github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

#120

New issue

Closed

opened 2026-05-05 05:05:33 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 05:05:33 -06:00

Owner

Originally created by @ghost on GitHub (Nov 29, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/170

Only /etc/firejail/ is blacklisted, but for those who install from git, blacklist ${prefix}/etc/firejail/, too.

Originally created by @ghost on GitHub (Nov 29, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/170 Only /etc/firejail/ is blacklisted, but for those who install from git, blacklist ${prefix}/etc/firejail/, too.

gitea-mirror

2026-05-05 05:05:33 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 05:05:42 -06:00

Author

Owner

@ghost commented on GitHub (Nov 29, 2015):

Also, do not blacklist files under ${prefix} in disable-secret.inc and disable-common.inc
I mean I just assume it is ${prefix}.

@ghost commented on GitHub (Nov 29, 2015): Also, do not blacklist files under ${prefix} in disable-secret.inc and disable-common.inc I mean I just assume it is ${prefix}.

gitea-mirror commented

2026-05-05 05:05:44 -06:00

Author

Owner

@netblue30 commented on GitHub (Nov 29, 2015):

I have a fix in for blacklist ${prefix}/etc/firejail/.

do not blacklist files under ${prefix} in disable-secret.inc and disable-common.inc

What do you mean?

@netblue30 commented on GitHub (Nov 29, 2015): I have a fix in for blacklist ${prefix}/etc/firejail/. > do not blacklist files under ${prefix} in disable-secret.inc and disable-common.inc What do you mean?

gitea-mirror commented

2026-05-05 05:05:46 -06:00

Author

Owner

@ghost commented on GitHub (Nov 29, 2015):

/usr/local/disable-common.inc has the following lines:

# etc
blacklist /usr/local/etc/cron.*
blacklist /usr/local/etc/profile.d
blacklist /usr/local/etc/rc.local
blacklist /usr/local/etc/anacrontab

But the disable-common.inc in the repo has this:

# etc
blacklist /etc/cron.*
blacklist /etc/profile.d
blacklist /etc/rc.local
blacklist /etc/anacrontab

I don't see how the /usr/local gets there, but I'd say in the majority of cases stuff like rc.local and cron.* is in /etc and not in /usr/local/etc. So either blacklist both, or just /etc.
The same goes especially for disable-secret.inc

@ghost commented on GitHub (Nov 29, 2015): /usr/local/disable-common.inc has the following lines: ``` # etc blacklist /usr/local/etc/cron.* blacklist /usr/local/etc/profile.d blacklist /usr/local/etc/rc.local blacklist /usr/local/etc/anacrontab ``` But the disable-common.inc in the repo has this: ``` # etc blacklist /etc/cron.* blacklist /etc/profile.d blacklist /etc/rc.local blacklist /etc/anacrontab ``` I don't see how the /usr/local gets there, but I'd say in the majority of cases stuff like rc.local and cron.\* is in /etc and not in /usr/local/etc. So either blacklist both, or just /etc. The same goes especially for disable-secret.inc

gitea-mirror commented

2026-05-05 05:05:50 -06:00

Author

Owner

@netblue30 commented on GitHub (Nov 29, 2015):

You are right, this is a bug! I'll try to bring a fix in.

@netblue30 commented on GitHub (Nov 29, 2015): You are right, this is a bug! I'll try to bring a fix in.

gitea-mirror commented

2026-05-05 05:05:53 -06:00

Author

Owner

@netblue30 commented on GitHub (Nov 30, 2015):

Fixed, thanks.

@netblue30 commented on GitHub (Nov 30, 2015): Fixed, thanks.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#120

No description provided.

Rows
Columns