| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
1. Allow for seven digit PID same as upstream do https://gitlab.com/apparmor/apparmor/commit/630cb2a981cdc731847e8fdaafc45bcd337fe747
2. Fixed dbus functionality. Disabled by default.
|
| |
|
| |
|
|
|
|
| |
Kodi plugins need /proc/@PID/net/dev access outside user processes:
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/28/net/dev" pid=2354 comm="kodi.bin" requested_mask="r" denied_mask="r"
|
|
|
| |
Access to writable files can be restricted to their owner only.
|
|
|
|
|
| |
Escaping this create warning and is dropped anyway:
Warning from /etc/apparmor.d/firejail-default (/etc/apparmor.d/firejail-default line 163): Character # was quoted unnecessarily, dropped preceding quote ('\') character
|
| |
|
|
|
|
|
|
|
|
|
| |
For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below:
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965"
This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5)
|
| |
|
|
|
|
|
| |
Replace opaque character class with an explicit list of
root-level directories to be granted access.
|
|\
| |
| | |
Apparmor: add local configuration
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|