diff options
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -55,3 +55,23 @@ Warning: seccomp file not found | |||
55 | Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer. | 55 | Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer. |
56 | $ ls ~ <----------------- all files are available, the directory is not empty! | 56 | $ ls ~ <----------------- all files are available, the directory is not empty! |
57 | 57 | ||
58 | 10. Posibly capabilities broken for --join | ||
59 | |||
60 | $ firejail --name=test | ||
61 | ... | ||
62 | $ firejail --debug --join=test | ||
63 | Switching to pid 18591, the first child process inside the sandbox | ||
64 | User namespace detected: /proc/18591/uid_map, 1000, 1000 | ||
65 | Set caps filter 0 | ||
66 | Set protocol filter: unix,inet,inet6 | ||
67 | Read seccomp filter, size 792 bytes | ||
68 | |||
69 | However, in the join sandbox we have: | ||
70 | $ cat /proc/self/status | grep Cap | ||
71 | CapInh: 0000000000000000 | ||
72 | CapPrm: 0000000000000000 | ||
73 | CapEff: 0000000000000000 | ||
74 | CapBnd: 0000003fffffffff | ||
75 | CapAmb: 0000000000000000 | ||
76 | |||
77 | 11. net_netfilter.exp broken | ||