diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-01-04 14:19:03 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-04 14:19:03 +0000 |
commit | 457dc141386bc3ddbb922950b465a29008f13363 (patch) | |
tree | 3f7dd3c6311ceec8a2690baa96611f8f885017f5 /etc | |
parent | merges (diff) | |
download | firejail-457dc141386bc3ddbb922950b465a29008f13363.tar.gz firejail-457dc141386bc3ddbb922950b465a29008f13363.tar.zst firejail-457dc141386bc3ddbb922950b465a29008f13363.zip |
Apparmor: fix broken file dialogs in kde plasma
For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below:
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965"
This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5)
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firejail-default | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 5aacaec97..eb50d6c65 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -30,7 +30,8 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
30 | /{,var/}run/user/**/dconf/user rw, | 30 | /{,var/}run/user/**/dconf/user rw, |
31 | /{,var/}run/user/**/pulse/ rw, | 31 | /{,var/}run/user/**/pulse/ rw, |
32 | /{,var/}run/user/**/pulse/** rw, | 32 | /{,var/}run/user/**/pulse/** rw, |
33 | /{,var/}run/user/**/*.slave-socket rw, | 33 | /{,var/}run/user/**/*.slave-socket rwl, |
34 | /{,var/}run/user/**/#@{PID} rw, | ||
34 | /{,var/}run/user/**/orcexec.* rwkm, | 35 | /{,var/}run/user/**/orcexec.* rwkm, |
35 | /{,var/}run/firejail/mnt/fslogger r, | 36 | /{,var/}run/firejail/mnt/fslogger r, |
36 | /{,var/}run/firejail/appimage r, | 37 | /{,var/}run/firejail/appimage r, |