diff options
author | netblue30 <netblue30@yahoo.com> | 2017-08-02 08:42:25 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-08-02 08:42:25 -0400 |
commit | 75a75e87f75d5f2a2c1bf315b29b6a7a4b303de6 (patch) | |
tree | f955efbfb5dda44f7191f2bd8f60aa791718f096 /src/fseccomp/seccomp.c | |
parent | x11/xpra support (diff) | |
download | firejail-75a75e87f75d5f2a2c1bf315b29b6a7a4b303de6.tar.gz firejail-75a75e87f75d5f2a2c1bf315b29b6a7a4b303de6.tar.zst firejail-75a75e87f75d5f2a2c1bf315b29b6a7a4b303de6.zip |
get_mempolicy syscall was temporarily removed from the default seccomp list. It seems to break
playing youtube videos on Firefox Nightly - #1414
Diffstat (limited to 'src/fseccomp/seccomp.c')
-rw-r--r-- | src/fseccomp/seccomp.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 7d2ccbbce..a30a9e00b 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c | |||
@@ -162,9 +162,13 @@ static void add_default_list(int fd, int allow_debuggers) { | |||
162 | #ifdef SYS_mbind | 162 | #ifdef SYS_mbind |
163 | filter_add_blacklist(fd, SYS_mbind, 0); | 163 | filter_add_blacklist(fd, SYS_mbind, 0); |
164 | #endif | 164 | #endif |
165 | #ifdef SYS_get_mempolicy | 165 | |
166 | filter_add_blacklist(fd, SYS_get_mempolicy, 0); | 166 | // breaking Firefox nightly when playing youtube videos |
167 | #endif | 167 | // TODO: test again when firefox sandbox is finally released |
168 | //#ifdef SYS_get_mempolicy | ||
169 | // filter_add_blacklist(fd, SYS_get_mempolicy, 0); | ||
170 | //#endif | ||
171 | |||
168 | #ifdef SYS_set_mempolicy | 172 | #ifdef SYS_set_mempolicy |
169 | filter_add_blacklist(fd, SYS_set_mempolicy, 0); | 173 | filter_add_blacklist(fd, SYS_set_mempolicy, 0); |
170 | #endif | 174 | #endif |