X
點擊此處開啟此網站的行動版。

技術支援討論區

Does Firefox on Linux needs capability CAP_SYS_ADMIN to work properly?

已張貼

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

I'm using AppArmor on my system (Gentoo, vanilla kernel 4.9). I discovered that every time Firefox starts is trying to get very powerful CAP_SYS_ADMIN capability. Does Firefox drop this capability before process handles external data/access internet? Does denying this capability have any negative consequences? EDIT: I just found out Firefox is using this capabilities to sandbox itself. Its great but default AppArmor policies like http://ftp.pl.debian.org/debian/pool/main/a/apparmor/apparmor-profiles_2.12-4_all.deb will deny CAP_SYS_ADMIN. Does Mozilla have any communication channels with major distributions or should i file bug reports myself?

由 anon432 於 修改

cor-el
  • Top 10 Contributor
  • Moderator
17537 個解決方法 158574 個答案

A search on the DXR website and on Bugzilla could indicate that this is sandbox related.

A search on the DXR website and on Bugzilla could indicate that this is sandbox related. *https://dxr.mozilla.org/mozilla-release/search?q=regexp:CAP_SYS_ADMIN