github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3135] Concise command output for documentation purpose #1966

New issue
Closed
opened 2026-05-05 08:37:48 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 08:37:48 -06:00
Owner
Copy link

Originally created by @Ricky-Tigg on GitHub (Jan 9, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3135

Using Linux, I attempt to document relevant functions I use into my project: firejail --version is one of them.

Enhancement suggestion: concise commands output:s

  • Current output:
$ firejail --version
firejail version 0.9.57

Compile time support:
	- AppArmor support is disabled
	- AppImage support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

$
  • Concise output 1:
$ firejail --version
firejail version 0.9.57 (<release_date>)

Compile time support:
 Disabled supports:
- AppArmor
 Enabled supports:
- AppImage 
- chroot 
- file and directory whitelisting 
- file transfer 
- networking 
- overlayfs 
- private-home 
- seccomp-bpf 
- user namespace 
- X11 sandboxing 
$
  • Concise output 2:
$ firejail --version
firejail version 0.9.57 (<release_date>)

Compile time support:
 Disabled supports: AppArmor
 Enabled supports: AppImage – chroot – file and directory whitelisting – file transfer – networking – overlayfs – private-home – seccomp-bpf – user namespace 
- X11 sandboxing 
$

Mention Wayland sandboxing is not present; would this mean that Wayland server is not detected thus not part of the compile time support?

Originally created by @Ricky-Tigg on GitHub (Jan 9, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3135 Using Linux, I attempt to document relevant functions I use into my project: `firejail --version` is one of them. Enhancement suggestion: concise commands output:s - Current output: ``` $ firejail --version firejail version 0.9.57 Compile time support: - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled $ ``` - Concise output 1: ``` $ firejail --version firejail version 0.9.57 (<release_date>) Compile time support: Disabled supports: - AppArmor Enabled supports: - AppImage - chroot - file and directory whitelisting - file transfer - networking - overlayfs - private-home - seccomp-bpf - user namespace - X11 sandboxing $ ``` - Concise output 2: ``` $ firejail --version firejail version 0.9.57 (<release_date>) Compile time support: Disabled supports: AppArmor Enabled supports: AppImage – chroot – file and directory whitelisting – file transfer – networking – overlayfs – private-home – seccomp-bpf – user namespace - X11 sandboxing $ ``` Mention `Wayland sandboxing` is not present; would this mean that Wayland server is not detected thus not part of the compile time support?
gitea-mirror commented 2026-05-05 08:37:50 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 9, 2020):

Mention Wayland sandboxing is not present; would this mean that Wayland server is not detected thus not part of the compile time support?

Wayland is sandboxed by design.

<!-- gh-comment-id:572563373 --> @rusty-snake commented on GitHub (Jan 9, 2020): > Mention `Wayland sandboxing` is not present; would this mean that Wayland server is not detected thus not part of the compile time support? Wayland is sandboxed by design.
gitea-mirror commented 2026-05-05 08:37:51 -06:00
Author
Owner
Copy link

@Ricky-Tigg commented on GitHub (Jan 10, 2020):

On operating systems, such as Fedora, Red Hat, and Centos, Apparmor's counterpart, SELinux, does operate. Thus a mention related to support status regarding AppArmor is irrelevant then its presence as output appropriately not needed.. This is a suitable target for an enhancement

<!-- gh-comment-id:572952290 --> @Ricky-Tigg commented on GitHub (Jan 10, 2020): On operating systems, such as Fedora, Red Hat, and Centos, Apparmor's counterpart, SELinux, does operate. Thus a mention related to support status regarding AppArmor is irrelevant then its presence as output appropriately not needed.. This is a suitable target for an enhancement
gitea-mirror commented 2026-05-05 08:37:52 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Jan 10, 2020):

This is information if apparmor support was enabled during compiling firejail not if system had apparmor support.

