From c9af839afddd941cb6cdb5f3d61f5bc01e513bda Mon Sep 17 00:00:00 2001
From: Vincent43 <31109921+Vincent43@users.noreply.github.com>
Date: Tue, 16 Jul 2019 14:17:41 +0200
Subject: apparmor: minor improvements

Use @{PID} consistently.

Remove 'deny /proc/** w,' suggestion as it will break all
whitelisted entries.
---
 etc/firejail-default | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'etc/firejail-default')

diff --git a/etc/firejail-default b/etc/firejail-default
index 7735f2f80..1d3664b70 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -64,7 +64,7 @@ owner /{,var/}run/media/** w,
 /{,var/}run/cups/cups.sock w,
 
 # Needed for firefox sandbox
-/proc/[0-9]*/{uid_map,gid_map,setgroups} w,
+/proc/@{PID}/{uid_map,gid_map,setgroups} w,
 
 # Needed for electron apps
 /proc/@{PID}/comm w,
@@ -73,9 +73,6 @@ owner /{,var/}run/media/** w,
 deny /proc/@{PID}/oom_adj w,
 deny /proc/@{PID}/oom_score_adj w,
 
-# Uncomment to silence all denied write warnings
-#deny /proc/** w,
-
 # Uncomment to silence all denied write warnings
 #deny /sys/** w,
 
-- 
cgit v1.2.3-54-g00ecf