diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-06-07 22:35:00 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-07 22:35:00 +0100 |
commit | aa37fe19fed6be8e44db461691149237ee71da94 (patch) | |
tree | 9fcca41ba361234009097d4e593f0660bb851572 /etc | |
parent | fnet fix (merge from LTS branch) (diff) | |
download | firejail-aa37fe19fed6be8e44db461691149237ee71da94.tar.gz firejail-aa37fe19fed6be8e44db461691149237ee71da94.tar.zst firejail-aa37fe19fed6be8e44db461691149237ee71da94.zip |
AppArmor: allow dbus access by default
As discussed in https://github.com/netblue30/firejail/issues/1917#issuecomment-386002234 leave blacklisting dbus access to firejail userspace with 'nodbus' option. Fine grained blacklisting of particular dbus services can be added here in the future.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firejail-default | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 965167891..8bf42b3a3 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -13,12 +13,12 @@ | |||
13 | profile firejail-default flags=(attach_disconnected,mediate_deleted) { | 13 | profile firejail-default flags=(attach_disconnected,mediate_deleted) { |
14 | 14 | ||
15 | ########## | 15 | ########## |
16 | # D-Bus is a huge security hole. Uncomment those lines if you need D-Bus | 16 | # Allow D-Bus access. It may negatively affect security. Comment those lines or |
17 | # functionality. | 17 | # use 'nodbus' option in profile if you don't need D-Bus functionality. |
18 | ########## | 18 | ########## |
19 | ##include <abstractions/dbus-strict> | 19 | #include <abstractions/dbus-strict> |
20 | ##include <abstractions/dbus-session-strict> | 20 | #include <abstractions/dbus-session-strict> |
21 | #dbus, | 21 | dbus, |
22 | 22 | ||
23 | ########## | 23 | ########## |
24 | # With ptrace it is possible to inspect and hijack running programs. Usually this | 24 | # With ptrace it is possible to inspect and hijack running programs. Usually this |