diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-07-04 12:22:46 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-04 12:22:46 +0000 |
commit | dfaf7a7660689c055ba45a935e42b1b548669c57 (patch) | |
tree | 436de175b3ec235fe5e497a9e5ec8fe55b5dae9a /etc/apparmor | |
parent | Fix seccomp error action (diff) | |
download | firejail-dfaf7a7660689c055ba45a935e42b1b548669c57.tar.gz firejail-dfaf7a7660689c055ba45a935e42b1b548669c57.tar.zst firejail-dfaf7a7660689c055ba45a935e42b1b548669c57.zip |
clarify writing to /var/mail and /var/spool/mail in apparmor (#3487)
* clarify writing to /var/mail and /var/spool/mail in apparmor
Thunderbird seems to be our only mail client profile that enables the `apparmor` option. Users need this when they follow instructions on how to allow reading local mail.
* fix mail clients rule in firejail-default
Diffstat (limited to 'etc/apparmor')
-rw-r--r-- | etc/apparmor/firejail-default | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index fc6690752..04a38f0ce 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
@@ -49,6 +49,10 @@ owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/trace w, | |||
49 | owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/** w, | 49 | owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/** w, |
50 | owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w, | 50 | owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w, |
51 | 51 | ||
52 | # Allow writing to /var/mail and /var/spool/mail (for mail clients) | ||
53 | # Uncomment to enable | ||
54 | #owner /var/{mail,spool/mail}/** w, | ||
55 | |||
52 | # Allow writing to removable media | 56 | # Allow writing to removable media |
53 | owner /{,var/}run/media/** w, | 57 | owner /{,var/}run/media/** w, |
54 | 58 | ||