On 05/18/2018 08:56 AM, Vincas Dargis wrote: > On 5/18/18 6:25 PM, Malte Gell wrote: >> Hi there, >> >> I just upgraded from Firefox 52 to version 60. >> I start Firefox always with the profile manager. >> Now, FF 60 asks for sys_admin capability. >> >> Unless I know why, I´m reluctant to grant them.... >> >> Does anyone have a clue why FF 60 needs sys_admin capabilities? >> >> Addons are locally stored in user folders, thus, updating addons can´t >> be the reason.... >> >> Thanx! >> > > It's something about sandboxing it's content processors: > https://www.morbo.org/2018/05/linux-sandboxing-improvements-in_10.html >
To be a little more specific it is the way that is using “unprivileged user namespaces” and is extremely unfortunate. There is no fix for this in apparmor atm, besides granting the capabilities. I am hoping we can land the first of the fixes to start addressing this in 4.19 but it will require additions to policy. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
