3 files changed, 8 insertions, 1 deletions

diff --git a/etc/brave.profile b/etc/brave.profile
index 29130ea5f..35c59f5a3 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -25,5 +25,8 @@ whitelist ${HOME}/.config/brave
 whitelist ${HOME}/.config/brave-flags.conf
 whitelist ${HOME}/.gnupg
 
+# Brave sandbox needs read access to /proc/config.gz
+noblacklist /proc/config.gz
+
 # Redirect
 include chromium-common.profile
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 137e4f8bd..16f231108 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -452,3 +452,6 @@ blacklist ${HOME}/Mail
 blacklist ${HOME}/mail
 blacklist ${HOME}/postponed
 blacklist ${HOME}/sent
+
+# kernel configuration
+blacklist /proc/config.gz
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 3ba968004..316057ec5 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -642,7 +642,8 @@ void fs_proc_sys_dev_boot(void) {
         // various /proc files
         disable_file(BLACKLIST_FILE, "/proc/irq");
         disable_file(BLACKLIST_FILE, "/proc/bus");
-        disable_file(BLACKLIST_FILE, "/proc/config.gz");
+        // move /proc/config.gz to disable-common.inc
+        //disable_file(BLACKLIST_FILE, "/proc/config.gz");
         disable_file(BLACKLIST_FILE, "/proc/sched_debug");
         disable_file(BLACKLIST_FILE, "/proc/timer_list");
         disable_file(BLACKLIST_FILE, "/proc/timer_stats");