diff options
Diffstat (limited to 'etc/firejail-default')
| -rw-r--r-- | etc/firejail-default | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 88bf9aa44..02a241c34 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
| @@ -21,10 +21,13 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
| 21 | dbus, | 21 | dbus, |
| 22 | 22 | ||
| 23 | ########## | 23 | ########## |
| 24 | # With ptrace it is possible to inspect and hijack running programs. Usually this | 24 | # With ptrace it is possible to inspect and hijack running programs. |
| 25 | # is needed only for debugging. To allow ptrace, uncomment the following line. | 25 | # Some browsers are also using ptrace for their sandboxing. |
| 26 | ########## | 26 | ########## |
| 27 | # Uncomment this line to allow all ptrace access | ||
| 27 | #ptrace, | 28 | #ptrace, |
| 29 | # Allow obtaining some process information, but not ptrace(2) | ||
| 30 | ptrace (read,readby) peer=firejail-default, | ||
| 28 | 31 | ||
| 29 | ########## | 32 | ########## |
| 30 | # Allow read access to whole filesystem and control it from firejail. | 33 | # Allow read access to whole filesystem and control it from firejail. |