github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2696] O_PATH undeclared (CentOS 6) #1697

New issue

Closed

opened 2026-05-05 08:21:13 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 08:21:13 -06:00

Owner

Originally created by @chargrnv on GitHub (May 14, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2696

OS: CentOS 6.10
Version: 0.9.56-LTS (and newer)

I believe this would be provided by the kernel, but on CentOS 6 the kernel is too old.

http://man7.org/linux/man-pages/man2/open.2.html
O_PATH (since Linux 2.6.39)

[root@90ea573d076b ~]# rpm -qa | grep kernel
kernel-devel-2.6.32-754.12.1.el6.x86_64
kernel-headers-2.6.32-754.12.1.el6.x86_64

fs.c: In function 'fs_private_cache':
fs.c:851:26: error: 'O_PATH' undeclared (first use in this function)
  int fd = safe_fd(cache, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
                          ^

0.9.54 builds OK under centos 6.

Is it possible for configure to check for the feature and have it optionally enabled/disabled?

I thought I had seen a patch posted previously, but I dont find any issues filed against this when searching for O_PATH.

Originally created by @chargrnv on GitHub (May 14, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2696 OS: CentOS 6.10 Version: 0.9.56-LTS (and newer) I believe this would be provided by the kernel, but on CentOS 6 the kernel is too old. http://man7.org/linux/man-pages/man2/open.2.html O_PATH (since Linux 2.6.39) ``` [root@90ea573d076b ~]# rpm -qa | grep kernel kernel-devel-2.6.32-754.12.1.el6.x86_64 kernel-headers-2.6.32-754.12.1.el6.x86_64 ``` ``` fs.c: In function 'fs_private_cache': fs.c:851:26: error: 'O_PATH' undeclared (first use in this function) int fd = safe_fd(cache, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC); ^ ``` 0.9.54 builds OK under centos 6. Is it possible for configure to check for the feature and have it optionally enabled/disabled? I thought I had seen a patch posted previously, but I dont find any issues filed against this when searching for O_PATH.

gitea-mirror

2026-05-05 08:21:13 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 08:21:17 -06:00

Author

Owner

@Vincent43 commented on GitHub (May 15, 2019):

Centos 6.10 is near end-of-life with only crucial security updates support. Is there a reason you didn't migrated to 7.x yet and/or you need firejail 0.9.56+ there?

@Vincent43 commented on GitHub (May 15, 2019): Centos 6.10 is near end-of-life with only crucial security updates support. Is there a reason you didn't migrated to 7.x yet and/or you need firejail 0.9.56+ there?

gitea-mirror commented

2026-05-05 08:21:17 -06:00

Author

Owner

@chargrnv commented on GitHub (May 15, 2019):

Moving to CentOS 7, but still have a lot of CentOS 6 and try and keep new versions of tools available. Thought LTS was "long term support" and would support older OSs.

@chargrnv commented on GitHub (May 15, 2019): Moving to CentOS 7, but still have a lot of CentOS 6 and try and keep new versions of tools available. Thought LTS was "long term support" and would support older OSs.

gitea-mirror commented

2026-05-05 08:21:19 -06:00

Author

Owner

@Vincent43 commented on GitHub (May 15, 2019):

Thought LTS was "long term support" and would support older OSs.

Yes, however there are limits how old things it supports. Your kernel was released almost 10 years ago. This a time span of enterprise class support rather than what is expected from most community projects. I'm not saying support for it won't be added but it can't be taken for granted.

@Vincent43 commented on GitHub (May 15, 2019): > Thought LTS was "long term support" and would support older OSs. Yes, however there are limits how old things it supports. Your kernel was released almost 10 years ago. This a time span of enterprise class support rather than what is expected from most community projects. I'm not saying support for it won't be added but it can't be taken for granted.

gitea-mirror commented

2026-05-05 08:21:20 -06:00

Author

Owner

@smitsohu commented on GitHub (May 16, 2019):

Vanilla kernels older than 3.6 are unsupported currently, because of (from man 2 open)

O_PATH (since Linux 2.6.39)
....
The following operations can be performed on the resulting file descriptor:
close(2); fchdir(2) (since Linux 3.5); fstat(2) (since Linux 3.6).

But the patched CentOS/RedHat kernel seems to be fine, providing O_PATH is all we need to do.

@smitsohu commented on GitHub (May 16, 2019): Vanilla kernels older than 3.6 are unsupported currently, because of (from `man 2 open`) > O_PATH (since Linux 2.6.39) .... The following operations can be performed on the resulting file descriptor: close(2); fchdir(2) (since Linux 3.5); fstat(2) (since Linux 3.6). But the patched CentOS/RedHat kernel seems to be fine, providing O_PATH is all we need to do.

gitea-mirror commented

2026-05-05 08:21:21 -06:00

Author

Owner

@Vincent43 commented on GitHub (May 17, 2019):

Fixed by 203e34db60

@Vincent43 commented on GitHub (May 17, 2019): Fixed by https://github.com/netblue30/firejail/commit/203e34db60e9200a53708c425868a041e32eaf0d

gitea-mirror commented

2026-05-05 08:21:22 -06:00

Author

Owner

@chargrnv commented on GitHub (May 17, 2019):

Thanks!

@chargrnv commented on GitHub (May 17, 2019): Thanks!

gitea-mirror referenced this issue

2026-05-05 10:12:44 -06:00

[PR #1697] [MERGED] Blacklist the monero wallets directory #4045

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1697

No description provided.

Rows
Columns