github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2155] Add firejail.config option to prevent loading of user profiles. #1464

New issue

Open

opened 2026-05-05 08:07:41 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 08:07:41 -06:00

Owner

Originally created by @crass on GitHub (Oct 9, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2155

On systems where the unprivileged user does not have access to root, the sysadmin should have the ability to disallow custom profiles. This will lower the attack surface on firejail itself. In order for this to be effective, when user profiles are disabled, the --profile option should only allow loading files from ${CFG}. What should this option be named in firejail.config? Perhaps user_profiles? And I suggest having them off by default (secure default).

Originally created by @crass on GitHub (Oct 9, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2155 On systems where the unprivileged user does not have access to root, the sysadmin should have the ability to disallow custom profiles. This will lower the attack surface on firejail itself. In order for this to be effective, when user profiles are disabled, the `--profile` option should only allow loading files from `${CFG}`. What should this option be named in `firejail.config`? Perhaps `user_profiles`? And I suggest having them off by default (secure default).

gitea-mirror added the

enhancement

label 2026-05-05 08:07:41 -06:00

gitea-mirror commented

2026-05-05 08:07:43 -06:00

Author

Owner

@smitsohu commented on GitHub (Oct 9, 2018):

This will lower the attack surface on firejail itself.

There is still always the command line, though.

@smitsohu commented on GitHub (Oct 9, 2018): > This will lower the attack surface on firejail itself. There is still always the command line, though.

gitea-mirror commented

2026-05-05 08:07:44 -06:00

Author

Owner

@reinerh commented on GitHub (Oct 9, 2018):

Right, when the users can still override everything on the command line, but no longer in their config files, that's an even bigger reason to keep it on by default.

@reinerh commented on GitHub (Oct 9, 2018): Right, when the users can still override everything on the command line, but no longer in their config files, that's an even bigger reason to keep it on by default.

gitea-mirror commented

2026-05-05 08:07:45 -06:00

Author

Owner

@crass commented on GitHub (Oct 9, 2018):

@smitsohu very good point... ☹️ As I see it now, either we should not do this or it needs to disable any options which can loosen the container. Options that can tighten up the container should be ok. This will require a more thorough evaluation of the options...

@crass commented on GitHub (Oct 9, 2018): @smitsohu very good point... :frowning_face: As I see it now, either we should not do this or it needs to disable any options which can loosen the container. Options that can tighten up the container should be ok. This will require a more thorough evaluation of the options...

gitea-mirror commented

2026-05-05 08:07:45 -06:00

Author

Owner

@crass commented on GitHub (Oct 10, 2018):

So I'm thinking that the pull request shouldn't be merged as-is because it gives the illusion of locking down the users. I was thinking of abandoning the rest of the work because it seemed like a PITA. But, it looks like it could be easily implemented in check_arg using checkcfg and a list of options we want to disallow.

So now the PITA part is getting the list of options that we should disallow. If someone or the collective wants to come up with such a list, I could implement it. I'm not interested in doing that part myself though.

@crass commented on GitHub (Oct 10, 2018): So I'm thinking that the pull request shouldn't be merged as-is because it gives the illusion of locking down the users. I was thinking of abandoning the rest of the work because it seemed like a PITA. But, it looks like it could be easily implemented in `check_arg` using `checkcfg` and a list of options we want to disallow. So now the PITA part is getting the list of options that we should disallow. If someone or the collective wants to come up with such a list, I could implement it. I'm not interested in doing that part myself though.

gitea-mirror commented

2026-05-05 08:07:46 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 21, 2019):

Are we interested in moving forward with this or should we close this?

@chiraag-nataraj commented on GitHub (May 21, 2019): Are we interested in moving forward with this or should we close this?

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1464

No description provided.

Rows
Columns