From 9109f60151e3775a365204f75b4eb69f9de2ee4f Mon Sep 17 00:00:00 2001
From: Азалия Смарагдова
 <64576901+ChrysoliteAzalea@users.noreply.github.com>
Date: Thu, 18 Aug 2022 01:12:37 +0000
Subject: Fixed an AppArmor profile denial issue with ptrace and signals
 (#5317)

---
 etc/apparmor/firejail-default | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index b4e7f642a..3cc771ed7 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -33,6 +33,7 @@ owner /{,var/}run/firejail/dbus/[0-9]*/[0-9]*-user w,
 #ptrace,
 # Allow obtaining some process information, but not ptrace(2)
 ptrace (read,readby) peer=@{profile_name},
+ptrace (read,readby) peer=@{profile_name}//&unconfined,
 
 ##########
 # Allow read access to whole filesystem and control it from firejail.
@@ -123,6 +124,7 @@ network packet,
 ##########
 # There is no equivalent in Firejail for filtering signals.
 ##########
+signal (send) peer=@{profile_name}//&unconfined,
 signal (send) peer=@{profile_name},
 signal (receive),
 
-- 
cgit v1.2.3-70-g09d2