github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[PR #538] [MERGED] Extend profiles to use the new `nonewprivs` feature #3660

New issue

Closed

opened 2026-05-05 10:05:32 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:05:32 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/538
Author: @KellerFuchs
Created: 5/25/2016
Status: ✅ Merged
Merged: 5/26/2016
Merged by: @netblue30

Base: master ← Head: no_new_profiles

📝 Commits (2)

4125505 midori.profile: Use nonewprivs and noroot
845bd06 profiles: Add nonewprivs where sensible

📊 Changes

69 files changed (+70 additions, -2 deletions)

View changed files

📝 etc/0ad.profile (+1 -0)
📝 etc/Mathematica.profile (+1 -0)
📝 etc/abrowser.profile (+1 -0)
📝 etc/atril.profile (+1 -0)
📝 etc/audacious.profile (+1 -0)
📝 etc/aweather.profile (+1 -0)
📝 etc/bitlbee.profile (+1 -0)
📝 etc/cherrytree.profile (+1 -0)
📝 etc/clementine.profile (+1 -0)
📝 etc/cmus.profile (+1 -0)
📝 etc/conkeror.profile (+1 -0)
📝 etc/cyberfox.profile (+1 -0)
📝 etc/deadbeef.profile (+1 -0)
📝 etc/default.profile (+1 -0)
📝 etc/deluge.profile (+1 -0)
📝 etc/dillo.profile (+1 -0)
📝 etc/dnsmasq.profile (+1 -0)
📝 etc/dropbox.profile (+1 -0)
📝 etc/empathy.profile (+1 -0)
📝 etc/epiphany.profile (+1 -1)

...and 49 more files

📄 Description

This adds nonewprivs in profiles where I thought it made sense.

WARNING: I didn't test most profiles, simply because I don't use the corresponding software.
I'm only submitting this PR here so that other people know where it might be interesting to add nonewprivs.

One specific caveat deserves mention: some sendmail implementations are broken by NO_NEW_PRIVS, because they rely on the setgid bit to be able to write new mails directly in the mail queue, so in general this cannot be set on any program that may call (directly or not) sendmail.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/538 **Author:** [@KellerFuchs](https://github.com/KellerFuchs) **Created:** 5/25/2016 **Status:** ✅ Merged **Merged:** 5/26/2016 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `no_new_profiles` --- ### 📝 Commits (2) - [`4125505`](https://github.com/netblue30/firejail/commit/4125505f2e632bc3f1358470c78e2f9bb88c368e) midori.profile: Use nonewprivs and noroot - [`845bd06`](https://github.com/netblue30/firejail/commit/845bd06665539af002b1bf74d2b7cb9e6cf11e0e) profiles: Add nonewprivs where sensible ### 📊 Changes **69 files changed** (+70 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `etc/0ad.profile` (+1 -0) 📝 `etc/Mathematica.profile` (+1 -0) 📝 `etc/abrowser.profile` (+1 -0) 📝 `etc/atril.profile` (+1 -0) 📝 `etc/audacious.profile` (+1 -0) 📝 `etc/aweather.profile` (+1 -0) 📝 `etc/bitlbee.profile` (+1 -0) 📝 `etc/cherrytree.profile` (+1 -0) 📝 `etc/clementine.profile` (+1 -0) 📝 `etc/cmus.profile` (+1 -0) 📝 `etc/conkeror.profile` (+1 -0) 📝 `etc/cyberfox.profile` (+1 -0) 📝 `etc/deadbeef.profile` (+1 -0) 📝 `etc/default.profile` (+1 -0) 📝 `etc/deluge.profile` (+1 -0) 📝 `etc/dillo.profile` (+1 -0) 📝 `etc/dnsmasq.profile` (+1 -0) 📝 `etc/dropbox.profile` (+1 -0) 📝 `etc/empathy.profile` (+1 -0) 📝 `etc/epiphany.profile` (+1 -1) _...and 49 more files_ </details> ### 📄 Description This adds `nonewprivs` in profiles where I thought it made sense. **WARNING**: I didn't test most profiles, simply because I don't use the corresponding software. I'm only submitting this PR here so that other people know where it might be interesting to add `nonewprivs`. One specific caveat deserves mention: some `sendmail` implementations are broken by `NO_NEW_PRIVS`, because they rely on the setgid bit to be able to write new mails directly in the mail queue, so in general this cannot be set on any program that may call (directly or not) `sendmail`. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:05:32 -06:00

closed this issue
added the
pull-request
label

gitea-mirror referenced this issue

2026-05-05 10:27:31 -06:00

[PR #3660] [MERGED] Fix AppArmor 3.0 support (closes #3659) #4838

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3660

No description provided.

Rows
Columns

[PR #538] [MERGED] Extend profiles to use the new nonewprivs feature #3660

📋 Pull Request Information

📝 Commits (2)

📊 Changes

📄 Description

[PR #538] [MERGED] Extend profiles to use the new `nonewprivs` feature #3660