[PR #1423] [MERGED] Add some /proc dirs to firejail apparmor profile #3953

New issue

Closed

opened 2026-05-05 10:11:02 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:11:02 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/1423
Author: @ghost
Created: 8/1/2017
Status: ✅ Merged
Merged: 8/2/2017
Merged by: @netblue30

Base: master ← Head: VladimirSchowalter20-apparmor

📝 Commits (1)

eea48fa Add some /proc dirs to firejail apparmor profile

📊 Changes

1 file changed (+4 additions, -0 deletions)

View changed files

📝 etc/firejail-default (+4 -0)

📄 Description

This adds some additional paths to /proc whitelist in firejail-default aparmor profile. Those were detected by audit system logs.

AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/27/net/dev" pid=6143 comm="kodi.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/27/net/dev" pid=6143 comm="kodi.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/12/loginuid" pid=9570 comm="zsh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/80/auxv" pid=9570 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/128/auxv" pid=9570 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/12/loginuid" pid=1583 comm="zsh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/83/environ" pid=1583 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/1423 **Author:** [@ghost](https://github.com/ghost) **Created:** 8/1/2017 **Status:** ✅ Merged **Merged:** 8/2/2017 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `VladimirSchowalter20-apparmor` --- ### 📝 Commits (1) - [`eea48fa`](https://github.com/netblue30/firejail/commit/eea48fa9d8a2be57ddccdbd5572e2fc22277cda9) Add some /proc dirs to firejail apparmor profile ### 📊 Changes **1 file changed** (+4 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `etc/firejail-default` (+4 -0) </details> ### 📄 Description This adds some additional paths to /proc whitelist in firejail-default aparmor profile. Those were detected by audit system logs. ``` AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/27/net/dev" pid=6143 comm="kodi.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/27/net/dev" pid=6143 comm="kodi.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/12/loginuid" pid=9570 comm="zsh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/80/auxv" pid=9570 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/128/auxv" pid=9570 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/12/loginuid" pid=1583 comm="zsh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/proc/83/environ" pid=1583 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:11:02 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3953

No description provided.

Rows
Columns