diff options
author | Reiner Herrmann <reiner@reiner-h.de> | 2022-01-20 13:02:39 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-20 13:02:39 +0000 |
commit | afed1f5aac9692382ac02f11ffd78ba5ee7d369c (patch) | |
tree | c4920bf86056d04f840fdcc4221a873cb5ed8110 /etc/profile-m-z | |
parent | steam.profile: allow /etc/vulkan (#4862) (diff) | |
download | firejail-afed1f5aac9692382ac02f11ffd78ba5ee7d369c.tar.gz firejail-afed1f5aac9692382ac02f11ffd78ba5ee7d369c.tar.zst firejail-afed1f5aac9692382ac02f11ffd78ba5ee7d369c.zip |
profiles: enable deterministic shutdown for ssh (#4870)
ssh can start in master mode, which will spawn an additional long
running process, which keeps connections to a server open, so that
it can be reused by later connection attempts.
But the lingering master process will prevent the jail from shutting
down, when `firejail ssh` tries to exit.
This breaks for example ansible when using a firejailed ssh, as it
calls ssh with ControlMaster flags.
deterministic-shutdown will kill the other process when the parent
exits.
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/ssh.profile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 9295013e7..4da0db517 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -50,4 +50,5 @@ writable-run-user | |||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | 52 | ||
53 | deterministic-shutdown | ||
53 | memory-deny-write-execute | 54 | memory-deny-write-execute |