[GH-ISSUE #211] ARGV0 support #146

New issue

Closed

opened 2026-05-05 05:09:46 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 05:09:46 -06:00

Owner

Originally created by @TobiX on GitHub (Jan 5, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/211

It would be really nice if firejail shipped something like the ssh-argv0 wrapper (or supported this inside the binary). Currently, to replace, for example /usr/bin/iceweasel with a wrapper that calls iceweasel under firejail, I have to do this:

dpkg-divert --divert /usr/bin/iceweasel.unjailed --rename /usr/bin/iceweasel
cat > /usr/bin/iceweasel <<EOF
#!/bin/sh
exec /usr/bin/firejail /usr/bin/iceweasel.unjailed "$@"
EOF
chmod +x /usr/bin/iceweasel

In its simplest form, firejail could probably ship something similar to ssh-argv0, like this script:

#!/bin/sh
exec firejail --profile="${0##*/}" "${0##*/}.unjailed" "$@"

Then, to replace a real command with the firejailed version, one only needs to do:

dpkg-divert --divert /usr/bin/iceweasel.unjailed --rename /usr/bin/iceweasel
ln -s /usr/bin/firejail-argv0 /usr/bin/iceweasel

If integrated into firejail, firejail could decide which command line arguments are meant for firejail (with prefix?) and which should be passed to the original program.

Originally created by @TobiX on GitHub (Jan 5, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/211 It would be really nice if firejail shipped something like the ssh-argv0 wrapper (or supported this inside the binary). Currently, to replace, for example /usr/bin/iceweasel with a wrapper that calls iceweasel under firejail, I have to do this: ``` dpkg-divert --divert /usr/bin/iceweasel.unjailed --rename /usr/bin/iceweasel cat > /usr/bin/iceweasel <<EOF #!/bin/sh exec /usr/bin/firejail /usr/bin/iceweasel.unjailed "$@" EOF chmod +x /usr/bin/iceweasel ``` In its simplest form, firejail could probably ship something similar to ssh-argv0, like this script: ``` #!/bin/sh exec firejail --profile="${0##*/}" "${0##*/}.unjailed" "$@" ``` Then, to replace a real command with the firejailed version, one only needs to do: ``` dpkg-divert --divert /usr/bin/iceweasel.unjailed --rename /usr/bin/iceweasel ln -s /usr/bin/firejail-argv0 /usr/bin/iceweasel ``` If integrated into firejail, firejail could decide which command line arguments are meant for firejail (with prefix?) and which should be passed to the original program.

gitea-mirror

2026-05-05 05:09:46 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 05:09:52 -06:00

Author

Owner

@netblue30 commented on GitHub (Jan 18, 2016):

ssh-argv0 is cool! I didn't know abut it, thanks!

I ended up implementing something similar to BusyBox, where you have a symlink named firefox to /usr/bin/firejail, and firejail will look at argv0 and it will start Firefox with the proper profile. I have a description here: https://github.com/netblue30/firejail

@netblue30 commented on GitHub (Jan 18, 2016): ssh-argv0 is cool! I didn't know abut it, thanks! I ended up implementing something similar to BusyBox, where you have a symlink named firefox to /usr/bin/firejail, and firejail will look at argv0 and it will start Firefox with the proper profile. I have a description here: https://github.com/netblue30/firejail

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#146

No description provided.

Rows
Columns