diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2021-03-31 17:10:43 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-03-31 17:10:43 +0000 |
| commit | cf43dff63b81610087020a19e24de65bd409b9ce (patch) | |
| tree | 0b08579e7e31f8d64f31ae43ac4514133c09b1ab /etc | |
| parent | Merge pull request #4149 from nolanl/master (diff) | |
| parent | Add examples to allow running programs from specific home dir (diff) | |
| download | firejail-cf43dff63b81610087020a19e24de65bd409b9ce.tar.gz firejail-cf43dff63b81610087020a19e24de65bd409b9ce.tar.zst firejail-cf43dff63b81610087020a19e24de65bd409b9ce.zip | |
Merge pull request #4148 from glitsj16/master
Improve comments in apparmor files
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/apparmor/firejail-default | 3 | ||||
| -rw-r--r-- | etc/apparmor/firejail-local | 7 |
2 files changed, 9 insertions, 1 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index 80d527e41..ca32f5b0d 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
| @@ -84,7 +84,8 @@ owner /proc/@{PID}/clear_refs w, | |||
| 84 | 84 | ||
| 85 | ########## | 85 | ########## |
| 86 | # Allow running programs only from well-known system directories. If you need | 86 | # Allow running programs only from well-known system directories. If you need |
| 87 | # to run programs from your home directory, uncomment /home line. | 87 | # to run programs from your home directory, add "/{,run/firejail/mnt/oroot/}home/** ix," |
| 88 | # or similar to /etc/apparmor.d/local/firejail-default (without the quotes). | ||
| 88 | ########## | 89 | ########## |
| 89 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}bin/** ix, | 90 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}bin/** ix, |
| 90 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}sbin/** ix, | 91 | /{,run/firejail/mnt/oroot/}{,usr/,usr/local/}sbin/** ix, |
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local index 893a1ce46..7f2a778ab 100644 --- a/etc/apparmor/firejail-local +++ b/etc/apparmor/firejail-local | |||
| @@ -1,5 +1,12 @@ | |||
| 1 | # Site-specific additions and overrides for 'firejail-default'. | 1 | # Site-specific additions and overrides for 'firejail-default'. |
| 2 | # For more details, please see /etc/apparmor.d/local/README. | 2 | # For more details, please see /etc/apparmor.d/local/README. |
| 3 | 3 | ||
| 4 | # Here are some examples to allow running programs from home directory. | ||
| 5 | # Don't enable all of these, just pick a specific one or write a custom rule | ||
| 6 | # instead as done below for torbrowser-launcher. | ||
| 7 | #owner @HOME/** ix, | ||
| 8 | #owner @HOME/bin/** ix | ||
| 9 | #owner @HOME/.local/bin/** ix | ||
| 10 | |||
| 4 | # Uncomment to opt-in to apparmor for torbrowser-launcher | 11 | # Uncomment to opt-in to apparmor for torbrowser-launcher |
| 5 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, | 12 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, |