From af37e964da2ba0dc1cf2f25aefa399fe85d06b63 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Mon, 9 Apr 2018 17:10:49 +0200
Subject: fix akregator, more firecfg updates

---
 etc/akregator.profile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'etc/akregator.profile')

diff --git a/etc/akregator.profile b/etc/akregator.profile
index 19da62916..1b8807757 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -20,7 +20,6 @@ whitelist ${HOME}/.config/akregatorrc
 whitelist ${HOME}/.local/share/akregator
 whitelist ${HOME}/.local/share/kssl
 include /etc/firejail/whitelist-common.inc
-
 include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
@@ -33,7 +32,8 @@ noroot
 notv
 novideo
 protocol unix,inet,inet6,netlink
-seccomp
+# chroot syscalls are needed for setting up the built-in sandbox
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
 
 disable-mnt
-- 
cgit v1.2.3-54-g00ecf