BetterFrame

mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 17:56:34 +00:00

History

Mitchell R 786febbb9b fix(kiosk): strip caps so WebKit's bwrap sandbox can start WebKitGTK launches bubblewrap for its web-content process; bwrap refuses to run when the parent process still carries unexpected CAP_* bits ("but not setuid, old file caps config?"). Setting CapabilityBoundingSet= + AmbientCapabilities= empty and NoNewPrivileges=yes gives bwrap a clean caps slate to drop from, so the sandbox initialises and web/dashboard cells render instead of crashing the kiosk.	2026-05-13 12:53:31 +02:00
..
betterframe-kiosk.service	fix(kiosk): strip caps so WebKit's bwrap sandbox can start	2026-05-13 12:53:31 +02:00

Mitchell R 786febbb9b fix(kiosk): strip caps so WebKit's bwrap sandbox can start

WebKitGTK launches bubblewrap for its web-content process; bwrap refuses
to run when the parent process still carries unexpected CAP_* bits ("but
not setuid, old file caps config?"). Setting CapabilityBoundingSet= +
AmbientCapabilities= empty and NoNewPrivileges=yes gives bwrap a clean
caps slate to drop from, so the sandbox initialises and web/dashboard
cells render instead of crashing the kiosk.

2026-05-13 12:53:31 +02:00

betterframe-kiosk.service

fix(kiosk): strip caps so WebKit's bwrap sandbox can start

2026-05-13 12:53:31 +02:00