Fixed an AppArmor profile denial issue with ptrace and signals (#5317)

netblue30 · Aug 18, 2022 · 9109f60 · 9109f60
1 parent 5ab4aeb
commit 9109f60
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
@@ -33,6 +33,7 @@ owner /{,var/}run/firejail/dbus/[0-9]*/[0-9]*-user w,
 #ptrace,
 # Allow obtaining some process information, but not ptrace(2)
 ptrace (read,readby) peer=@{profile_name},
+ptrace (read,readby) peer=@{profile_name}//&unconfined,
 
 ##########
 # Allow read access to whole filesystem and control it from firejail.
@@ -123,6 +124,7 @@ network packet,
 ##########
 # There is no equivalent in Firejail for filtering signals.
 ##########
+signal (send) peer=@{profile_name}//&unconfined,
 signal (send) peer=@{profile_name},
 signal (receive),