From f423a449d5b2ee571556201d3038f82a44bdc87d Mon Sep 17 00:00:00 2001
From: Vincent43 <31109921+Vincent43@users.noreply.github.com>
Date: Thu, 12 Apr 2018 12:02:05 +0100
Subject: AppArmor: disable MAC related capabilities

We probably don't want to control MAC or audit from firejail
---
 etc/firejail-default | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/etc/firejail-default b/etc/firejail-default
index ad3fdd718..2e48439f5 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -165,10 +165,10 @@ capability sys_time,
 capability sys_tty_config,
 capability mknod,
 capability lease,
-capability audit_write,
-capability audit_control,
+#capability audit_write,
+#capability audit_control,
 capability setfcap,
-capability mac_override,
+#capability mac_override,
 #capability mac_admin,
 
 ##########
-- 
cgit v1.2.3-70-g09d2