diff options
author | smitsohu <smitsohu@gmail.com> | 2021-10-21 00:17:51 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-10-21 00:32:03 +0200 |
commit | 92679041124ae39ff6ed03c4bd96e7ef5f4cc487 (patch) | |
tree | d7195506c4847cae5782a6772a3c03dc86714242 /etc/apparmor/firejail-base | |
parent | Merge pull request #4585 from smitsohu/euid (diff) | |
download | firejail-92679041124ae39ff6ed03c4bd96e7ef5f4cc487.tar.gz firejail-92679041124ae39ff6ed03c4bd96e7ef5f4cc487.tar.zst firejail-92679041124ae39ff6ed03c4bd96e7ef5f4cc487.zip |
add basic Firejail support to AppArmor base abstraction (#3226)
Diffstat (limited to 'etc/apparmor/firejail-base')
-rw-r--r-- | etc/apparmor/firejail-base | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-base b/etc/apparmor/firejail-base new file mode 100644 index 000000000..41e4ac2bf --- /dev/null +++ b/etc/apparmor/firejail-base | |||
@@ -0,0 +1,26 @@ | |||
1 | ######################################### | ||
2 | # Firejail base abstraction drop-in | ||
3 | ######################################### | ||
4 | |||
5 | # Adds basic Firejail support to AppArmor profiles. | ||
6 | # Please note: Firejail's nonewprivs and seccomp options | ||
7 | # are not compatible with AppArmor profile transitions. | ||
8 | |||
9 | # Discovery of process names | ||
10 | owner /{,run/firejail/mnt/oroot/}proc/@{pid}/comm r, | ||
11 | |||
12 | ########## | ||
13 | # Following paths only exist inside a Firejail sandbox | ||
14 | ########## | ||
15 | |||
16 | # Library preloading | ||
17 | /{,run/firejail/mnt/oroot/}{,var/}run/firejail/lib/*.so mr, | ||
18 | |||
19 | # Supporting seccomp | ||
20 | owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/seccomp/seccomp.postexec r, | ||
21 | |||
22 | # Supporting trace | ||
23 | owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/trace w, | ||
24 | |||
25 | # Supporting tracelog | ||
26 | /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/fslogger r, | ||