aboutsummaryrefslogtreecommitdiffstats
path: root/etc/firejail-default
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2019-11-13 16:15:20 +0100
committerLibravatar smitsohu <smitsohu@gmail.com>2019-11-13 16:15:20 +0100
commit0a7cf94dbc1917b01815cfa0887ce6ae1c68766c (patch)
treef8d701abd46f09fad258a4fcc5309b4b4b185cb2 /etc/firejail-default
parentsome apparmor profile cleanup (diff)
downloadfirejail-0a7cf94dbc1917b01815cfa0887ce6ae1c68766c.tar.gz
firejail-0a7cf94dbc1917b01815cfa0887ce6ae1c68766c.tar.zst
firejail-0a7cf94dbc1917b01815cfa0887ce6ae1c68766c.zip
add signal mediation to apparmor profile
second line of defense, as there is always a pid namespace, too
Diffstat (limited to 'etc/firejail-default')
-rw-r--r--etc/firejail-default3
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/firejail-default b/etc/firejail-default
index 5b63503fc..a012f5440 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -106,7 +106,8 @@ network packet,
106########## 106##########
107# There is no equivalent in Firejail for filtering signals. 107# There is no equivalent in Firejail for filtering signals.
108########## 108##########
109signal, 109signal (send) peer=@{profile_name},
110signal (receive),
110 111
111########## 112##########
112# We let Firejail deal with capabilities, but ensure that 113# We let Firejail deal with capabilities, but ensure that
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-01 03:19:46 +0000