diff options
author | Азалия Смарагдова <64576901+ChrysoliteAzalea@users.noreply.github.com> | 2022-08-18 01:12:37 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-18 01:12:37 +0000 |
commit | 9109f60151e3775a365204f75b4eb69f9de2ee4f (patch) | |
tree | 9b9e711ea58af50b95c8bbf2facac7c1f54e9476 /etc/apparmor | |
parent | more merges (diff) | |
download | firejail-9109f60151e3775a365204f75b4eb69f9de2ee4f.tar.gz firejail-9109f60151e3775a365204f75b4eb69f9de2ee4f.tar.zst firejail-9109f60151e3775a365204f75b4eb69f9de2ee4f.zip |
Fixed an AppArmor profile denial issue with ptrace and signals (#5317)
Diffstat (limited to 'etc/apparmor')
-rw-r--r-- | etc/apparmor/firejail-default | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index b4e7f642a..3cc771ed7 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
@@ -33,6 +33,7 @@ owner /{,var/}run/firejail/dbus/[0-9]*/[0-9]*-user w, | |||
33 | #ptrace, | 33 | #ptrace, |
34 | # Allow obtaining some process information, but not ptrace(2) | 34 | # Allow obtaining some process information, but not ptrace(2) |
35 | ptrace (read,readby) peer=@{profile_name}, | 35 | ptrace (read,readby) peer=@{profile_name}, |
36 | ptrace (read,readby) peer=@{profile_name}//&unconfined, | ||
36 | 37 | ||
37 | ########## | 38 | ########## |
38 | # Allow read access to whole filesystem and control it from firejail. | 39 | # Allow read access to whole filesystem and control it from firejail. |
@@ -123,6 +124,7 @@ network packet, | |||
123 | ########## | 124 | ########## |
124 | # There is no equivalent in Firejail for filtering signals. | 125 | # There is no equivalent in Firejail for filtering signals. |
125 | ########## | 126 | ########## |
127 | signal (send) peer=@{profile_name}//&unconfined, | ||
126 | signal (send) peer=@{profile_name}, | 128 | signal (send) peer=@{profile_name}, |
127 | signal (receive), | 129 | signal (receive), |
128 | 130 | ||