profile fixes: allow bwrap inside the sandbox

2026-05-15 22:01:33 -06:00 · 2025-12-18 07:59:07 -05:00 · 2025-12-18 07:59:07 -05:00 · 411b97fdc9
commit 411b97fdc9
parent 5e962ff78e
2 changed files with 2 additions and 2 deletions
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@ -674,7 +674,7 @@ read-only ${HOME}/.local/share/flatpak/exports
 blacklist ${HOME}/.local/share/flatpak/*
 blacklist ${HOME}/.var
 # most of the time bwrap is SUID binary
-blacklist ${PATH}/bwrap
+#blacklist ${PATH}/bwrap
 blacklist ${RUNUSER}/.dbus-proxy
 blacklist ${RUNUSER}/.flatpak
 blacklist ${RUNUSER}/.flatpak-cache
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@ -49,7 +49,7 @@ seccomp
 tracelog

 disable-mnt
-private-bin bash,dash,sh,warzone2100,warzone2100.real,which
+private-bin bash,dash,sh,warzone2100,warzone2100.real,which,mkdir
 private-dev
 private-etc @games,@x11
 private-tmp