diff options
Diffstat (limited to 'etc/firejail-default')
-rw-r--r-- | etc/firejail-default | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 2e48439f5..5cfb1b5ea 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -21,10 +21,10 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) { | |||
21 | #dbus, | 21 | #dbus, |
22 | 22 | ||
23 | ########## | 23 | ########## |
24 | # Allows to attach to a running program and modify the process memory. | 24 | # With ptrace it is possible to inspect and hijack running programs. Usually this |
25 | # May be needed by chromium crash handler. Uncomment if you need it. | 25 | # is needed only for debugging. To allow ptrace, uncomment the following line |
26 | ########## | 26 | ########## |
27 | #ptrace (trace tracedby), | 27 | #ptrace, |
28 | 28 | ||
29 | ########## | 29 | ########## |
30 | # Line starting with /run/firejail/mnt/oroot deal with --overlay sandboxes | 30 | # Line starting with /run/firejail/mnt/oroot deal with --overlay sandboxes |
@@ -133,8 +133,8 @@ network raw, | |||
133 | signal, | 133 | signal, |
134 | 134 | ||
135 | ########## | 135 | ########## |
136 | # We let Firejail deal with capabilities, | 136 | # We let Firejail deal with capabilities, but ensure that |
137 | # but mac_admin should be dropped in any case. | 137 | # some AppArmor related capabilities will not be available. |
138 | ########## | 138 | ########## |
139 | capability chown, | 139 | capability chown, |
140 | capability dac_override, | 140 | capability dac_override, |