See etc/templates/profile.template.
Added on commit f3d126bf1 ("disable curl and wget in browsers based on
firefox and chromium", 2021-12-18).
Relates to #4852.
Disable common general-purpose text editors.
They are likely to be the default OS text editor and users may want to
use them for editing most/all files, which could include common
sensitive files such as ~/.bashrc and profiles in ~/.config/firejail.
Fixes#6002.
Relates to #924#941#1154.
Reported-by: @ilikenwf
Based on the report by @Saren-Arterius[1]:
Since GNOME gvfs 1.53+, the ssh client options `ControlMaster=auto` and
`ControlPath=/run/user/$UID/gvfsd-sftp/%C` are used to mount sftp.
Since `/run/user/$UID/gvfsd-sftp` is not whitelisted, gvfs sftp mount
with nautilus will fail with a meaningless error message shown in the
UI.
Steps to reproduce[1]:
Prepare ssh server or localhost, then run:
ssh -o"ForwardX11 no" -o"ForwardAgent no" \
-o"PermitLocalCommand no" -o"ClearAllForwardings yes" \
-o"NoHostAuthenticationForLocalhost yes" \
-o"ControlMaster auto" \
-o"ControlPath=/run/user/${UID}/gvfsd-sftp/test" \
-s {SSH_HOST} sftp
stderr shows:
unix_listener: cannot bind to path /run/user/$UID/gvfsd-sftp/test.{RANDOM_STRING}: No such file or directory
And ssh exits with error code 255.
Fixes#5816.
[1] https://github.com/netblue30/firejail/issues/5816#issue-1695295931
Reported-by: @Saren-Arterius
Suggested-by: @Saren-Arterius
Reported-by: @Alex-Farol
Reported-by: @mirko
Reword and add commit references.
Related commits:
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
* db09546f2 ("remove LTS and FIRETUNNEL support", 2023-12-23)
It appears that LibreWolf 129 uses `io.gitlab.firefox.*` as the dbus
name.
Commands used to check the dbus name:
$ busctl --user --no-legend | grep -v '^:' | grep librewolf |
sed -E 's/(^[^ ]+\.)[^. ]+ .*/\1/'
io.gitlab.firefox.
Commands used to test dbus communication:
# Open a new browser instance:
$ firejail --name=lwtest --ignore=name --ignore='dbus-user none' \
--dbus-user=filter --dbus-user.own='io.gitlab.firefox.*' \
--private --net=none --ignore=net /usr/bin/librewolf
# In another shell, try to open a new tab:
$ firejail --join=lwtest /usr/bin/librewolf --new-tab about:blank
# Check that the new tab was opened
Related commits:
* c3f299620 ("Let programs outside librewolf sandbox open new tabs in
librewolf (#4546)", 2021-09-19)
* a8ad9cad1 ("Update librewolf.profile: use new message bus",
2022-02-03) / PR #4897
* 4211ee323 ("merges", 2022-02-04)
Fixes#6413.
Misc: This was noticed on #6444.
Reported-by: @Lonniebiz
These paths are apparently used for attachments.
Disable private-tmp to make it easier to open attachments with external
programs.
Relates to #5101.
Reported-by: @githlp
Suggested-by: @rusty-snake
It's used by libdvdcss (which is used to play copy-restricted dvds).
It seems to be just a cache directory, so just allow without mkdir.
Relates to #5391.
Suggested-by: @reinerh
Changes:
* Sync bug_report.md with build_issue.md (reword items and add Linux
kernel item)
* Add a colon to the end of every item (to clarify where to add the
information)
* Add the Environment section to feature_request.md
The last item is intended as a basic sanity check, as users using an
outdated version of firejail may request something that was already
implemented (for example, see #6461).
Relates to #4515#6423.
Reset the bold right after each command/argument.
Command used to check for issues:
git grep -E ' \\fR' -- src/man/*.in
Related commits:
* e91b9ff0f ("Deprecate --nodbus option", 2020-04-07) /
PR #3265
* 5a612029b ("rename noautopulse to keep-config-pulse", 2021-05-13) /
PR #4278
* d79547ca9 ("docs: warn about limitations of landlock", 2024-03-31) /
PR #6302
This is a follow-up to #6451.
Relates to #6078.
Sort commands in firejail.1.in and sync the result with
firejail-profile.5.in.
* Commands: `--dbus-system.*`, `--dbus-user.*`, `--icmptrace`,
`--ip=none`, `memory-deny-write-execute`, `--noinput`
Relates to #3190#3406#4209.
Move the "FILES" section to right before the "LICENSE" section in
firecfg.1.in, to match what is done in the other man pages.
