1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
#########################################
# Firejail base abstraction drop-in
#########################################
# Adds basic Firejail support to AppArmor profiles.
# Please note: Firejail's nonewprivs and seccomp options
# are not compatible with AppArmor profile transitions.
# Discovery of process names
owner /{,run/firejail/mnt/oroot/}proc/@{pid}/comm r,
##########
# Following paths only exist inside a Firejail sandbox
##########
# Library preloading
/{,run/firejail/mnt/oroot/}{,var/}run/firejail/lib/*.so mr,
# Supporting seccomp
owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/seccomp/seccomp.postexec r,
# Supporting trace
owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/trace w,
# Supporting tracelog
/{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/fslogger r,
|