apparmor: disable exec from home by default

Executing from /home was supposed to be disabled by default
author: Vincent43 <31109921+Vincent43@users.noreply.github.com> 2018-08-27 17:29:03 +0100
committer: GitHub <noreply@github.com> 2018-08-27 17:29:03 +0100
commit: 9c6ce24a5000a5813be7d60a0ef9eeb18f121589 (patch)
tree: 3fcaf558e53e5d676381c69bae2e76c0f4b2818f
parent: apparmor: improve rules for filesystem access (diff)
download: firejail-9c6ce24a5000a5813be7d60a0ef9eeb18f121589.tar.gz
firejail-9c6ce24a5000a5813be7d60a0ef9eeb18f121589.tar.zst
firejail-9c6ce24a5000a5813be7d60a0ef9eeb18f121589.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/firejail-default b/etc/firejail-default
index d6aeac75b..e05d09468 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -79,7 +79,7 @@ deny /proc/@{PID}/oom_score_adj w,
 /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}games/** ix,
 /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}lib{,32,64}/** ix,
 /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}opt/** ix,
-/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}home/** ix,
+#/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}home/** ix,
 # Appimage support
 /{,run/firejail/mnt/oroot/}{,var/}run/firejail/appimage/** ix,
author	Vincent43 <31109921+Vincent43@users.noreply.github.com>	2018-08-27 17:29:03 +0100
committer	GitHub <noreply@github.com>	2018-08-27 17:29:03 +0100
commit	9c6ce24a5000a5813be7d60a0ef9eeb18f121589 (patch)
tree	3fcaf558e53e5d676381c69bae2e76c0f4b2818f
parent	apparmor: improve rules for filesystem access (diff)
download	firejail-9c6ce24a5000a5813be7d60a0ef9eeb18f121589.tar.gz firejail-9c6ce24a5000a5813be7d60a0ef9eeb18f121589.tar.zst firejail-9c6ce24a5000a5813be7d60a0ef9eeb18f121589.zip

diff --git a/etc/firejail-default b/etc/firejail-default index d6aeac75b..e05d09468 100644 --- a/etc/firejail-default +++ b/etc/firejail-default
@@ -79,7 +79,7 @@ deny /proc/@{PID}/oom_score_adj w,
79	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}games/** ix,	79	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}games/** ix,
80	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}lib{,32,64}/** ix,	80	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}lib{,32,64}/** ix,
81	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}opt/** ix,	81	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}opt/** ix,
82	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}home/** ix,	82	#/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}home/** ix,
83		83
84	# Appimage support	84	# Appimage support
85	/{,run/firejail/mnt/oroot/}{,var/}run/firejail/appimage/** ix,	85	/{,run/firejail/mnt/oroot/}{,var/}run/firejail/appimage/** ix,