From b9c2642a3c6ee0168096fe29f9843e2c16438f49 Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Fri, 22 Mar 2019 10:38:47 -0700
Subject: Added firejail profile workarounds for amd cpu and/or ati graphics

---
 linux/firejail/poi.profile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/linux/firejail/poi.profile b/linux/firejail/poi.profile
index 5b8073d..a7d3005 100644
--- a/linux/firejail/poi.profile
+++ b/linux/firejail/poi.profile
@@ -70,15 +70,18 @@ protocol unix,inet,inet6,netlink
 #seccomp
 ## Use seccomp.drop for now as seccomp is broken with many programs.
 seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@privileged,@raw-io,@reboot,@resources,@swap,ptrace
+# QtWebEngine require chroot syscall on AMD CPUS and/or ATI Graphics for some bizarre reason
+# Use the following seccomp.drop instead on such systems.
+#seccomp.drop @clock,@cpu-emulation,@module,@obsolete,@raw-io,@reboot,@resources,@swap,ptrace,mount,umount2,pivot_root
 
 ## shell - Run the program directly, without a user shell.
 # breaks secondary instances when using join-or-start after shell=none
 #shell none
 
 ## tracelog - Log all viloations to syslog.
+# tracelog segfaults QtWebEngine on AMD CPUS and/or ATI Graphics for some bizarre reason
 tracelog
 
-
 ## disable-mnt - Deny access to /mnt, /media, /run/mount, and /run/media
 disable-mnt
 
-- 
cgit v1.2.1