adding apparmor profiles for --nettrace option

2026-05-15 14:16:14 -06:00 · 2026-02-11 09:17:22 -05:00 · 2026-02-11 09:17:22 -05:00 · c13331305c
commit c13331305c
parent 8248f1eb5d
9 changed files with 163 additions and 14 deletions
--- a/6
+++ b/6
@ -260,9 +260,13 @@ ifeq ($(BUSYBOX_WORKAROUND),yes)
 	./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc
 endif
 ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)
-	# install apparmor profile
+	# install apparmor profiles
 	$(INSTALL) -m 0755 -d $(DESTDIR)$(sysconfdir)/apparmor.d
 	$(INSTALL) -m 0644 -t $(DESTDIR)$(sysconfdir)/apparmor.d etc/apparmor/firejail-default
+	$(INSTALL) -m 0644 -t $(DESTDIR)$(sysconfdir)/apparmor.d etc/apparmor/usr.lib.firejail.fnettrace
+	$(INSTALL) -m 0644 -t $(DESTDIR)$(sysconfdir)/apparmor.d etc/apparmor/usr.lib.firejail.fnettrace-dns
+	$(INSTALL) -m 0644 -t $(DESTDIR)$(sysconfdir)/apparmor.d etc/apparmor/usr.lib.firejail.fnettrace-icmp
+	$(INSTALL) -m 0644 -t $(DESTDIR)$(sysconfdir)/apparmor.d etc/apparmor/usr.lib.firejail.fnettrace-sni
 	# install apparmor profile customization file
 	$(INSTALL) -m 0755 -d $(DESTDIR)$(sysconfdir)/apparmor.d/local
 	sh -c "if [ ! -f $(DESTDIR)$(sysconfdir)/apparmor.d/local/firejail-default ]; then \