diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-02-19 14:06:55 +0000 |
---|---|---|
committer | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-02-19 15:57:00 +0000 |
commit | 88430a3e53ab07b04e50e3425169def4057a9d6b (patch) | |
tree | 334b154047413730adaf50046096fd8ec8f3f135 /etc/firejail-default | |
parent | Apparmor: blacklist /proc and /sys access from firejail (diff) | |
download | firejail-88430a3e53ab07b04e50e3425169def4057a9d6b.tar.gz firejail-88430a3e53ab07b04e50e3425169def4057a9d6b.tar.zst firejail-88430a3e53ab07b04e50e3425169def4057a9d6b.zip |
Log denied write access for easier debugging
After more testing we can disable logging gain.
Diffstat (limited to 'etc/firejail-default')
-rw-r--r-- | etc/firejail-default | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 3768e6970..2f959d92a 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -58,17 +58,22 @@ owner /run/firejail/mnt/oroot/{run,dev}/shm/** rmwk, | |||
58 | 58 | ||
59 | ########## | 59 | ########## |
60 | # Allow /proc and /sys read-only access. | 60 | # Allow /proc and /sys read-only access. |
61 | # Blacklisting is controlled from Firejail. | 61 | # Blacklisting is controlled from userspace Firejail. |
62 | ########## | 62 | ########## |
63 | /proc/ r, | 63 | /proc/ r, |
64 | /proc/** r, | 64 | /proc/** r, |
65 | deny /proc/** w, | 65 | # Uncomment to silence all denied write warnings |
66 | #deny /proc/** w, | ||
67 | deny /proc/@{PID}/oom_adj w, | ||
68 | deny /proc/@{PID}/oom_score_adj w, | ||
66 | 69 | ||
67 | /sys/ r, | 70 | /sys/ r, |
68 | /sys/** r, | 71 | /sys/** r, |
69 | deny /sys/** w, | 72 | # Uncomment to silence all denied write warnings |
73 | #deny /sys/** w, | ||
70 | 74 | ||
71 | # Needed by chromium crash handler. Uncomment if you need it. | 75 | # Allows to attach to a running program and modify the process memory. |
76 | # May be needed by chromium crash handler. Uncomment if you need it. | ||
72 | #ptrace (trace tracedby), | 77 | #ptrace (trace tracedby), |
73 | 78 | ||
74 | ########## | 79 | ########## |