[Bug 1861408] Re: firefox apparmor messages
John Johansen
john.johansen at canonical.com
Sat Feb 15 00:34:23 UTC 2020
Firefox uses cap sys_admin to set up its sandbox, which is extremely
unfortunate but required on linux to be able to set up the
user_namespace, do the chroot etc. Current the LSM and user namespaces
don't interact as well as they should.
AppArmor can NOT properly determine the policy namespace that it should
be in with the user_namespace after firefox enters its sandbox. This
result in the cap_sys admin messages
This is a known problem and we are working on it. At the moment we
recommend granting the capability in the profile and letting firefox
setup its sandbox. Unfortunately this means you can't guarantee the rest
of the program isn't doing things it shouldn't.
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list