diff options
| -rw-r--r-- | etc/firejail-default | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 2987e538c..1381056b1 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
| @@ -60,18 +60,15 @@ owner /{,var/}run/media/** w, | |||
| 60 | # Allow access to pcscd socket (smartcards) | 60 | # Allow access to pcscd socket (smartcards) |
| 61 | /{,var/}run/pcscd/pcscd.comm w, | 61 | /{,var/}run/pcscd/pcscd.comm w, |
| 62 | 62 | ||
| 63 | # Needed for firefox sandbox | 63 | # Needed for browser self-sandboxing |
| 64 | /proc/@{PID}/{uid_map,gid_map,setgroups} w, | 64 | owner /proc/@{PID}/{uid_map,gid_map,setgroups} w, |
| 65 | 65 | ||
| 66 | # Needed for electron apps | 66 | # Needed for electron apps |
| 67 | /proc/@{PID}/comm w, | 67 | /proc/@{PID}/comm w, |
| 68 | 68 | ||
| 69 | # Silence noise | 69 | # Used by chromium |
| 70 | deny /proc/@{PID}/oom_adj w, | 70 | owner /proc/@{PID}/oom_score_adj w, |
| 71 | deny /proc/@{PID}/oom_score_adj w, | 71 | owner /proc/@{PID}/clear_refs w, |
| 72 | |||
| 73 | # Uncomment to silence all denied write warnings | ||
| 74 | #deny /sys/** w, | ||
| 75 | 72 | ||
| 76 | ########## | 73 | ########## |
| 77 | # Allow running programs only from well-known system directories. If you need | 74 | # Allow running programs only from well-known system directories. If you need |