diff options
| author |  Reiner Herrmann <reiner@reiner-h.de> | 2022-01-20 13:02:39 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-01-20 13:02:39 +0000 |
| commit | afed1f5aac9692382ac02f11ffd78ba5ee7d369c (patch) | |
| tree | c4920bf86056d04f840fdcc4221a873cb5ed8110 /etc/profile-m-z/ssh.profile | |
| parent | steam.profile: allow /etc/vulkan (#4862) (diff) | |
| download | firejail-afed1f5aac9692382ac02f11ffd78ba5ee7d369c.tar.gz firejail-afed1f5aac9692382ac02f11ffd78ba5ee7d369c.tar.zst firejail-afed1f5aac9692382ac02f11ffd78ba5ee7d369c.zip | |
profiles: enable deterministic shutdown for ssh (#4870)
ssh can start in master mode, which will spawn an additional long
running process, which keeps connections to a server open, so that
it can be reused by later connection attempts.
But the lingering master process will prevent the jail from shutting
down, when `firejail ssh` tries to exit.
This breaks for example ansible when using a firejailed ssh, as it
calls ssh with ControlMaster flags.
deterministic-shutdown will kill the other process when the parent
exits.
Diffstat (limited to 'etc/profile-m-z/ssh.profile')
| -rw-r--r-- | etc/profile-m-z/ssh.profile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 9295013e7..4da0db517 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
| @@ -50,4 +50,5 @@ writable-run-user | |||
| 50 | dbus-user none | 50 | dbus-user none |
| 51 | dbus-system none | 51 | dbus-system none |
| 52 | 52 | ||
| 53 | deterministic-shutdown | ||
| 53 | memory-deny-write-execute | 54 | memory-deny-write-execute |