diff options
| author |  Азалия Смарагдова <64576901+ChrysoliteAzalea@users.noreply.github.com> | 2022-08-18 01:12:37 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-08-18 01:12:37 +0000 |
| commit | 9109f60151e3775a365204f75b4eb69f9de2ee4f (patch) | |
| tree | 9b9e711ea58af50b95c8bbf2facac7c1f54e9476 /etc | |
| parent | more merges (diff) | |
| download | firejail-9109f60151e3775a365204f75b4eb69f9de2ee4f.tar.gz firejail-9109f60151e3775a365204f75b4eb69f9de2ee4f.tar.zst firejail-9109f60151e3775a365204f75b4eb69f9de2ee4f.zip | |
Fixed an AppArmor profile denial issue with ptrace and signals (#5317)
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/apparmor/firejail-default | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index b4e7f642a..3cc771ed7 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
| @@ -33,6 +33,7 @@ owner /{,var/}run/firejail/dbus/[0-9]*/[0-9]*-user w, | |||
| 33 | #ptrace, | 33 | #ptrace, |
| 34 | # Allow obtaining some process information, but not ptrace(2) | 34 | # Allow obtaining some process information, but not ptrace(2) |
| 35 | ptrace (read,readby) peer=@{profile_name}, | 35 | ptrace (read,readby) peer=@{profile_name}, |
| 36 | ptrace (read,readby) peer=@{profile_name}//&unconfined, | ||
| 36 | 37 | ||
| 37 | ########## | 38 | ########## |
| 38 | # Allow read access to whole filesystem and control it from firejail. | 39 | # Allow read access to whole filesystem and control it from firejail. |
| @@ -123,6 +124,7 @@ network packet, | |||
| 123 | ########## | 124 | ########## |
| 124 | # There is no equivalent in Firejail for filtering signals. | 125 | # There is no equivalent in Firejail for filtering signals. |
| 125 | ########## | 126 | ########## |
| 127 | signal (send) peer=@{profile_name}//&unconfined, | ||
| 126 | signal (send) peer=@{profile_name}, | 128 | signal (send) peer=@{profile_name}, |
| 127 | signal (receive), | 129 | signal (receive), |
| 128 | 130 | ||