From 14862197711e32aef6768f0c31b7ae071c5ae4e6 Mon Sep 17 00:00:00 2001
From: Antonio Russo <antonio.e.russo@gmail.com>
Date: Tue, 3 Oct 2017 10:34:08 -0400
Subject: Enumerate root directories in apparmor profile

Replace opaque character class with an explicit list of
root-level directories to be granted access.
---
 etc/firejail-default | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/firejail-default b/etc/firejail-default
index 07579454f..5e1f2975c 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -23,7 +23,7 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) {
 # enough to run "top" or "ps aux".
 ##########
 / r,
-/[^proc,^sys]** mrwlk,
+/{usr,bin,dev,etc,home,lib,media,mnt,opt,srv,tmp,var}** mrwlk,
 /{,var/}run/ r,
 /{,var/}run/** r,
 /{,var/}run/user/**/dconf/ rw,
-- 
cgit v1.2.3-70-g09d2