diff options
| author |  Antonio Russo <antonio.e.russo@gmail.com> | 2017-10-03 10:34:08 -0400 |
|---|---|---|
| committer | Antonio Russo <antonio.e.russo@gmail.com> | 2017-10-03 10:34:08 -0400 |
| commit | 14862197711e32aef6768f0c31b7ae071c5ae4e6 (patch) | |
| tree | 7a51ef87b9a943306ddfe940192e41d36259d9ff /etc/firejail-default | |
| parent | potential fix for mutt/gnupg issue #1585 (diff) | |
| download | firejail-14862197711e32aef6768f0c31b7ae071c5ae4e6.tar.gz firejail-14862197711e32aef6768f0c31b7ae071c5ae4e6.tar.zst firejail-14862197711e32aef6768f0c31b7ae071c5ae4e6.zip | |
Enumerate root directories in apparmor profile
Replace opaque character class with an explicit list of
root-level directories to be granted access.
Diffstat (limited to 'etc/firejail-default')
| -rw-r--r-- | etc/firejail-default | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 07579454f..5e1f2975c 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
| @@ -23,7 +23,7 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
| 23 | # enough to run "top" or "ps aux". | 23 | # enough to run "top" or "ps aux". |
| 24 | ########## | 24 | ########## |
| 25 | / r, | 25 | / r, |
| 26 | /[^proc,^sys]** mrwlk, | 26 | /{usr,bin,dev,etc,home,lib,media,mnt,opt,srv,tmp,var}** mrwlk, |
| 27 | /{,var/}run/ r, | 27 | /{,var/}run/ r, |
| 28 | /{,var/}run/** r, | 28 | /{,var/}run/** r, |
| 29 | /{,var/}run/user/**/dconf/ rw, | 29 | /{,var/}run/user/**/dconf/ rw, |