aboutsummaryrefslogtreecommitdiff
path: root/linux/firejail
diff options
context:
space:
mode:
authorjc_gargma <jc_gargma@iserlohn-fortress.net>2019-03-22 10:38:47 -0700
committerjc_gargma <jc_gargma@iserlohn-fortress.net>2019-03-22 10:38:47 -0700
commitb9c2642a3c6ee0168096fe29f9843e2c16438f49 (patch)
tree048bb78a6265caf6109ed939c364df1ac3076389 /linux/firejail
parentFix PKGBUILD (diff)
downloadsmolbote-b9c2642a3c6ee0168096fe29f9843e2c16438f49.tar.xz
Added firejail profile workarounds for amd cpu and/or ati graphics
Diffstat (limited to 'linux/firejail')
-rw-r--r--linux/firejail/poi.profile5
1 files changed, 4 insertions, 1 deletions
diff --git a/linux/firejail/poi.profile b/linux/firejail/poi.profile
index 5b8073d..a7d3005 100644
--- a/linux/firejail/poi.profile
+++ b/linux/firejail/poi.profile
@@ -70,15 +70,18 @@ protocol unix,inet,inet6,netlink
#seccomp
## Use seccomp.drop for now as seccomp is broken with many programs.
seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@privileged,@raw-io,@reboot,@resources,@swap,ptrace
+# QtWebEngine require chroot syscall on AMD CPUS and/or ATI Graphics for some bizarre reason
+# Use the following seccomp.drop instead on such systems.
+#seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@raw-io,@reboot,@resources,@swap,ptrace,mount,umount2,pivot_root
## shell - Run the program directly, without a user shell.
# breaks secondary instances when using join-or-start after shell=none
#shell none
## tracelog - Log all viloations to syslog.
+# tracelog segfaults QtWebEngine on AMD CPUS and/or ATI Graphics for some bizarre reason
tracelog
-
## disable-mnt - Deny access to /mnt, /media, /run/mount, and /run/media
disable-mnt