diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-06-12 17:56:53 -0500 |
|---|---|---|
| committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-06-12 17:56:53 -0500 |
| commit | cb6799523085ddc7caf57b235514e6865a4caeaa (patch) | |
| tree | a7c226f0f217f7bddea2a2ffe42f9211a3495dd4 /etc | |
| parent | enable apparmor support by default in update_deb.sh (#3450) (diff) | |
| download | firejail-cb6799523085ddc7caf57b235514e6865a4caeaa.tar.gz firejail-cb6799523085ddc7caf57b235514e6865a4caeaa.tar.zst firejail-cb6799523085ddc7caf57b235514e6865a4caeaa.zip | |
Fix #3464
Atom 1.48 requires a looser sandbox and no longer works with
noroot, nonewprivs, protocol, and seccomp
caps filter needed adjusting to keep sys_admin and sys_chroot
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/profile-a-l/atom.profile | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index fceef9579..cf0a5a42b 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
| @@ -17,19 +17,15 @@ include disable-exec.inc | |||
| 17 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
| 18 | include disable-programs.inc | 18 | include disable-programs.inc |
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.keep sys_admin,sys_chroot |
| 21 | # net none | 21 | # net none |
| 22 | netfilter | 22 | netfilter |
| 23 | nodvd | 23 | nodvd |
| 24 | nogroups | 24 | nogroups |
| 25 | nonewprivs | ||
| 26 | noroot | ||
| 27 | nosound | 25 | nosound |
| 28 | notv | 26 | notv |
| 29 | nou2f | 27 | nou2f |
| 30 | novideo | 28 | novideo |
| 31 | protocol unix,inet,inet6,netlink | ||
| 32 | seccomp | ||
| 33 | shell none | 29 | shell none |
| 34 | 30 | ||
| 35 | private-cache | 31 | private-cache |