@Daniel, it looks like there was some changes to the sandboxing of Firefox. I needed to add the following rules to make FF 60 work again:
# new with FF 60
capability sys_admin,
capability sys_chroot,
capability sys_ptrace,
owner @{PROC}/@{pid}/{u,g}id_map w,
owner @{PROC}/@{pid}/setgroups w,
Similar to yours except that "owner" works for the files under /proc. Before adding all those rules, I got many crashes in libxul.so and libmozsandbox.so.
@Daniel, it looks like there was some changes to the sandboxing of Firefox. I needed to add the following rules to make FF 60 work again:
# new with FF 60 /@{pid} /{u,g}id_ map w, /@{pid} /setgroups w,
capability sys_admin,
capability sys_chroot,
capability sys_ptrace,
owner @{PROC}
owner @{PROC}
Similar to yours except that "owner" works for the files under /proc. Before adding all those rules, I got many crashes in libxul.so and libmozsandbox.so.