |
---|---|---|
committer | ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> | 2018-07-11 19:35:19 -0400 |
commit | 6108f459e375151e95bedf7090eb9b84169479e8 (patch) | |
tree | c1da54ce10ec15bbc876f1c469b6ccc9bac8d054 | |
parent | Add warning that nodbus + blacklist of python3 breaks Gnome connector (see #2... (diff) | |
download | firejail-6108f459e375151e95bedf7090eb9b84169479e8.tar.gz firejail-6108f459e375151e95bedf7090eb9b84169479e8.tar.zst firejail-6108f459e375151e95bedf7090eb9b84169479e8.zip |
Blacklist all .snapshots directories in AppArmor profile
-rw-r--r-- | etc/firejail-default | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 8bf42b3a3..28103a598 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -83,6 +83,9 @@ deny /proc/@{PID}/oom_score_adj w, | |||
83 | # Uncomment to silence all denied write warnings | 83 | # Uncomment to silence all denied write warnings |
84 | #deny /sys/** w, | 84 | #deny /sys/** w, |
85 | 85 | ||
86 | # Blacklist snapshots | ||
87 | deny /**/.snapshots/ rwx, | ||
88 | |||
86 | ########## | 89 | ########## |
87 | # Allow running programs only from well-known system directories. If you need | 90 | # Allow running programs only from well-known system directories. If you need |
88 | # to run programs from your home directory, uncomment /home line. | 91 | # to run programs from your home directory, uncomment /home line. |