diff options
-rw-r--r-- | etc/firejail-default | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 88bf9aa44..02a241c34 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -21,10 +21,13 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
21 | dbus, | 21 | dbus, |
22 | 22 | ||
23 | ########## | 23 | ########## |
24 | # With ptrace it is possible to inspect and hijack running programs. Usually this | 24 | # With ptrace it is possible to inspect and hijack running programs. |
25 | # is needed only for debugging. To allow ptrace, uncomment the following line. | 25 | # Some browsers are also using ptrace for their sandboxing. |
26 | ########## | 26 | ########## |
27 | # Uncomment this line to allow all ptrace access | ||
27 | #ptrace, | 28 | #ptrace, |
29 | # Allow obtaining some process information, but not ptrace(2) | ||
30 | ptrace (read,readby) peer=firejail-default, | ||
28 | 31 | ||
29 | ########## | 32 | ########## |
30 | # Allow read access to whole filesystem and control it from firejail. | 33 | # Allow read access to whole filesystem and control it from firejail. |