Replies: 3 comments 1 reply
-
firejail/src/man/firejail-profile.txt Lines 493 to 495 in 2b34747
Because nobody wrote it yet. Or even the technological foundation for it. |
Beta Was this translation helpful? Give feedback.
-
I mean't, that firejail, automaticaly look for an existing profile by himself and use it, is it possible or the only way to do that it to create custom profiles for firejail (to avoid to be erased on next update)? OR maybe just rename the apparmor profile to make it used autmatically by firejail would be enough? How to rename it if it's the case? Bing is quite funny, he tell me to put for example : Enable AppArmor confinementapparmor /etc/apparmor.d/usr.bin.firefox in a firejail profile, but apparmor can't take parameter... Would be a so powerfull feature! Thanks a lot for your quick answer! And for the tool I understand, by the way I love jailcheck! A tool that apparmor don't have LOL |
Beta Was this translation helpful? Give feedback.
-
Bing is specifying the syntax Firejail uses, not AppArmor's. I agree the man page isn't very clear on the topic. The only profile I could find that uses such a parameter is fdns.profile: firejail/etc/profile-a-l/fdns.profile Line 24 in 2b34747 To me that suggests it is using the AA profile I can see under /etc/apparmor.d/usr.bin.fdns. Not the most convenient way to refer to those AA profiles, but that's what we've got. If you decide to use only AA, there's a setting in firejail.config to disable Firejail's AA functionality: Lines 9 to 10 in 2b34747 |
Beta Was this translation helpful? Give feedback.
-
Hi.
I'm struggling to make firejail use by default existing apparmor profiles for each application that have one.
I read that using apparmor and firejail may not be a good idea.
I don't want to create specifics profiles for applications, too many to do.
I don't like the idea to use apparmor profile firejail-default, I think security would be worse than using the existing profiles for each apps.
Further more, aa-logprof was broken by firejail-default...
And why is there no any tool like aa-log prof to interactivly correct a firejail profile?
Thanks a lot
Beta Was this translation helpful? Give feedback.
All reactions