[GH-ISSUE #4305] Officially deprecate follow-symlink-as-user #2618

New issue

Closed

opened 2026-05-05 09:16:57 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 09:16:57 -06:00

Owner

Originally created by @kmk3 on GitHub (May 24, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4305

@smitsohu commented 23 days ago:

For now all restrictions regarding symbolic links are gone (and
follow-symlink-as-user from firejail.config is without effect). I'm not
entirely sure if that is sustainable, but it can always be added back.

(I don't know if you're working on it, so I'm creating a task for it just to
make sure that it's not lost to time etc)

From what I gather it was removed on commit 5445d87af ("add support for
arbitrary whitelist directories") / PR #4229, and from looking at the code:

$ git show --pretty='%h %ai %s' -s master
518633eb4 2021-05-24 15:51:55 +0200 fix firejail startup race
$ git grep follow-symlink-as-user
RELNOTES:  * feature: follow-symlink-as-user runtime config option in
etc/firejail.config:# follow-symlink-as-user yes
src/firejail/checkcfg.c:                        PARSE_YESNO(CFG_FOLLOW_SYMLINK_AS_USER, "follow-symlink-as-user")
test/root/checkcfg.exp:send --  "echo \"follow-symlink-as-user yes\" >> /etc/firejail/firejail.config\r"
test/root/firejail.config:follow-symlink-as-user no
$ git grep CFG_FOLLOW_SYMLINK_AS_USER
src/firejail/checkcfg.c:                        PARSE_YESNO(CFG_FOLLOW_SYMLINK_AS_USER, "follow-symlink-as-user")
src/firejail/firejail.h:        CFG_FOLLOW_SYMLINK_AS_USER,

It seems that it's effectively deprecated/only there to keep existing configs
working (which I appreciate). So I'd suggest this:

Mention that it's deprecated/gone on the release notes

And maybe this:

Warn that it has no effect if found on firejail.config

Originally created by @kmk3 on GitHub (May 24, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4305 @smitsohu commented [23 days ago][1]: > For now all restrictions regarding symbolic links are gone (and > follow-symlink-as-user from firejail.config is without effect). I'm not > entirely sure if that is sustainable, but it can always be added back. (I don't know if you're working on it, so I'm creating a task for it just to make sure that it's not lost to time etc) From what I gather it was removed on commit 5445d87af ("add support for arbitrary whitelist directories") / PR #4229, and from looking at the code: ```console $ git show --pretty='%h %ai %s' -s master 518633eb4 2021-05-24 15:51:55 +0200 fix firejail startup race $ git grep follow-symlink-as-user RELNOTES: * feature: follow-symlink-as-user runtime config option in etc/firejail.config:# follow-symlink-as-user yes src/firejail/checkcfg.c: PARSE_YESNO(CFG_FOLLOW_SYMLINK_AS_USER, "follow-symlink-as-user") test/root/checkcfg.exp:send -- "echo \"follow-symlink-as-user yes\" >> /etc/firejail/firejail.config\r" test/root/firejail.config:follow-symlink-as-user no $ git grep CFG_FOLLOW_SYMLINK_AS_USER src/firejail/checkcfg.c: PARSE_YESNO(CFG_FOLLOW_SYMLINK_AS_USER, "follow-symlink-as-user") src/firejail/firejail.h: CFG_FOLLOW_SYMLINK_AS_USER, ``` It seems that it's effectively deprecated/only there to keep existing configs working (which I appreciate). So I'd suggest this: * [ ] Mention that it's deprecated/gone on the release notes And maybe this: * [ ] Warn that it has no effect if found on firejail.config [1]: https://github.com/netblue30/firejail/pull/4229#issue-628491332

gitea-mirror closed this issue

2026-05-05 09:16:58 -06:00

gitea-mirror commented

2026-05-05 09:17:00 -06:00

Author

Owner

@netblue30 commented on GitHub (May 26, 2021):

All done, thanks!

4909fa7efc

@netblue30 commented on GitHub (May 26, 2021): All done, thanks! https://github.com/netblue30/firejail/commit/4909fa7efce4a36bd16e7bf80c9642b93c262ddf

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2618

No description provided.

Rows
Columns