From cbcf7fafe3b2b116f887907c1d7882904564f026 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Wed, 8 Jan 2020 01:06:08 +0100 Subject: allow chroot syscall where apps depend on QtWebengine derived from QtWebengine reverse dependencies --- etc/anki.profile | 3 ++- etc/digikam.profile | 3 ++- etc/musescore.profile | 3 ++- etc/psi-plus.profile | 4 ++-- etc/quassel.profile | 3 ++- 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/etc/anki.profile b/etc/anki.profile index c349376ff..a0a79ef48 100644 --- a/etc/anki.profile +++ b/etc/anki.profile @@ -42,7 +42,8 @@ notv nou2f novideo protocol unix,inet,inet6 -seccomp +# QtWebengine needs chroot to set up its own sandbox +seccomp !chroot shell none tracelog diff --git a/etc/digikam.profile b/etc/digikam.profile index 1b80981f7..e66434444 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -32,7 +32,8 @@ nonewprivs noroot notv protocol unix,inet,inet6,netlink -seccomp +# QtWebengine needs chroot to set up its own sandbox +seccomp !chroot shell none # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device diff --git a/etc/musescore.profile b/etc/musescore.profile index 9750a31f4..b3693c956 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile @@ -33,7 +33,8 @@ noroot notv novideo protocol unix,inet,inet6 -seccomp +# QtWebengine needs chroot to set up its own sandbox +seccomp !chroot shell none tracelog diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 087f90966..16fffe517 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -36,10 +36,10 @@ notv nou2f novideo protocol unix,inet,inet6 -seccomp +# QtWebengine needs chroot to set up its own sandbox +seccomp !chroot shell none disable-mnt private-dev private-tmp - diff --git a/etc/quassel.profile b/etc/quassel.profile index a78d1edcd..c65089e20 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -19,7 +19,8 @@ nonewprivs noroot notv protocol unix,inet,inet6 -seccomp +# QtWebengine needs chroot to set up its own sandbox +seccomp !chroot private-cache private-tmp -- cgit v1.2.3-54-g00ecf