Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Does Firefox on Linux needs capability CAP_SYS_ADMIN to work properly?

  • 1 freagra
  • 1 leis an bhfadhb seo
  • 36 views
  • Freagra is déanaí ó cor-el

anon432
anon432
more options

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

Athraithe ag anon432 ar

All Replies (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

A search on the DXR website and on Bugzilla could indicate that this is sandbox related.