github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #1610] Allow blocking gpg agent #1077

New issue

Closed

opened 2026-05-05 07:25:19 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 07:25:19 -06:00

Owner

Originally created by @ltworf on GitHub (Oct 20, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1610

I have this env var:

GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1

If I let a software use unix socket, then it can connect to that, and if I had used my key recently, it could use the agent to do things I don't want it to do.

It would be nice to have a syntax to allow arbitrary variables rather than just ${HOME}, so one could just do blacklist ${GPG_AGENT_INFO} to block it.

Also having a ${UID} variable would be nice, and could be used to solve the same problem, so one could block /run/user/${UID}/gnupg. and potentially other paths inside there.

Originally created by @ltworf on GitHub (Oct 20, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1610 I have this env var: ``` GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1 ``` If I let a software use unix socket, then it can connect to that, and if I had used my key recently, it could use the agent to do things I don't want it to do. It would be nice to have a syntax to allow arbitrary variables rather than just ${HOME}, so one could just do `blacklist ${GPG_AGENT_INFO}` to block it. Also having a ${UID} variable would be nice, and could be used to solve the same problem, so one could block `/run/user/${UID}/gnupg`. and potentially other paths inside there.

gitea-mirror

2026-05-05 07:25:19 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:25:23 -06:00

Author

Owner

@smitsohu commented on GitHub (Oct 21, 2017):

/run/user/$UID/gnupg should be blacklisted by default. Is it not working for you?

@smitsohu commented on GitHub (Oct 21, 2017): `/run/user/$UID/gnupg` should be blacklisted by default. Is it not working for you?

gitea-mirror commented

2026-05-05 07:25:24 -06:00

Author

Owner

@smitsohu commented on GitHub (Oct 21, 2017):

👍 for ${UID}

@smitsohu commented on GitHub (Oct 21, 2017): :+1: for ${UID}

gitea-mirror commented

2026-05-05 07:25:25 -06:00

Author

Owner

@ltworf commented on GitHub (Oct 21, 2017):

Ah I am running this proprietary application for work and I am not including the default profile, so the profile I use won't get silent changes from updates of the package.

@ltworf commented on GitHub (Oct 21, 2017): Ah I am running this proprietary application for work and I am not including the default profile, so the profile I use won't get silent changes from updates of the package.

gitea-mirror commented

2026-05-05 07:25:27 -06:00

Author

Owner

@smitsohu commented on GitHub (Oct 22, 2017):

The /run/user/$UID/gnupg blacklist was introduced in 0.9.46, but it is hardcoded and not in the profiles.

In case you are running an older version and upgrading is not an option, blacklist /run/user/*/gnupg should actually work, too.

@smitsohu commented on GitHub (Oct 22, 2017): The /run/user/$UID/gnupg blacklist was introduced in 0.9.46, but it is hardcoded and not in the profiles. In case you are running an older version and upgrading is not an option, `blacklist /run/user/*/gnupg` should actually work, too.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1077

No description provided.

Rows
Columns