This amends commit ef6cfb8a2 ("firecfg: add ignore command and docs",
2023-06-29) / PR #5876.
Relates to #6451.
Changes:
- Allow shell access (bitwarden-desktop may be a shell script)
- Enable whitelist-usr-share-common.inc
- Introduce a new redirect for bitwarden-desktop
- Add the new redirect to firecfg
Relates to #6442.
By default, Zoom records meetings to ~/Documents/Zoom. Add that folder
to the whitelist so that future users don't lose their meeting
recordings upon shutting Zoom down.
Fixes#4006.
It was enabled in firefox-common.inc on commit 34d004892 ("private-etc:
corss-distro test for curl, gimp, inkscape, firefox, warzone2100",
2023-01-28), but not in the profiles that include it.
Enable it in the including profiles as well.
Note: This was already done for firefox.profile on commit 76249284f
("firefox: fix private-etc firefox", 2023-06-02) / PR #5844.
Relates to #6400.
If a custom GPG homedir is used, a hash of its path is used in the path
of the gpg agent socket[1].
For example, when running:
gpgconf --list-dirs agent-ssh-socket
With a custom homedir it returns:
/run/user/1000/gnupg/<hashed homedir>/S.gpg-agent.ssh
Environment: gnupg 2.4.5-4 on Arch Linux.
[1] 91532dc3f4/common/homedir.c (L1342)
Much like the i3 IPC socket (#6361), the sway IPC socket also allows
arbitrary code execution via the `exec` subcommand. Access should only
be permitted to sway itself by default.
The location of the IPC socket is set in sway/ipc-server.c:
7e74a49142/sway/ipc-server.c (L126)
There are a lot of common options in the `d-feet` and `d-spy` profiles.
Create a new common include file and refactor the existing profiles as
redirects.
Relates to #2492#6328.
There are various reports in #5127 that the current profile is broken on
wayland (and at least one report that it is broken on xorg as well).
Relates to #6268.
The coredump-related code fails to build on Linux kernel version 3.8 as
apparently it only exists on Linux since version 3.10:
docker run --platform linux/386 --rm -it satmandu/crewbuild:386
[...]
./configure && make
[...]
gcc -ggdb -O2 -DVERSION='"0.9.73"' [...] -march=i686 -c ../../src/firemon/procevent.c -o ../../src/firemon/procevent.o
../../src/firemon/procevent.c: In function ‘procevent_monitor’:
../../src/firemon/procevent.c:399:38: error: ‘PROC_EVENT_COREDUMP’ undeclared (first use in this function); did you mean ‘PROC_EVENT_COMM’?
399 | case PROC_EVENT_COREDUMP:
| ^~~~~~~~~~~~~~~~~~~
| PROC_EVENT_COMM
../../src/firemon/procevent.c:399:38: note: each undeclared identifier is reported only once for each function it appears in
../../src/firemon/procevent.c:400:66: error: ‘union <anonymous>’ has no member named ‘coredump’
400 | pid = proc_ev->event_data.coredump.process_tgid;
| ^
make[1]: *** [../../src/prog.mk:25: ../../src/firemon/procevent.o] Error 1
make[1]: Leaving directory '/home/chronos/user/firejail/src/firemon'
make: *** [Makefile:72: src/firemon/firemon] Error 2
Environment: gcc 14.1.0, glibc 2.23 and linuxheaders 3.8 on ChromeOS
M58.
Misc: @Zopolis4 also reports that "All i686 chromebooks have a kernel
version of 3.8".
This amends commit e11949a71 ("add support for comm, coredump, and prctl
procevents in firemon", 2024-04-30).
Fixes#6414.
Reported-by: @Zopolis4
Changes:
* Use the exact same source date string for all `date` invocations
* Use `-d` instead of `--date=`
* Fallback to `-r` and then to no argument
Some `date` implementations only support BSD `-r` instead of GNU `-d` /
`--date=` and others may not support any of them since neither option is
in POSIX.
For example, if zoneinfo is installed by chromebrew on ChromeOS, it
provides a date program that only supports `-r` and overrides the system
one (which supports `-d`) [1]:
./mkman.sh 0.9.72 src/man/firejail.man firejail.1
date: invalid option -- '-'
date: usage: date [-u] [-c] [-r seconds] [+format]
make: *** [Makefile:42: firejail.1] Error 1
Environment: zoneinfo 2024a on ChromeOS M125.
Note: The changes are based on what is suggested by
reproducible-builds.org [2].
Relates to #193.
Fixes#6403.
[1] https://github.com/netblue30/firejail/issues/6403#issue-2402292506
[2] https://reproducible-builds.org/docs/source-date-epoch/
Reported-by: @Zopolis4
