lutris.profile: allow more syscalls #6067
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kmk3
changed the title
|
OT: Do we allow clone3 with restrict-namespaces? |
kmk3
reviewed
Oct 25, 2023
Related to that, I see that no profile currently allows From my notes, there was spam about clone3 ( So maybe seccomp already blocks it, though I can't say for sure. If not, I think it would be better to deal with this in the source code (fix it |
Need to whitelist `ptrace` and `clone3` for Ubisoft Connect to work. journalctl did list `process_vm_readv` when a game was running, but it didn't crash the game. Fixes netblue30#6035.
(Continued on #6076) |
kmk3
approved these changes
Nov 1, 2023
|
Merged, thanks! |
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Nov 25, 2023
It was disabled on commit df6ea88 ("merges, disable sort.py in profile checks temporarely, two more private-etc profiles", 2023-02-14). Currently all profiles are sorted and there are no ongoing `private-etc` changes, so it should be safe to re-enable. Note that the script is useful to catch sorting issues not only in `private-etc` but also in other commands, such as `seccomp`[1] [2]. This is a follow-up to netblue30#6070. Relates to netblue30#5610. [1] netblue30#6066 (comment) [2] netblue30#6067 (comment)
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Nov 25, 2023
It was disabled on commit df6ea88 ("merges, disable sort.py in profile checks temporarely, two more private-etc profiles", 2023-02-14). Currently all profiles are sorted and there are no ongoing `private-etc` changes, so it should be safe to re-enable. Note that the script is useful to catch sorting issues not only in `private-etc` but also in other commands, such as `seccomp`[1] [2]. This is a follow-up to netblue30#6070. Relates to netblue30#5610. [1] netblue30#6066 (comment) [2] netblue30#6067 (comment)
Merged
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Nov 26, 2023
It was disabled on commit df6ea88 ("merges, disable sort.py in profile checks temporarely, two more private-etc profiles", 2023-02-14). Currently all profiles are sorted and there are no ongoing `private-etc` changes, so it should be safe to re-enable. Note that the script is useful to catch sorting issues not only in `private-etc` but also in other commands, such as `seccomp`[1] [2]. This is a follow-up to netblue30#6070. Relates to netblue30#5610. [1] netblue30#6066 (comment) [2] netblue30#6067 (comment)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Need to whitelist
ptraceandclone3for Ubisoft Connect to work.journalctl did list
process_vm_readvwhen a game was running, but itdidn't crash the game; see
#6035 (comment)
Fixes #6035.