From afed1f5aac9692382ac02f11ffd78ba5ee7d369c Mon Sep 17 00:00:00 2001
From: Reiner Herrmann <reiner@reiner-h.de>
Date: Thu, 20 Jan 2022 13:02:39 +0000
Subject: profiles: enable deterministic shutdown for ssh (#4870)

ssh can start in master mode, which will spawn an additional long
running process, which keeps connections to a server open, so that
it can be reused by later connection attempts.

But the lingering master process will prevent the jail from shutting
down, when `firejail ssh` tries to exit.
This breaks for example ansible when using a firejailed ssh, as it
calls ssh with ControlMaster flags.

deterministic-shutdown will kill the other process when the parent
exits.
---
 etc/profile-m-z/ssh.profile | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc/profile-m-z')

diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 9295013e7..4da0db517 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -50,4 +50,5 @@ writable-run-user
 dbus-user none
 dbus-system none
 
+deterministic-shutdown
 memory-deny-write-execute
-- 
cgit v1.2.3-70-g09d2