diff options
Diffstat (limited to 'etc/firejail-default')
-rw-r--r-- | etc/firejail-default | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index d9bda4f8c..7fd1b1ad7 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -10,7 +10,7 @@ | |||
10 | ########## | 10 | ########## |
11 | @{PID}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]} | 11 | @{PID}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]} |
12 | 12 | ||
13 | profile firejail-default { | 13 | profile firejail-default flags=(attach_disconnected,mediate_deleted) { |
14 | 14 | ||
15 | ########## | 15 | ########## |
16 | # D-Bus is a huge security hole. Uncomment this line if you need D-Bus | 16 | # D-Bus is a huge security hole. Uncomment this line if you need D-Bus |
@@ -44,20 +44,11 @@ profile firejail-default { | |||
44 | /proc/uptime r, | 44 | /proc/uptime r, |
45 | /proc/loadavg r, | 45 | /proc/loadavg r, |
46 | /proc/stat r, | 46 | /proc/stat r, |
47 | |||
48 | /proc/@{PID}/ r, | ||
49 | /proc/@{PID}/fd/ r, | ||
50 | /proc/@{PID}/task/ r, | ||
51 | /proc/@{PID}/cmdline r, | ||
52 | /proc/@{PID}/comm r, | ||
53 | /proc/@{PID}/stat r, | ||
54 | /proc/@{PID}/statm r, | ||
55 | /proc/@{PID}/status r, | ||
56 | /proc/@{PID}/task/@{PID}/stat r, | ||
57 | /proc/sys/kernel/pid_max r, | 47 | /proc/sys/kernel/pid_max r, |
58 | /proc/sys/kernel/shmmax r, | 48 | /proc/sys/kernel/shmmax r, |
59 | /proc/sys/vm/overcommit_memory r, | 49 | /proc/sys/vm/overcommit_memory r, |
60 | /proc/sys/vm/overcommit_ratio r, | 50 | /proc/sys/vm/overcommit_ratio r, |
51 | /proc/sys/kernel/random/uuid r, | ||
61 | 52 | ||
62 | /sys/ r, | 53 | /sys/ r, |
63 | /sys/bus/ r, | 54 | /sys/bus/ r, |
@@ -67,6 +58,15 @@ profile firejail-default { | |||
67 | /sys/devices/ r, | 58 | /sys/devices/ r, |
68 | /sys/devices/** r, | 59 | /sys/devices/** r, |
69 | 60 | ||
61 | /proc/@{PID}/ r, | ||
62 | /proc/@{PID}/fd/ r, | ||
63 | /proc/@{PID}/task/ r, | ||
64 | /proc/@{PID}/cmdline r, | ||
65 | /proc/@{PID}/comm r, | ||
66 | /proc/@{PID}/stat r, | ||
67 | /proc/@{PID}/statm r, | ||
68 | /proc/@{PID}/status r, | ||
69 | /proc/@{PID}/task/@{PID}/stat r, | ||
70 | /proc/@{PID}/maps r, | 70 | /proc/@{PID}/maps r, |
71 | /proc/@{PID}/mounts r, | 71 | /proc/@{PID}/mounts r, |
72 | /proc/@{PID}/mountinfo r, | 72 | /proc/@{PID}/mountinfo r, |