github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3345] cgroup owner checking ... #2100

New issue

Open

opened 2026-05-05 08:46:48 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 08:46:48 -06:00

Owner

Originally created by @kakasync on GitHub (Apr 11, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3345

3e2347451c/src/firejail/cgroup.c (L99)

how to make the global cgroup tasks permission work with all firejail users ?
for example, cat /etc/firejail/prog.local
cgroup /sys/fs/cgroup/firejail/task
what permission can work with all firejail users?

if set /sys/fs/cgroup/firejail/task as userA:userB (chown userA:userB /sys/fs/cgroup/firejail/task),
than it can not work with userC...

please advise, thanks.

Originally created by @kakasync on GitHub (Apr 11, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3345 https://github.com/netblue30/firejail/blob/3e2347451c62d38a52779fa9a88180544c7987a0/src/firejail/cgroup.c#L99 how to make the global cgroup tasks permission work with all firejail users ? for example, cat /etc/firejail/prog.local cgroup /sys/fs/cgroup/firejail/task what permission can work with all firejail users? if set /sys/fs/cgroup/firejail/task as userA:userB (chown userA:userB /sys/fs/cgroup/firejail/task), than it can not work with userC... please advise, thanks.

gitea-mirror commented

2026-05-05 08:46:50 -06:00

Author

Owner

@kakasync commented on GitHub (Apr 12, 2020):

one more question, why it cannot work?
cgexec cpu:low /usr/bin/firejail
firejail said: No such file or directory

@kakasync commented on GitHub (Apr 12, 2020): one more question, why it cannot work? cgexec cpu:low /usr/bin/firejail firejail said: No such file or directory

gitea-mirror commented

2026-05-05 08:46:51 -06:00

Author

Owner

@matu3ba commented on GitHub (Apr 12, 2020):

3e2347451c/src/firejail/cgroup.c (L99)

how to make the global cgroup tasks permission work with all firejail users ?
for example, cat /etc/firejail/prog.local
cgroup /sys/fs/cgroup/firejail/task
what permission can work with all firejail users?

Firejail is generally intended to restrict userspace programs. If you are asking about setups with multiple users, you can call from each user firejail or use the desktop integration.

if set /sys/fs/cgroup/firejail/task as userA:userB (chown userA:userB /sys/fs/cgroup/firejail/task),
than it can not work with userC...

please advise, thanks.

I am not sure, what you want to do exactly.

@matu3ba commented on GitHub (Apr 12, 2020): > https://github.com/netblue30/firejail/blob/3e2347451c62d38a52779fa9a88180544c7987a0/src/firejail/cgroup.c#L99 > > how to make the global cgroup tasks permission work with all firejail users ? > for example, cat /etc/firejail/prog.local > cgroup /sys/fs/cgroup/firejail/task > what permission can work with all firejail users? Firejail is generally intended to restrict userspace programs. If you are asking about setups with multiple users, you can call from each user firejail or use the desktop integration. > if set /sys/fs/cgroup/firejail/task as userA:userB (chown userA:userB /sys/fs/cgroup/firejail/task), > than it can not work with userC... > > please advise, thanks. I am not sure, what you want to do exactly.

gitea-mirror commented

2026-05-05 08:46:52 -06:00

Author

Owner

@matu3ba commented on GitHub (Apr 12, 2020):

one more question, why it cannot work?
cgexec cpu:low /usr/bin/firejail
firejail said: No such file or directory

Use firejail program to open the program in a sandbox.

Suggestion to close this.

@matu3ba commented on GitHub (Apr 12, 2020): > one more question, why it cannot work? > cgexec cpu:low /usr/bin/firejail > firejail said: No such file or directory Use `firejail program` to open the program in a sandbox. Suggestion to close this.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2100

No description provided.

Rows
Columns