Recommend doing overrides in local apparmor dir

author: glitsj16 <glitsj16@users.noreply.github.com> 2021-03-30 21:33:31 +0000
committer: GitHub <noreply@github.com> 2021-03-30 21:33:31 +0000
commit: 0991b70e737366bdc5c08caf7c984e842e811dc6 (patch)
tree: b6960debafddc819c19fa8e3be25307e20ca156f /etc/apparmor/firejail-default
parent: Fixes (man: allow rustup; Books -> gnome-books) (diff)
download: firejail-0991b70e737366bdc5c08caf7c984e842e811dc6.tar.gz
firejail-0991b70e737366bdc5c08caf7c984e842e811dc6.tar.zst
firejail-0991b70e737366bdc5c08caf7c984e842e811dc6.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index 80d527e41..ca32f5b0d 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -84,7 +84,8 @@ owner /proc/@{PID}/clear_refs w,
 ##########
 # Allow running programs only from well-known system directories. If you need
-# to run programs from your home directory, uncomment /home line.
+# to run programs from your home directory, add "/{,run/firejail/mnt/oroot/}home/** ix,"
+# or similar to /etc/apparmor.d/local/firejail-default (without the quotes).
 ##########
 /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}bin/** ix,
 /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}sbin/** ix,
author	glitsj16 <glitsj16@users.noreply.github.com>	2021-03-30 21:33:31 +0000
committer	GitHub <noreply@github.com>	2021-03-30 21:33:31 +0000
commit	0991b70e737366bdc5c08caf7c984e842e811dc6 (patch)
tree	b6960debafddc819c19fa8e3be25307e20ca156f /etc/apparmor/firejail-default
parent	Fixes (man: allow rustup; Books -> gnome-books) (diff)
download	firejail-0991b70e737366bdc5c08caf7c984e842e811dc6.tar.gz firejail-0991b70e737366bdc5c08caf7c984e842e811dc6.tar.zst firejail-0991b70e737366bdc5c08caf7c984e842e811dc6.zip

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index 80d527e41..ca32f5b0d 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default
@@ -84,7 +84,8 @@ owner /proc/@{PID}/clear_refs w,
84		84
85	##########	85	##########
86	# Allow running programs only from well-known system directories. If you need	86	# Allow running programs only from well-known system directories. If you need
87	# to run programs from your home directory, uncomment /home line.	87	# to run programs from your home directory, add "/{,run/firejail/mnt/oroot/}home/** ix,"
		88	# or similar to /etc/apparmor.d/local/firejail-default (without the quotes).
88	##########	89	##########
89	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}bin/** ix,	90	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}bin/** ix,
90	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}sbin/** ix,	91	/{,run/firejail/mnt/oroot/}{,usr/,usr/local/}sbin/** ix,