diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-04-12 12:02:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-12 12:02:05 +0100 |
commit | f423a449d5b2ee571556201d3038f82a44bdc87d (patch) | |
tree | bbacd312b67dea47a2bb80fe810fbe5157ed21e5 /etc/firejail-default | |
parent | fix --join (diff) | |
download | firejail-f423a449d5b2ee571556201d3038f82a44bdc87d.tar.gz firejail-f423a449d5b2ee571556201d3038f82a44bdc87d.tar.zst firejail-f423a449d5b2ee571556201d3038f82a44bdc87d.zip |
AppArmor: disable MAC related capabilities
We probably don't want to control MAC or audit from firejail
Diffstat (limited to 'etc/firejail-default')
-rw-r--r-- | etc/firejail-default | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index ad3fdd718..2e48439f5 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -165,10 +165,10 @@ capability sys_time, | |||
165 | capability sys_tty_config, | 165 | capability sys_tty_config, |
166 | capability mknod, | 166 | capability mknod, |
167 | capability lease, | 167 | capability lease, |
168 | capability audit_write, | 168 | #capability audit_write, |
169 | capability audit_control, | 169 | #capability audit_control, |
170 | capability setfcap, | 170 | capability setfcap, |
171 | capability mac_override, | 171 | #capability mac_override, |
172 | #capability mac_admin, | 172 | #capability mac_admin, |
173 | 173 | ||
174 | ########## | 174 | ########## |