diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -207,13 +207,15 @@ AppArmor features are supported on overlayfs and chroot sandboxes. | |||
207 | 207 | ||
208 | We are in the process of streamlining our AppArmor profile. The restrictions for /proc, /sys | 208 | We are in the process of streamlining our AppArmor profile. The restrictions for /proc, /sys |
209 | and /run/user directories were moved out of the profile into firejail executable. | 209 | and /run/user directories were moved out of the profile into firejail executable. |
210 | 210 | We are also adding a "apparmor yes/no" flag in /etc/firejail/firejail.config file allows the user to | |
211 | We intend to start apparmor by default for browsers, torrent clients and media players. | 211 | enable/disable apparmor functionality globally. By default the flag is enabled. |
212 | So far we cover Firefox (firefox-common.profile), Chromium (chromium-common.profile), | 212 | |
213 | transmission-qt, transmission-gtk, vlc and mpv. | 213 | AppArmor deployment: we are starting apparmor by default for the following programs: |
214 | 214 | - web browsers: firefox (firefox-common.profile), chromium (chromium-common.profile) | |
215 | "apparmor yes/no" flag in /etc/firejail/firejail.config file allows the user to enable/disable apparmor functionality globally | 215 | - torrent clients: transmission-qt, transmission-gtk, qbittorrent |
216 | By default the flag is enabled. | 216 | - media players: vlc, mpv, audacious, totem, rhythmbox |
217 | - media editing: kdenlive, audacity, handbrake, gimp, inkscape, krita, openshot | ||
218 | - etc.: atril, gnome-calculator, galculator, eom, eog | ||
217 | 219 | ||
218 | Checking apparmor status: | 220 | Checking apparmor status: |
219 | ````` | 221 | ````` |