[GH-ISSUE #159] Bitlbee profile #110

New issue

Closed

opened 2026-05-05 05:03:37 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 05:03:37 -06:00

Owner

Originally created by @rogshdo on GitHub (Nov 26, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/159

I would like to create a profile for bitlbee so that I can run it in a jail. Currently I have this, built off of the server.profile and some of the other default profiles I see:

include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-common.inc
protocol unix,inet,inet6
netfilter
private
private-dev
seccomp

This seems to work, but I don't really understand protocol or netfilter. Could someone more familiar with firejail suggest what a good profile should look like for bitlbee? Thank you!

Also, if a bitlbee profile could be included with firejail by default, that would be great.

Originally created by @rogshdo on GitHub (Nov 26, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/159 I would like to create a profile for [bitlbee](https://www.bitlbee.org/) so that I can run it in a jail. Currently I have this, built off of the server.profile and some of the other default profiles I see: ``` include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc protocol unix,inet,inet6 netfilter private private-dev seccomp ``` This seems to work, but I don't really understand `protocol` or `netfilter`. Could someone more familiar with firejail suggest what a good profile should look like for bitlbee? Thank you! Also, if a bitlbee profile could be included with firejail by default, that would be great.

gitea-mirror closed this issue

2026-05-05 05:03:41 -06:00

gitea-mirror commented

2026-05-05 05:03:44 -06:00

Author

Owner

@netblue30 commented on GitHub (Nov 27, 2015):

I've just added your profile, thanks! This is how it looks:

$ cat /etc/firejail/bitlbee.profile 
# BitlBee profile
noblacklist /sbin
noblacklist /usr/sbin
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-common.inc
protocol unix,inet,inet6
private
private-dev
seccomp

You don't need "netfilter". This option works only if you create a network namespace, and BitlBee will probably not work in a network namespace.

"protocol unix,inet,inet6" describes the protocols allowed by socket system call. There are about 40 of them available, usually you can get away only with unix socket protocol, IPv4 and IPv6. The option is based on seccomp and reduces the attack surface of the kernel.

@netblue30 commented on GitHub (Nov 27, 2015): I've just added your profile, thanks! This is how it looks: ``` $ cat /etc/firejail/bitlbee.profile # BitlBee profile noblacklist /sbin noblacklist /usr/sbin include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc protocol unix,inet,inet6 private private-dev seccomp ``` You don't need "netfilter". This option works only if you create a network namespace, and BitlBee will probably not work in a network namespace. "protocol unix,inet,inet6" describes the protocols allowed by socket system call. There are about 40 of them available, usually you can get away only with unix socket protocol, IPv4 and IPv6. The option is based on seccomp and reduces the attack surface of the kernel.

gitea-mirror commented

2026-05-05 05:03:47 -06:00

Author

Owner

@rogshdo commented on GitHub (Nov 27, 2015):

Great, thanks!

@rogshdo commented on GitHub (Nov 27, 2015): Great, thanks!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#110

No description provided.

Rows
Columns