diff options
author | smitsohu <smitsohu@gmail.com> | 2018-01-23 14:11:47 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-23 14:11:47 +0100 |
commit | ded539c03b5f743aa8dcdff9aa68de793db9ef31 (patch) | |
tree | dfa4ce15948c4f748d727a9cf437adf4d9b50297 /etc | |
parent | Partial revert of f2fdcf7361f99d4b62d6427d078445c2ea1dc6cb for gedit (diff) | |
parent | Apparmor: Revert /proc changes (diff) | |
download | firejail-ded539c03b5f743aa8dcdff9aa68de793db9ef31.tar.gz firejail-ded539c03b5f743aa8dcdff9aa68de793db9ef31.tar.zst firejail-ded539c03b5f743aa8dcdff9aa68de793db9ef31.zip |
Merge pull request #1745 from Vincent43/patch-1
Apparmor: restrict access to writable files
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firejail-default | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index eb50d6c65..e5010eaab 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -26,19 +26,19 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
26 | /{usr,bin,sbin,dev,etc,home,root,lib,media,mnt,opt,srv,tmp,var}** mrwlk, | 26 | /{usr,bin,sbin,dev,etc,home,root,lib,media,mnt,opt,srv,tmp,var}** mrwlk, |
27 | /{,var/}run/ r, | 27 | /{,var/}run/ r, |
28 | /{,var/}run/** r, | 28 | /{,var/}run/** r, |
29 | /{,var/}run/user/**/dconf/ rw, | 29 | owner /{,var/}run/user/**/dconf/ rw, |
30 | /{,var/}run/user/**/dconf/user rw, | 30 | owner /{,var/}run/user/**/dconf/user rw, |
31 | /{,var/}run/user/**/pulse/ rw, | 31 | owner /{,var/}run/user/**/pulse/ rw, |
32 | /{,var/}run/user/**/pulse/** rw, | 32 | owner /{,var/}run/user/**/pulse/** rw, |
33 | /{,var/}run/user/**/*.slave-socket rwl, | 33 | owner /{,var/}run/user/**/*.slave-socket rwl, |
34 | /{,var/}run/user/**/#@{PID} rw, | 34 | owner /{,var/}run/user/**/#@{PID} rw, |
35 | /{,var/}run/user/**/orcexec.* rwkm, | 35 | owner /{,var/}run/user/**/orcexec.* rwkm, |
36 | /{,var/}run/firejail/mnt/fslogger r, | 36 | /{,var/}run/firejail/mnt/fslogger r, |
37 | /{,var/}run/firejail/appimage r, | 37 | /{,var/}run/firejail/appimage r, |
38 | /{,var/}run/firejail/appimage/** r, | 38 | /{,var/}run/firejail/appimage/** r, |
39 | /{,var/}run/firejail/appimage/** ix, | 39 | /{,var/}run/firejail/appimage/** ix, |
40 | /{run,dev}/shm/ r, | 40 | /{run,dev}/shm/ r, |
41 | /{run,dev}/shm/** rmwk, | 41 | owner /{run,dev}/shm/** rmwk, |
42 | 42 | ||
43 | /proc/ r, | 43 | /proc/ r, |
44 | /proc/meminfo r, | 44 | /proc/meminfo r, |