Firefox: Seccomp-BPF - User-Namespaces (false) and Seccomp Thread Synchronization (false)
>> This is probably due to the kernel in 12.04 LTS (...)
True, it must be related with 12.04 kernel version, because I'm using latest Firefox 52.0 version and there are only two options enabled. Anyway, I hope that everything will be OK when I will upgrade my system to the 16.04 version, just as You have written; "Once you upgrade to 16.04 LTS or newer you'll probably see all four of these values report True."
By the way; Firejail can be used togetherwith AppArmor? Of course I'm thinking about enabled/enforced Firefox profile.
On Tue, Mar 14, 2017 at 11:27:21AM +0100, daniel curtis wrote:
> By the way; Firejail can be used together with AppArmor? Of course I'm
> thinking about enabled/enforced Firefox profile.
We have not tested Firejail with AppArmor. I suspect the results
wouldn't be very pleasant: AppArmor currently can't differentiate between
capabilities raised inside a user namespace or in the init namespace.
(This is why working chromium-browser and chrome profiles have to grant
access to a half-dozen or more capabilities.) If the browser were to be
run as root then AppArmor would not help much in enforcing safety.
We're working on this issue but I'm not sure arbitrary combinations of
AppArmor and Firejail will ever be first-class citizens.