Fix Brave's native sandbox (#3087)

* Allow user access to /proc/config.gz

* Fix Brave's native sandbox

* Move /proc/config.gz to disable-common.inc

* Move /proc/config.gz to disable-common.inc

etc/brave.profile

@@ -25,5 +25,8 @@ whitelist ${HOME}/.config/brave
 whitelist ${HOME}/.config/brave-flags.conf
 whitelist ${HOME}/.gnupg
 
+# Brave sandbox needs read access to /proc/config.gz
+noblacklist /proc/config.gz
+
 # Redirect
 include chromium-common.profile

etc/disable-common.inc

@@ -452,3 +452,6 @@ blacklist ${HOME}/Mail
 blacklist ${HOME}/mail
 blacklist ${HOME}/postponed
 blacklist ${HOME}/sent
+
+# kernel configuration
+blacklist /proc/config.gz

src/firejail/fs.c

@@ -642,7 +642,8 @@ void fs_proc_sys_dev_boot(void) {
 	// various /proc files
 	disable_file(BLACKLIST_FILE, "/proc/irq");
 	disable_file(BLACKLIST_FILE, "/proc/bus");
-	disable_file(BLACKLIST_FILE, "/proc/config.gz");
+	// move /proc/config.gz to disable-common.inc
+	//disable_file(BLACKLIST_FILE, "/proc/config.gz");
 	disable_file(BLACKLIST_FILE, "/proc/sched_debug");
 	disable_file(BLACKLIST_FILE, "/proc/timer_list");
 	disable_file(BLACKLIST_FILE, "/proc/timer_stats");