From 88430a3e53ab07b04e50e3425169def4057a9d6b Mon Sep 17 00:00:00 2001
From: Vincent43 <31109921+Vincent43@users.noreply.github.com>
Date: Mon, 19 Feb 2018 14:06:55 +0000
Subject: Log denied write access for easier debugging

After more testing we can disable logging gain.
---
 etc/firejail-default | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/etc/firejail-default b/etc/firejail-default
index 3768e6970..2f959d92a 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -58,17 +58,22 @@ owner /run/firejail/mnt/oroot/{run,dev}/shm/** rmwk,
 
 ##########
 # Allow /proc and /sys read-only access.
-# Blacklisting is controlled from Firejail.
+# Blacklisting is controlled from userspace Firejail.
 ##########
 /proc/ r,
 /proc/** r,
-deny /proc/** w,
+# Uncomment to silence all denied write warnings
+#deny /proc/** w,
+deny /proc/@{PID}/oom_adj w,
+deny /proc/@{PID}/oom_score_adj w,
 
 /sys/ r,
 /sys/** r,
-deny /sys/** w,
+# Uncomment to silence all denied write warnings
+#deny /sys/** w,
 
-# Needed by chromium crash handler. Uncomment if you need it.
+# Allows to attach to a running program and modify the process memory.
+# May be needed by chromium crash handler. Uncomment if you need it.
 #ptrace (trace tracedby),
 
 ##########
-- 
cgit v1.2.3-54-g00ecf