diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2020-07-04 12:22:46 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-07-04 12:22:46 +0000 |
| commit | dfaf7a7660689c055ba45a935e42b1b548669c57 (patch) | |
| tree | 436de175b3ec235fe5e497a9e5ec8fe55b5dae9a /etc/apparmor | |
| parent | Fix seccomp error action (diff) | |
| download | firejail-dfaf7a7660689c055ba45a935e42b1b548669c57.tar.gz firejail-dfaf7a7660689c055ba45a935e42b1b548669c57.tar.zst firejail-dfaf7a7660689c055ba45a935e42b1b548669c57.zip | |
clarify writing to /var/mail and /var/spool/mail in apparmor (#3487)
* clarify writing to /var/mail and /var/spool/mail in apparmor
Thunderbird seems to be our only mail client profile that enables the `apparmor` option. Users need this when they follow instructions on how to allow reading local mail.
* fix mail clients rule in firejail-default
Diffstat (limited to 'etc/apparmor')
| -rw-r--r-- | etc/apparmor/firejail-default | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index fc6690752..04a38f0ce 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
| @@ -49,6 +49,10 @@ owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/trace w, | |||
| 49 | owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/** w, | 49 | owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/** w, |
| 50 | owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w, | 50 | owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w, |
| 51 | 51 | ||
| 52 | # Allow writing to /var/mail and /var/spool/mail (for mail clients) | ||
| 53 | # Uncomment to enable | ||
| 54 | #owner /var/{mail,spool/mail}/** w, | ||
| 55 | |||
| 52 | # Allow writing to removable media | 56 | # Allow writing to removable media |
| 53 | owner /{,var/}run/media/** w, | 57 | owner /{,var/}run/media/** w, |
| 54 | 58 | ||