rusty-snake
rusty-snake
Enable WebRTC. https://github.com/pyllyukko/user.js/blob/2929c685d443e48f02c228af92aa43b1b0f33c72/user.js#L75 There are more WebRTC prefs below if it still breaks.
> bwrap \ > --dev /dev \ > --proc /proc \ > --bind / / \ If you place a mount over `/` behind a mount over `/foo` (`--dev /dev...
```console $ strace -f -e bind bwrap --dev /dev --ro-bind / / --unshare-net --cap-add cap_net_bind_service nc -l -p 80 strace: Process 305301 attached [pid 305301] bind(4, {sa_family=AF_NETLINK, nl_pid=305301, nl_groups=00000000}, 12)...
```console $ # nmap netcat: $ strace -f -e bind bwrap --ro-bind /etc /etc --ro-bind /usr /usr --symlink usr/bin /bin --symlink usr/lib /lib --symlink usr/lib64 /lib64 --dev /dev --unshare-net --cap-add...
Yes, at least the first `bind` call seems to come from bwrap it self (or ld.so or libc or or at least it happens with every program).
You: > that app works with CAP_MKNOD Manpage: > By default no caps are left in the sandboxed process. Did you tried with `--cap-add ALL`?
LOL ``` $ bwrap --dev-bind / / cat /proc/self/status | grep Cap CapInh: 0000000000000000 CapPrm: 0000000000000000 CapEff: 0000000000000000 CapBnd: 0000000000000000 CapAmb: 0000000000000000 $ unshare -r bwrap --dev-bind / / cat...
@lukts30 there is at least one such vulnerability almost every month, I have an nonextensive list at https://github.com/netblue30/firejail/issues/4939#issuecomment-1072662932.
@mockdeep you should can set cutom shortcuts for extensions on about:addons as a temporary workaround.
AFAIK there is no way to do this actually with the WebExtensions-APIs. There is 1. no way to do this scope based 2. no way to set `svg.disabled` from a...