github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6
firejail/etc/apparmor/usr.lib.firejail.fnettrace
Kelvin M. Klann 167a0ea74a Fix misc whitespace 
Command used to check for whitespace errors:

    $ git diff --check 0.9.78..
2026-02-23 13:20:38 -03:00

37 lines
864 B
Text
Raw Permalink Blame History

#include <tunables/global>
/usr/lib/firejail/fnettrace {
signal (send) peer=@{profile_name}//&unconfined,
signal (send) peer=@{profile_name},
signal (receive),
/{dev,etc,tmp,proc,sys,usr}/{,**} rklm,
/tmp/** rwl,
/usr/bin/** ix,
/usr/lib/firejail/** ix,
deny /tmp/.X11-unix/* mrwkl,
deny /tmp/.XIM-unix/* mrwkl,
deny /tmp/.ICE-unix/* mrwkl,
deny /tmp/.font-unix/* mrwkl,
deny /tmp/.tX[0-9]*-lock mrwkl,
deny /tmp/.X[0-9]*-lock mrwkl,
deny /tmp/systemd* mrwkl,
deny /tmp/ssh* mrwkl,
deny /etc/ssh/{,**} mrwkl,
deny /etc/ssl/{,**} mrwkl,
deny /etc/ca-certificates/{,**} mrwkl,
deny /{etc,usr/share}/pki/{,**} mrwkl,
deny /etc/certbot/{,**} mrwkl,
deny /etc/X11/{,**} mrwkl,
deny /usr/share/{,**} mrwkl,
deny /usr/local/{,**} mrwkl,
capability net_raw,
capability net_admin,
network packet,
network raw,
}
Reference in a new issue View git blame Copy permalink