diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-02-08 22:07:12 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-08 22:07:12 +0000 |
commit | ae853bb559cb657c9664a73e1dfed5a89942d80b (patch) | |
tree | ebdb7e8eed1ddcee07b65bb05e473e0781d30587 | |
parent | Apparmor: fix various denials (diff) | |
download | firejail-ae853bb559cb657c9664a73e1dfed5a89942d80b.tar.gz firejail-ae853bb559cb657c9664a73e1dfed5a89942d80b.tar.zst firejail-ae853bb559cb657c9664a73e1dfed5a89942d80b.zip |
Apparmor: Be more restrictive for chromium needs
-rw-r--r-- | etc/firejail-default | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 5ebdccc00..859f8683a 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -104,16 +104,16 @@ owner /run/firejail/mnt/oroot/{run,dev}/shm/** rmwk, | |||
104 | /proc/@{PID}/mem r, | 104 | /proc/@{PID}/mem r, |
105 | /proc/@{PID}/mounts r, | 105 | /proc/@{PID}/mounts r, |
106 | /proc/@{PID}/mountinfo r, | 106 | /proc/@{PID}/mountinfo r, |
107 | owner /proc/@{PID}/oom_adj w, | 107 | deny /proc/@{PID}/oom_adj w, |
108 | /proc/@{PID}/oom_score_adj r, | 108 | /proc/@{PID}/oom_score_adj r, |
109 | owner /proc/@{PID}/oom_score_adj w, | 109 | deny /proc/@{PID}/oom_score_adj w, |
110 | /proc/@{PID}/auxv r, | 110 | /proc/@{PID}/auxv r, |
111 | /proc/@{PID}/net/dev r, | 111 | /proc/@{PID}/net/dev r, |
112 | /proc/@{PID}/loginuid r, | 112 | /proc/@{PID}/loginuid r, |
113 | /proc/@{PID}/environ r, | 113 | /proc/@{PID}/environ r, |
114 | 114 | ||
115 | # Needed for chromium | 115 | # Needed by chromium crash handler. Uncomment if you need it. |
116 | ptrace (trace tracedby), | 116 | #ptrace (trace tracedby), |
117 | 117 | ||
118 | ########## | 118 | ########## |
119 | # Allow running programs only from well-known system directories. If you need | 119 | # Allow running programs only from well-known system directories. If you need |