<!-- gh-comment-id:573110658 --> @Vincent43 commented on GitHub (Jan 10, 2020): This is information if apparmor support was enabled during compiling firejail not if system had apparmor support.
gitea-mirror commented 2026-05-05 08:37:53 -06:00
Author
Owner
Copy link

@Ricky-Tigg commented on GitHub (Jan 13, 2020):

Hey. Afterwards, I realise that "Compile time support:" was certainly explicit enough; I then interpreted it wrong since I understood it as follow: listed components that may be supported in user's OS will have either support or not in firejail commands. Is it then so that a component whose support was enabled during Firejail compile time will be supported as well in user's OS?

There is indeed no apprmor component on my system and appimage is supported. Are those cases then coincidences?

$ dnf -q repoquery --archlist noarch,x86_64 list *apparmor*

$ firejail --appimage --private --noprofile ./arduino
Mounting appimage type 1
Parent pid 2958, child pid 2961

**     Warning: dropping all Linux capabilities     **
[...]

What could be then the context in firejail command lines regard Apparmor on Open(SUSE) systems , since those systems do have support for Apparmor?

<!-- gh-comment-id:573560841 --> @Ricky-Tigg commented on GitHub (Jan 13, 2020): Hey. Afterwards, I realise that "Compile time support:" was certainly explicit enough; I then interpreted it wrong since I understood it as follow: listed components that may be supported in user's OS will have either support or not in firejail commands. Is it then so that a component whose support was enabled during Firejail compile time will be supported as well in user's OS? There is indeed no apprmor component on my system and appimage is supported. Are those cases then coincidences? ``` $ dnf -q repoquery --archlist noarch,x86_64 list *apparmor* $ firejail --appimage --private --noprofile ./arduino Mounting appimage type 1 Parent pid 2958, child pid 2961 ** Warning: dropping all Linux capabilities ** [...] ``` What could be then the context in firejail command lines regard Apparmor on Open(SUSE) systems , since those systems do have support for Apparmor?
gitea-mirror commented 2026-05-05 08:37:53 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 13, 2020):

There is indeed no apprmor component on my system and appimage is supported. Are those cases then coincidences?

Apparmor and appimage have absolutely no relation to each other (except that both are for linux)

<!-- gh-comment-id:573644800 --> @rusty-snake commented on GitHub (Jan 13, 2020): > There is indeed no apprmor component on my system and appimage is supported. Are those cases then coincidences? Apparmor and appimage have absolutely no relation to each other (except that both are for linux)
gitea-mirror commented 2026-05-05 08:37:54 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Jan 13, 2020):

I then interpreted it wrong since I understood it as follow: listed components that may be supported in user's OS will have either support or not in firejail commands. Is it then so that a component whose support was enabled during Firejail compile time will be supported as well in user's OS?

firejail --version doesn't show what user OS support. You can run firejail --version for the same binary on fedora and opensuse and the output will be the same.

<!-- gh-comment-id:573652828 --> @Vincent43 commented on GitHub (Jan 13, 2020): > I then interpreted it wrong since I understood it as follow: listed components that may be supported in user's OS will have either support or not in firejail commands. Is it then so that a component whose support was enabled during Firejail compile time will be supported as well in user's OS? `firejail --version` doesn't show what user OS support. You can run `firejail --version` for the same binary on fedora and opensuse and the output will be the same.
gitea-mirror commented 2026-05-05 08:37:55 -06:00
Author
Owner
Copy link

@Ricky-Tigg commented on GitHub (Jan 13, 2020):

to rusty-snake – Sure; However I meant regards to that firejail --version output

   - AppArmor support is disabled
   - AppImage support is enabled

to Vincent43 – i understand the command. at last.

The _manual page_s would certainly benefit from this elaborated information.

<!-- gh-comment-id:573653604 --> @Ricky-Tigg commented on GitHub (Jan 13, 2020): to _rusty-snake_ – Sure; However I meant regards to that `firejail --version` output ``` - AppArmor support is disabled - AppImage support is enabled ``` to _Vincent43_ – i understand the command. at last. The _manual page_s would certainly benefit from this elaborated information.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1966
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?