From d02e194a0c0543e8ad203173a908b4d679c56a80 Mon Sep 17 00:00:00 2001
From: Bruce Leidl <bruce@subgraph.com>
Date: Sat, 5 Jan 2019 22:34:33 -0500
Subject: [PATCH] turn off chroot_deny_fchdir because chromium needs this
 disabled

---
 .../citadel-config/files/sysctl/99-grsec-debootstrap.conf     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf b/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
index a4ef1d0..815a0fb 100644
--- a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
+++ b/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf
@@ -7,4 +7,8 @@ kernel.grsecurity.chroot_deny_chmod = 0
 kernel.grsecurity.chroot_deny_mknod = 0
 kernel.grsecurity.chroot_deny_mount = 0
 kernel.grsecurity.chroot_deny_pivot = 0
+
+# Chrome/Chromium sandbox won't work without this
+kernel.grsecurity.chroot_deny_fchdir = 0
+
 kernel.pax.softmode = 1