diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firejail-default | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/etc/firejail-default b/etc/firejail-default index 3768e6970..2f959d92a 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -58,17 +58,22 @@ owner /run/firejail/mnt/oroot/{run,dev}/shm/** rmwk, | |||
58 | 58 | ||
59 | ########## | 59 | ########## |
60 | # Allow /proc and /sys read-only access. | 60 | # Allow /proc and /sys read-only access. |
61 | # Blacklisting is controlled from Firejail. | 61 | # Blacklisting is controlled from userspace Firejail. |
62 | ########## | 62 | ########## |
63 | /proc/ r, | 63 | /proc/ r, |
64 | /proc/** r, | 64 | /proc/** r, |
65 | deny /proc/** w, | 65 | # Uncomment to silence all denied write warnings |
66 | #deny /proc/** w, | ||
67 | deny /proc/@{PID}/oom_adj w, | ||
68 | deny /proc/@{PID}/oom_score_adj w, | ||
66 | 69 | ||
67 | /sys/ r, | 70 | /sys/ r, |
68 | /sys/** r, | 71 | /sys/** r, |
69 | deny /sys/** w, | 72 | # Uncomment to silence all denied write warnings |
73 | #deny /sys/** w, | ||
70 | 74 | ||
71 | # Needed by chromium crash handler. Uncomment if you need it. | 75 | # Allows to attach to a running program and modify the process memory. |
76 | # May be needed by chromium crash handler. Uncomment if you need it. | ||
72 | #ptrace (trace tracedby), | 77 | #ptrace (trace tracedby), |
73 | 78 | ||
74 | ########## | 79 | ########## |