Add examples to allow running programs from specific home dir

author: glitsj16 <glitsj16@users.noreply.github.com> 2021-03-30 21:44:00 +0000
committer: GitHub <noreply@github.com> 2021-03-30 21:44:00 +0000
commit: d2c04424dc4af406806c788edcce5cd1f113aa1f (patch)
tree: ee275a268e5330d60893a68f547dd5bd22a7c125 /etc/apparmor
parent: Recommend doing overrides in local apparmor dir (diff)
download: firejail-d2c04424dc4af406806c788edcce5cd1f113aa1f.tar.gz
firejail-d2c04424dc4af406806c788edcce5cd1f113aa1f.tar.zst
firejail-d2c04424dc4af406806c788edcce5cd1f113aa1f.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local
index 893a1ce46..7f2a778ab 100644
--- a/etc/apparmor/firejail-local
+++ b/etc/apparmor/firejail-local
@@ -1,5 +1,12 @@
 # Site-specific additions and overrides for 'firejail-default'.
 # For more details, please see /etc/apparmor.d/local/README.
+# Here are some examples to allow running programs from home directory.
+# Don't enable all of these, just pick a specific one or write a custom rule
+# instead as done below for torbrowser-launcher.
+#owner @HOME/** ix,
+#owner @HOME/bin/** ix
+#owner @HOME/.local/bin/** ix
 # Uncomment to opt-in to apparmor for torbrowser-launcher
 #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix,
author	glitsj16 <glitsj16@users.noreply.github.com>	2021-03-30 21:44:00 +0000
committer	GitHub <noreply@github.com>	2021-03-30 21:44:00 +0000
commit	d2c04424dc4af406806c788edcce5cd1f113aa1f (patch)
tree	ee275a268e5330d60893a68f547dd5bd22a7c125 /etc/apparmor
parent	Recommend doing overrides in local apparmor dir (diff)
download	firejail-d2c04424dc4af406806c788edcce5cd1f113aa1f.tar.gz firejail-d2c04424dc4af406806c788edcce5cd1f113aa1f.tar.zst firejail-d2c04424dc4af406806c788edcce5cd1f113aa1f.zip

diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local index 893a1ce46..7f2a778ab 100644 --- a/etc/apparmor/firejail-local +++ b/etc/apparmor/firejail-local
@@ -1,5 +1,12 @@
1	# Site-specific additions and overrides for 'firejail-default'.	1	# Site-specific additions and overrides for 'firejail-default'.
2	# For more details, please see /etc/apparmor.d/local/README.	2	# For more details, please see /etc/apparmor.d/local/README.
3		3
		4	# Here are some examples to allow running programs from home directory.
		5	# Don't enable all of these, just pick a specific one or write a custom rule
		6	# instead as done below for torbrowser-launcher.
		7	#owner @HOME/** ix,
		8	#owner @HOME/bin/** ix
		9	#owner @HOME/.local/bin/** ix
		10
4	# Uncomment to opt-in to apparmor for torbrowser-launcher	11	# Uncomment to opt-in to apparmor for torbrowser-launcher
5	#owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_/Browser/* ix,	12	#owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_/Browser/* ix,