diff options
| author |  Reiner Herrmann <reiner@reiner-h.de> | 2022-01-19 22:44:39 +0100 |
|---|---|---|
| committer | Reiner Herrmann <reiner@reiner-h.de> | 2022-01-19 22:44:39 +0100 |
| commit | 730a84e6233a58b32a3efafb70d1210068826857 (patch) | |
| tree | c4920bf86056d04f840fdcc4221a873cb5ed8110 | |
| parent | steam.profile: allow /etc/vulkan (#4862) (diff) | |
| download | firejail-ssh_shutdown.tar.gz firejail-ssh_shutdown.tar.zst firejail-ssh_shutdown.zip | |
profiles: enable deterministic shutdown for sshssh_shutdown
ssh can start in master mode, which will spawn an additional long
running process, which keeps connections to a server open, so that
it can be reused by later connection attempts.
But the lingering master process will prevent the jail from shutting
down, when `firejail ssh` tries to exit.
This breaks for example ansible when using a firejailed ssh, as it
calls ssh with ControlMaster flags.
deterministic-shutdown will kill the other process when the parent
exits.
| -rw-r--r-- | etc/profile-m-z/ssh.profile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 9295013e7..4da0db517 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
| @@ -50,4 +50,5 @@ writable-run-user | |||
| 50 | dbus-user none | 50 | dbus-user none |
| 51 | dbus-system none | 51 | dbus-system none |
| 52 | 52 | ||
| 53 | deterministic-shutdown | ||
| 53 | memory-deny-write-execute | 54 | memory-deny-write-execute |