1 files changed, 20 insertions, 0 deletions
diff --git a/todo b/todo
index b631e6a06..d47a47fd0 100644
--- a/todo
+++ b/todo
@@ -55,3 +55,23 @@ Warning: seccomp file not found
 Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.
 $ ls ~ <----------------- all files are available, the directory is not empty!
+10. Posibly capabilities broken for --join
+$ firejail --name=test
+...
+$ firejail --debug --join=test
+Switching to pid 18591, the first child process inside the sandbox
+User namespace detected: /proc/18591/uid_map, 1000, 1000
+Set caps filter 0
+Set protocol filter: unix,inet,inet6
+Read seccomp filter, size 792 bytes
+However, in the join sandbox we have:
+$ cat /proc/self/status | grep Cap
+CapInh: 0000000000000000
+CapPrm: 0000000000000000
+CapEff: 0000000000000000
+CapBnd: 0000003fffffffff
+CapAmb: 0000000000000000
+11. net_netfilter.exp broken

diff --git a/todo b/todo index b631e6a06..d47a47fd0 100644 --- a/todo +++ b/todo
@@ -55,3 +55,23 @@ Warning: seccomp file not found
55	Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.	55	Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.
56	$ ls ~ <----------------- all files are available, the directory is not empty!	56	$ ls ~ <----------------- all files are available, the directory is not empty!
57		57
		58	10. Posibly capabilities broken for --join
		59
		60	$ firejail --name=test
		61	...
		62	$ firejail --debug --join=test
		63	Switching to pid 18591, the first child process inside the sandbox
		64	User namespace detected: /proc/18591/uid_map, 1000, 1000
		65	Set caps filter 0
		66	Set protocol filter: unix,inet,inet6
		67	Read seccomp filter, size 792 bytes
		68
		69	However, in the join sandbox we have:
		70	$ cat /proc/self/status \| grep Cap
		71	CapInh: 0000000000000000
		72	CapPrm: 0000000000000000
		73	CapEff: 0000000000000000
		74	CapBnd: 0000003fffffffff
		75	CapAmb: 0000000000000000
		76
		77	11. net_netfilter.exp broken