Allow kcmp() through the Firejail sandbox

Mesa 19.3.4 on AMDGPU started using kcmp(), which is blocked by the default sandbox. Explicitly allow it here until Firejail decides on a permanent solution. Upstream bug: netblue30/firejail#3219
creideiki · Feb 15, 2020 · 2bcafe4 · 2bcafe4
1 parent 7144fb6
commit 2bcafe4
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/www-client/firefox-ephemeral/files/firefox-ephemeral b/www-client/firefox-ephemeral/files/firefox-ephemeral
@@ -17,7 +17,7 @@ then
     exit 1
 fi
 
-firejail --whitelist="$DIR"/"$PROFILE" firefox --profile "$DIR"/"$PROFILE" --no-remote --private-window "$@"
+firejail --ignore=seccomp '--seccomp=!kcmp,!chroot' --whitelist="$DIR"/"$PROFILE" firefox --profile "$DIR"/"$PROFILE" --no-remote --private-window "$@"
 
 cd "$DIR"
 rm -r "$PROFILE"

diff --git a/...ox-ephemeral/firefox-ephemeral-0.1.ebuild → ...-ephemeral/firefox-ephemeral-0.1.1.ebuild b/...ox-ephemeral/firefox-ephemeral-0.1.ebuild → ...-ephemeral/firefox-ephemeral-0.1.1.ebuild