diff options
author | smitsohu <smitsohu@gmail.com> | 2019-11-13 16:15:20 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-11-13 16:15:20 +0100 |
commit | 0a7cf94dbc1917b01815cfa0887ce6ae1c68766c (patch) | |
tree | f8d701abd46f09fad258a4fcc5309b4b4b185cb2 /etc | |
parent | some apparmor profile cleanup (diff) | |
download | firejail-0a7cf94dbc1917b01815cfa0887ce6ae1c68766c.tar.gz firejail-0a7cf94dbc1917b01815cfa0887ce6ae1c68766c.tar.zst firejail-0a7cf94dbc1917b01815cfa0887ce6ae1c68766c.zip |
add signal mediation to apparmor profile
second line of defense, as there is always a pid namespace, too
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firejail-default | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 5b63503fc..a012f5440 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -106,7 +106,8 @@ network packet, | |||
106 | ########## | 106 | ########## |
107 | # There is no equivalent in Firejail for filtering signals. | 107 | # There is no equivalent in Firejail for filtering signals. |
108 | ########## | 108 | ########## |
109 | signal, | 109 | signal (send) peer=@{profile_name}, |
110 | signal (receive), | ||
110 | 111 | ||
111 | ########## | 112 | ########## |
112 | # We let Firejail deal with capabilities, but ensure that | 113 | # We let Firejail deal with capabilities, but ensure that |