On 5/19/18 4:27 AM, John Johansen wrote:
On 05/18/2018 08:56 AM, Vincas Dargis wrote:
On 5/18/18 6:25 PM, Malte Gell wrote:
Hi there,
I just upgraded from Firefox 52 to version 60.
I start Firefox always with the profile manager.
Now, FF 60 asks for sys_admin capability.
Unless I know why, I´m reluctant to grant them....
Does anyone have a clue why FF 60 needs sys_admin capabilities?
Addons are locally stored in user folders, thus, updating addons can´t
be the reason....
Thanx!
It's something about sandboxing it's content processors:
https://www.morbo.org/2018/05/linux-sandboxing-improvements-in_10.html
To be a little more specific it is the way that is using “unprivileged user
namespaces”
and is extremely unfortunate. There is no fix for this in apparmor atm, besides
granting the capabilities.
I am hoping we can land the first of the fixes to start addressing this in 4.19
but it will require additions to policy.
Interesting, what it would look like after it's fixed?
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
