1 files changed, 19 insertions, 1 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 3f5921322..9a2efebd2 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -443,15 +443,33 @@ int main(int argc, char **argv) {
        // set new symlinks based on /usr/lib/firejail/firecfg.cfg
        set_links_firecfg();
-        // add user to firejail access database - only for root
        if (getuid() == 0) {
+                // add user to firejail access database - only for root
                printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
                // temporarily set the umask, access database must be world-readable
                mode_t orig_umask = umask(022);
                firejail_user_add(user);
                umask(orig_umask);
+#ifdef HAVE_APPARMOR
+                // enable firejail apparmor profile
+                struct stat s;
+                if (stat("/sbin/apparmor_parser", &s) == 0) {
+                        char *cmd;
+                        // SYSCONFDIR points to /etc/firejail, we have to go on level up (..)
+                        printf("\nLoading AppArmor profile\n");
+                        if (asprintf(&cmd, "/sbin/apparmor_parser -r /etc/apparmor.d/firejail-default %s/../apparmor.d/firejail-default", SYSCONFDIR) == -1)
+                                errExit("asprintf");
+                        int rv = system(cmd);
+                        (void) rv;
+                        free(cmd);
+                }
+#endif
        }
        // set new symlinks based on ~/.config/firejail directory
        set_links_homedir(home);

diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 3f5921322..9a2efebd2 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -443,15 +443,33 @@ int main(int argc, char **argv) {
443	// set new symlinks based on /usr/lib/firejail/firecfg.cfg	443	// set new symlinks based on /usr/lib/firejail/firecfg.cfg
444	set_links_firecfg();	444	set_links_firecfg();
445		445
446	// add user to firejail access database - only for root
447	if (getuid() == 0) {	446	if (getuid() == 0) {
		447	// add user to firejail access database - only for root
448	printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);	448	printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
449	// temporarily set the umask, access database must be world-readable	449	// temporarily set the umask, access database must be world-readable
450	mode_t orig_umask = umask(022);	450	mode_t orig_umask = umask(022);
451	firejail_user_add(user);	451	firejail_user_add(user);
452	umask(orig_umask);	452	umask(orig_umask);
		453
		454	#ifdef HAVE_APPARMOR
		455	// enable firejail apparmor profile
		456	struct stat s;
		457	if (stat("/sbin/apparmor_parser", &s) == 0) {
		458	char *cmd;
		459
		460	// SYSCONFDIR points to /etc/firejail, we have to go on level up (..)
		461	printf("\nLoading AppArmor profile\n");
		462	if (asprintf(&cmd, "/sbin/apparmor_parser -r /etc/apparmor.d/firejail-default %s/../apparmor.d/firejail-default", SYSCONFDIR) == -1)
		463	errExit("asprintf");
		464	int rv = system(cmd);
		465	(void) rv;
		466	free(cmd);
		467	}
		468	#endif
453	}	469	}
454		470
		471
		472
455	// set new symlinks based on ~/.config/firejail directory	473	// set new symlinks based on ~/.config/firejail directory
456	set_links_homedir(home);	474	set_links_homedir(home);
457		475