diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-03-22 10:38:47 -0700 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-03-22 10:38:47 -0700 |
commit | b9c2642a3c6ee0168096fe29f9843e2c16438f49 (patch) | |
tree | 048bb78a6265caf6109ed939c364df1ac3076389 /linux/firejail | |
parent | Fix PKGBUILD (diff) | |
download | smolbote-b9c2642a3c6ee0168096fe29f9843e2c16438f49.tar.xz |
Added firejail profile workarounds for amd cpu and/or ati graphics
Diffstat (limited to 'linux/firejail')
-rw-r--r-- | linux/firejail/poi.profile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/linux/firejail/poi.profile b/linux/firejail/poi.profile index 5b8073d..a7d3005 100644 --- a/linux/firejail/poi.profile +++ b/linux/firejail/poi.profile @@ -70,15 +70,18 @@ protocol unix,inet,inet6,netlink #seccomp ## Use seccomp.drop for now as seccomp is broken with many programs. seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@privileged,@raw-io,@reboot,@resources,@swap,ptrace +# QtWebEngine require chroot syscall on AMD CPUS and/or ATI Graphics for some bizarre reason +# Use the following seccomp.drop instead on such systems. +#seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@raw-io,@reboot,@resources,@swap,ptrace,mount,umount2,pivot_root ## shell - Run the program directly, without a user shell. # breaks secondary instances when using join-or-start after shell=none #shell none ## tracelog - Log all viloations to syslog. +# tracelog segfaults QtWebEngine on AMD CPUS and/or ATI Graphics for some bizarre reason tracelog - ## disable-mnt - Deny access to /mnt, /media, /run/mount, and /run/media disable-mnt |