From 3a8a3651d32cda0b0328a2b77e7b9146d885cd26 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 21 Jul 2017 07:48:36 -0400
Subject: apparmor fixes

---
 etc/firejail-default | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'etc/firejail-default')

diff --git a/etc/firejail-default b/etc/firejail-default
index d9bda4f8c..7fd1b1ad7 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -10,7 +10,7 @@
 ##########
 @{PID}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]}
 
-profile firejail-default {
+profile firejail-default flags=(attach_disconnected,mediate_deleted) {
 
 ##########
 # D-Bus is a huge security hole. Uncomment this line if you need D-Bus
@@ -44,20 +44,11 @@ profile firejail-default {
 /proc/uptime r,
 /proc/loadavg r,
 /proc/stat r,
-
-/proc/@{PID}/ r,
-/proc/@{PID}/fd/ r,
-/proc/@{PID}/task/ r,
-/proc/@{PID}/cmdline r,
-/proc/@{PID}/comm r,
-/proc/@{PID}/stat r,
-/proc/@{PID}/statm r,
-/proc/@{PID}/status r,
-/proc/@{PID}/task/@{PID}/stat r,
 /proc/sys/kernel/pid_max r,
 /proc/sys/kernel/shmmax r,
 /proc/sys/vm/overcommit_memory r,
 /proc/sys/vm/overcommit_ratio r,
+/proc/sys/kernel/random/uuid r,
 
 /sys/ r,
 /sys/bus/ r,
@@ -67,6 +58,15 @@ profile firejail-default {
 /sys/devices/ r,
 /sys/devices/** r,
 
+/proc/@{PID}/ r,
+/proc/@{PID}/fd/ r,
+/proc/@{PID}/task/ r,
+/proc/@{PID}/cmdline r,
+/proc/@{PID}/comm r,
+/proc/@{PID}/stat r,
+/proc/@{PID}/statm r,
+/proc/@{PID}/status r,
+/proc/@{PID}/task/@{PID}/stat r,
 /proc/@{PID}/maps r,
 /proc/@{PID}/mounts r,
 /proc/@{PID}/mountinfo r,
-- 
cgit v1.2.3-54-g00ecf