X
Tap here to go to the mobile version of the site.

Fóram Tacaíochta

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Does Firefox on Linux needs capability CAP_SYS_ADMIN to work properly?

Postáilte

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

Athraithe ag anon432 ar

Tuilleadh mionsonraí faoin chóras

Feidhmchlár

  • User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

Tuilleadh Eolais

cor-el
  • Top 10 Contributor
  • Moderator
17539 réiteach 158588 freagra

A search on the DXR website and on Bugzilla could indicate that this is sandbox related.

A search on the DXR website and on Bugzilla could indicate that this is sandbox related. *https://dxr.mozilla.org/mozilla-release/search?q=regexp:CAP_SYS_ADMIN