Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

apparmor profile for firefox with or without CAP_SYS_ADMIN, CAP_SYS_CHROOT and CAP_SYS_PTRACE

  • No replies
  • 1 has this problem
  • 1 view
user267622386440718073490376975783976388022
user267622386440718073490376975783976388022
more options

Hi,

I've created a apparmor profile for firefox but I don't know whether to deny or allow the capabilities CAP_SYS_ADMIN, CAP_SYS_CHROOT and CAP_SYS_PTRACE. I've tried both ways, denying and allowing them, and firefox seems to work properly without allowing these capabilities. So here's the question: Which features of firefox actually need these capabilities? All of them are pretty powerful in the hands of a malicious program.

Hi, I've created a apparmor profile for firefox but I don't know whether to deny or allow the capabilities CAP_SYS_ADMIN, CAP_SYS_CHROOT and CAP_SYS_PTRACE. I've tried both ways, denying and allowing them, and firefox seems to work properly without allowing these capabilities. So here's the question: Which features of firefox actually need these capabilities? All of them are pretty powerful in the hands of a malicious program.

Modified by user267622386440718073490376975783976388022