X
Tap here to go to the mobile version of the site.

منتدى الدعم

Does Firefox on Linux needs capability CAP_SYS_ADMIN to work properly?

Posted

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

Modified by anon432

Additional System Details

Application

  • User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

More Information

cor-el
  • Top 10 Contributor
  • Moderator
17567 solutions 158896 answers

A search on the DXR website and on Bugzilla could indicate that this is sandbox related.

A search on the DXR website and on Bugzilla could indicate that this is sandbox related. *https://dxr.mozilla.org/mozilla-release/search?q=regexp:CAP_SYS_ADMIN