mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
AppArmor: allow dbus access by default
As discussed in https://github.com/netblue30/firejail/issues/1917#issuecomment-386002234 leave blacklisting dbus access to firejail userspace with 'nodbus' option. Fine grained blacklisting of particular dbus services can be added here in the future.
This commit is contained in:
Vincent43
GitHub
parent
1926a26b6f
commit
aa37fe19fe
1 changed files with 5 additions and 5 deletions
|
|
@ -13,12 +13,12 @@
|
|||
profile firejail-default flags=(attach_disconnected,mediate_deleted) {
|
||||
|
||||
##########
|
||||
# D-Bus is a huge security hole. Uncomment those lines if you need D-Bus
|
||||
# functionality.
|
||||
# Allow D-Bus access. It may negatively affect security. Comment those lines or
|
||||
# use 'nodbus' option in profile if you don't need D-Bus functionality.
|
||||
##########
|
||||
##include <abstractions/dbus-strict>
|
||||
##include <abstractions/dbus-session-strict>
|
||||
#dbus,
|
||||
#include <abstractions/dbus-strict>
|
||||
#include <abstractions/dbus-session-strict>
|
||||
dbus,
|
||||
|
||||
##########
|
||||
# With ptrace it is possible to inspect and hijack running programs. Usually this
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue