On Monday, February 10, 2020 at 11:14:26 AM UTC-7, gcpas...@gmail.com wrote:
> IIRC CAP_SYS_ADMIN is needed to install seccomp-bpf filters.
We don't need capabilities for seccomp-bpf.
We do need capabilities for anything namespace-related: chroot()ing to a
deleted directory to revoke filesystem
On Monday, 10 February 2020 15:22:38 UTC+1, dinar qurbanov wrote:
> i have enabled firefox apparmor profile in linux mint, and one of log
> messages about denied requests is sys_admin capability. firefox works
> normally at its surface behavior, for me. how much bad things may
> happen because it
i have enabled firefox apparmor profile in linux mint, and one of log
messages about denied requests is sys_admin capability. firefox works
normally at its surface behavior, for me. how much bad things may
happen because it has not this capability?
i have found some information:
3 matches
Mail list logo
