diff options
| author |  Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-04-12 12:02:05 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2018-04-12 12:02:05 +0100 |
| commit | f423a449d5b2ee571556201d3038f82a44bdc87d (patch) | |
| tree | bbacd312b67dea47a2bb80fe810fbe5157ed21e5 /etc/firejail-default | |
| parent | fix --join (diff) | |
| download | firejail-f423a449d5b2ee571556201d3038f82a44bdc87d.tar.gz firejail-f423a449d5b2ee571556201d3038f82a44bdc87d.tar.zst firejail-f423a449d5b2ee571556201d3038f82a44bdc87d.zip | |
AppArmor: disable MAC related capabilities
We probably don't want to control MAC or audit from firejail
Diffstat (limited to 'etc/firejail-default')
| -rw-r--r-- | etc/firejail-default | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index ad3fdd718..2e48439f5 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
| @@ -165,10 +165,10 @@ capability sys_time, | |||
| 165 | capability sys_tty_config, | 165 | capability sys_tty_config, |
| 166 | capability mknod, | 166 | capability mknod, |
| 167 | capability lease, | 167 | capability lease, |
| 168 | capability audit_write, | 168 | #capability audit_write, |
| 169 | capability audit_control, | 169 | #capability audit_control, |
| 170 | capability setfcap, | 170 | capability setfcap, |
| 171 | capability mac_override, | 171 | #capability mac_override, |
| 172 | #capability mac_admin, | 172 | #capability mac_admin, |
| 173 | 173 | ||
| 174 | ########## | 174 | ########## |