diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-07-21 07:48:36 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-07-21 07:48:36 -0400 |
| commit | 3a8a3651d32cda0b0328a2b77e7b9146d885cd26 (patch) | |
| tree | 4cdbc602400b9fdba2fc0dd22b8300cb965b329e /etc/firejail-default | |
| parent | merges (diff) | |
| download | firejail-3a8a3651d32cda0b0328a2b77e7b9146d885cd26.tar.gz firejail-3a8a3651d32cda0b0328a2b77e7b9146d885cd26.tar.zst firejail-3a8a3651d32cda0b0328a2b77e7b9146d885cd26.zip | |
apparmor fixes
Diffstat (limited to 'etc/firejail-default')
| -rw-r--r-- | etc/firejail-default | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index d9bda4f8c..7fd1b1ad7 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | ########## | 10 | ########## |
| 11 | @{PID}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]} | 11 | @{PID}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]} |
| 12 | 12 | ||
| 13 | profile firejail-default { | 13 | profile firejail-default flags=(attach_disconnected,mediate_deleted) { |
| 14 | 14 | ||
| 15 | ########## | 15 | ########## |
| 16 | # D-Bus is a huge security hole. Uncomment this line if you need D-Bus | 16 | # D-Bus is a huge security hole. Uncomment this line if you need D-Bus |
| @@ -44,20 +44,11 @@ profile firejail-default { | |||
| 44 | /proc/uptime r, | 44 | /proc/uptime r, |
| 45 | /proc/loadavg r, | 45 | /proc/loadavg r, |
| 46 | /proc/stat r, | 46 | /proc/stat r, |
| 47 | |||
| 48 | /proc/@{PID}/ r, | ||
| 49 | /proc/@{PID}/fd/ r, | ||
| 50 | /proc/@{PID}/task/ r, | ||
| 51 | /proc/@{PID}/cmdline r, | ||
| 52 | /proc/@{PID}/comm r, | ||
| 53 | /proc/@{PID}/stat r, | ||
| 54 | /proc/@{PID}/statm r, | ||
| 55 | /proc/@{PID}/status r, | ||
| 56 | /proc/@{PID}/task/@{PID}/stat r, | ||
| 57 | /proc/sys/kernel/pid_max r, | 47 | /proc/sys/kernel/pid_max r, |
| 58 | /proc/sys/kernel/shmmax r, | 48 | /proc/sys/kernel/shmmax r, |
| 59 | /proc/sys/vm/overcommit_memory r, | 49 | /proc/sys/vm/overcommit_memory r, |
| 60 | /proc/sys/vm/overcommit_ratio r, | 50 | /proc/sys/vm/overcommit_ratio r, |
| 51 | /proc/sys/kernel/random/uuid r, | ||
| 61 | 52 | ||
| 62 | /sys/ r, | 53 | /sys/ r, |
| 63 | /sys/bus/ r, | 54 | /sys/bus/ r, |
| @@ -67,6 +58,15 @@ profile firejail-default { | |||
| 67 | /sys/devices/ r, | 58 | /sys/devices/ r, |
| 68 | /sys/devices/** r, | 59 | /sys/devices/** r, |
| 69 | 60 | ||
| 61 | /proc/@{PID}/ r, | ||
| 62 | /proc/@{PID}/fd/ r, | ||
| 63 | /proc/@{PID}/task/ r, | ||
| 64 | /proc/@{PID}/cmdline r, | ||
| 65 | /proc/@{PID}/comm r, | ||
| 66 | /proc/@{PID}/stat r, | ||
| 67 | /proc/@{PID}/statm r, | ||
| 68 | /proc/@{PID}/status r, | ||
| 69 | /proc/@{PID}/task/@{PID}/stat r, | ||
| 70 | /proc/@{PID}/maps r, | 70 | /proc/@{PID}/maps r, |
| 71 | /proc/@{PID}/mounts r, | 71 | /proc/@{PID}/mounts r, |
| 72 | /proc/@{PID}/mountinfo r, | 72 | /proc/@{PID}/mountinfo r, |