diff options
author | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-06-12 17:56:53 -0500 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-06-12 17:56:53 -0500 |
commit | cb6799523085ddc7caf57b235514e6865a4caeaa (patch) | |
tree | a7c226f0f217f7bddea2a2ffe42f9211a3495dd4 /etc | |
parent | enable apparmor support by default in update_deb.sh (#3450) (diff) | |
download | firejail-cb6799523085ddc7caf57b235514e6865a4caeaa.tar.gz firejail-cb6799523085ddc7caf57b235514e6865a4caeaa.tar.zst firejail-cb6799523085ddc7caf57b235514e6865a4caeaa.zip |
Fix #3464
Atom 1.48 requires a looser sandbox and no longer works with
noroot, nonewprivs, protocol, and seccomp
caps filter needed adjusting to keep sys_admin and sys_chroot
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-a-l/atom.profile | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index fceef9579..cf0a5a42b 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
@@ -17,19 +17,15 @@ include disable-exec.inc | |||
17 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.keep sys_admin,sys_chroot |
21 | # net none | 21 | # net none |
22 | netfilter | 22 | netfilter |
23 | nodvd | 23 | nodvd |
24 | nogroups | 24 | nogroups |
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | 25 | nosound |
28 | notv | 26 | notv |
29 | nou2f | 27 | nou2f |
30 | novideo | 28 | novideo |
31 | protocol unix,inet,inet6,netlink | ||
32 | seccomp | ||
33 | shell none | 29 | shell none |
34 | 30 | ||
35 | private-cache | 31 | private-cache |