diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-03-31 17:10:43 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-31 17:10:43 +0000 |
commit | cf43dff63b81610087020a19e24de65bd409b9ce (patch) | |
tree | 0b08579e7e31f8d64f31ae43ac4514133c09b1ab /etc | |
parent | Merge pull request #4149 from nolanl/master (diff) | |
parent | Add examples to allow running programs from specific home dir (diff) | |
download | firejail-cf43dff63b81610087020a19e24de65bd409b9ce.tar.gz firejail-cf43dff63b81610087020a19e24de65bd409b9ce.tar.zst firejail-cf43dff63b81610087020a19e24de65bd409b9ce.zip |
Merge pull request #4148 from glitsj16/master
Improve comments in apparmor files
Diffstat (limited to 'etc')
-rw-r--r-- | etc/apparmor/firejail-default | 3 | ||||
-rw-r--r-- | etc/apparmor/firejail-local | 7 |
2 files changed, 9 insertions, 1 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index 80d527e41..ca32f5b0d 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
@@ -84,7 +84,8 @@ owner /proc/@{PID}/clear_refs w, | |||
84 | 84 | ||
85 | ########## | 85 | ########## |
86 | # Allow running programs only from well-known system directories. If you need | 86 | # Allow running programs only from well-known system directories. If you need |
87 | # to run programs from your home directory, uncomment /home line. | 87 | # to run programs from your home directory, add "/{,run/firejail/mnt/oroot/}home/** ix," |
88 | # or similar to /etc/apparmor.d/local/firejail-default (without the quotes). | ||
88 | ########## | 89 | ########## |
89 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}bin/** ix, | 90 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}bin/** ix, |
90 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}sbin/** ix, | 91 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}sbin/** ix, |
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local index 893a1ce46..7f2a778ab 100644 --- a/etc/apparmor/firejail-local +++ b/etc/apparmor/firejail-local | |||
@@ -1,5 +1,12 @@ | |||
1 | # Site-specific additions and overrides for 'firejail-default'. | 1 | # Site-specific additions and overrides for 'firejail-default'. |
2 | # For more details, please see /etc/apparmor.d/local/README. | 2 | # For more details, please see /etc/apparmor.d/local/README. |
3 | 3 | ||
4 | # Here are some examples to allow running programs from home directory. | ||
5 | # Don't enable all of these, just pick a specific one or write a custom rule | ||
6 | # instead as done below for torbrowser-launcher. | ||
7 | #owner @HOME/** ix, | ||
8 | #owner @HOME/bin/** ix | ||
9 | #owner @HOME/.local/bin/** ix | ||
10 | |||
4 | # Uncomment to opt-in to apparmor for torbrowser-launcher | 11 | # Uncomment to opt-in to apparmor for torbrowser-launcher |
5 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, | 12 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, |