diff options
author | Kristóf Marussy <kristof@marussy.com> | 2020-10-10 13:27:42 +0200 |
---|---|---|
committer | Kristóf Marussy <kristof@marussy.com> | 2020-10-10 16:13:39 +0200 |
commit | bba750c73469ea315d859464ddd19e495d830a72 (patch) | |
tree | dace8a4d08d19dddbf861a5c100bec177bcbf475 /etc | |
parent | build: add -fPIE to LDFLAGS (diff) | |
download | firejail-bba750c73469ea315d859464ddd19e495d830a72.tar.gz firejail-bba750c73469ea315d859464ddd19e495d830a72.tar.zst firejail-bba750c73469ea315d859464ddd19e495d830a72.zip |
Fix AppArmor 3.0 support (closes #3659)
AppArmor introduces the @{run} variable, which is used in
<abstractions/dbus-strict> and <abstractions/dbus-session-strict> among
other places. Thus, we follow suit of the built-in profiles and #include
<tunables/global>, which includes <tunables/run> in AppArmor 3.0,
defining the variable.
As <tunables/global> exists in previous versions of AppArmor, too, this
patch does not introduce a backward-compatibility issue with Apparmor
2.x.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/apparmor/firejail-default | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index 68e20d9b9..e396ae7d9 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
@@ -2,6 +2,10 @@ | |||
2 | # Generic Firejail AppArmor profile | 2 | # Generic Firejail AppArmor profile |
3 | ######################################### | 3 | ######################################### |
4 | 4 | ||
5 | # AppArmor 3.0 uses the @{run} variable in <abstractions/dbus-strict> | ||
6 | # and <abstractions/dbus-session-strict>. | ||
7 | #include <tunables/global> | ||
8 | |||
5 | ########## | 9 | ########## |
6 | # A simple PID declaration based on Ubuntu's @{pid} | 10 | # A simple PID declaration based on Ubuntu's @{pid} |
7 | # Ubuntu keeps it under tunables/kernelvars and include it via tunables/global. | 11 | # Ubuntu keeps it under tunables/kernelvars and include it via tunables/global. |