From 9109f60151e3775a365204f75b4eb69f9de2ee4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=B7=D0=B0=D0=BB=D0=B8=D1=8F=20=D0=A1=D0=BC=D0=B0?=
 =?UTF-8?q?=D1=80=D0=B0=D0=B3=D0=B4=D0=BE=D0=B2=D0=B0?=
 <64576901+ChrysoliteAzalea@users.noreply.github.com>
Date: Thu, 18 Aug 2022 01:12:37 +0000
Subject: [PATCH] Fixed an AppArmor profile denial issue with ptrace and
 signals (#5317)

---
 etc/apparmor/firejail-default | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index b4e7f642af4..3cc771ed716 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -33,6 +33,7 @@ owner /{,var/}run/firejail/dbus/[0-9]*/[0-9]*-user w,
 #ptrace,
 # Allow obtaining some process information, but not ptrace(2)
 ptrace (read,readby) peer=@{profile_name},
+ptrace (read,readby) peer=@{profile_name}//&unconfined,
 
 ##########
 # Allow read access to whole filesystem and control it from firejail.
@@ -123,6 +124,7 @@ network packet,
 ##########
 # There is no equivalent in Firejail for filtering signals.
 ##########
+signal (send) peer=@{profile_name}//&unconfined,
 signal (send) peer=@{profile_name},
 signal (receive),