apparmor: minor improvements

Use @{PID} consistently. Remove 'deny /proc/** w,' suggestion as it will break all whitelisted entries.
author: Vincent43 <31109921+Vincent43@users.noreply.github.com> 2019-07-16 14:17:41 +0200
committer: Vincent43 <31109921+Vincent43@users.noreply.github.com> 2019-07-16 14:17:41 +0200
commit: c9af839afddd941cb6cdb5f3d61f5bc01e513bda (patch)
tree: c0562737ef473395418ebe3d20bbc41169d4fede /etc/firejail-default
parent: check for dir existence before private-* mount (diff)
download: firejail-c9af839afddd941cb6cdb5f3d61f5bc01e513bda.tar.gz
firejail-c9af839afddd941cb6cdb5f3d61f5bc01e513bda.tar.zst
firejail-c9af839afddd941cb6cdb5f3d61f5bc01e513bda.zip
1 files changed, 1 insertions, 4 deletions
diff --git a/etc/firejail-default b/etc/firejail-default
index 7735f2f80..1d3664b70 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -64,7 +64,7 @@ owner /{,var/}run/media/** w,
 /{,var/}run/cups/cups.sock w,
 # Needed for firefox sandbox
-/proc/[0-9]*/{uid_map,gid_map,setgroups} w,
+/proc/@{PID}/{uid_map,gid_map,setgroups} w,
 # Needed for electron apps
 /proc/@{PID}/comm w,
@@ -74,9 +74,6 @@ deny /proc/@{PID}/oom_adj w,
 deny /proc/@{PID}/oom_score_adj w,
 # Uncomment to silence all denied write warnings
-#deny /proc/** w,
-# Uncomment to silence all denied write warnings
 #deny /sys/** w,
 ##########
author	Vincent43 <31109921+Vincent43@users.noreply.github.com>	2019-07-16 14:17:41 +0200
committer	Vincent43 <31109921+Vincent43@users.noreply.github.com>	2019-07-16 14:17:41 +0200
commit	c9af839afddd941cb6cdb5f3d61f5bc01e513bda (patch)
tree	c0562737ef473395418ebe3d20bbc41169d4fede /etc/firejail-default
parent	check for dir existence before private-* mount (diff)
download	firejail-c9af839afddd941cb6cdb5f3d61f5bc01e513bda.tar.gz firejail-c9af839afddd941cb6cdb5f3d61f5bc01e513bda.tar.zst firejail-c9af839afddd941cb6cdb5f3d61f5bc01e513bda.zip