From ae853bb559cb657c9664a73e1dfed5a89942d80b Mon Sep 17 00:00:00 2001
From: Vincent43 <31109921+Vincent43@users.noreply.github.com>
Date: Thu, 8 Feb 2018 22:07:12 +0000
Subject: Apparmor: Be more restrictive for chromium needs

---
 etc/firejail-default | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'etc/firejail-default')

diff --git a/etc/firejail-default b/etc/firejail-default
index 5ebdccc00..859f8683a 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -104,16 +104,16 @@ owner /run/firejail/mnt/oroot/{run,dev}/shm/** rmwk,
 /proc/@{PID}/mem r,
 /proc/@{PID}/mounts r,
 /proc/@{PID}/mountinfo r,
-owner /proc/@{PID}/oom_adj w,
+deny /proc/@{PID}/oom_adj w,
 /proc/@{PID}/oom_score_adj r,
-owner /proc/@{PID}/oom_score_adj w,
+deny /proc/@{PID}/oom_score_adj w,
 /proc/@{PID}/auxv r,
 /proc/@{PID}/net/dev r,
 /proc/@{PID}/loginuid r,
 /proc/@{PID}/environ r,
 
-# Needed for chromium
-ptrace (trace tracedby),
+# Needed by chromium crash handler. Uncomment if you need it.
+#ptrace (trace tracedby),
 
 ##########
 # Allow running programs only from well-known system directories. If you need
-- 
cgit v1.2.3-54-g00ecf