Windows 10 will reach EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

apparmor profile for firefox with or without CAP_SYS_ADMIN, CAP_SYS_CHROOT and CAP_SYS_PTRACE

  • No replies
  • 1 has this problem
  • 1 view
user267622386440718073490376975783976388022
user267622386440718073490376975783976388022
more options

Hi,

I've created a apparmor profile for firefox but I don't know whether to deny or allow the capabilities CAP_SYS_ADMIN, CAP_SYS_CHROOT and CAP_SYS_PTRACE. I've tried both ways, denying and allowing them, and firefox seems to work properly without allowing these capabilities. So here's the question: Which features of firefox actually need these capabilities? All of them are pretty powerful in the hands of a malicious program.

Hi, I've created a apparmor profile for firefox but I don't know whether to deny or allow the capabilities CAP_SYS_ADMIN, CAP_SYS_CHROOT and CAP_SYS_PTRACE. I've tried both ways, denying and allowing them, and firefox seems to work properly without allowing these capabilities. So here's the question: Which features of firefox actually need these capabilities? All of them are pretty powerful in the hands of a malicious program.

Modified by user267622386440718073490376975783976388022