[PR #960] [MERGED] block dbus ipc #3808

New issue

Closed

opened 2026-05-05 10:08:17 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:08:17 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/960
Author: @valoq
Created: 12/6/2016
Status: ✅ Merged
Merged: 12/9/2016
Merged by: @netblue30

Base: master ← Head: master

📝 Commits (2)

6c262c3 block dbus ipc
8d929a7 removed dbus blacklist

📊 Changes

1 file changed (+66 additions, -1 deletions)

View changed files

📝 src/firejail/fs.c (+66 -1)

📄 Description

This patch prevents applications inside firejail to start services outside the jail via dbus IPC sockets
Using --ipc-namespace does not suffice here.

This attempt to block breaking out of the jail via ipc is a just an early workaround.
It will likely break some applications, that depend on such services.

For a final solution, an additional option to disable this change is needed, as well as a way to start those services inside the jail by providing dbus and possibly systemd services.

It does not prevent kde applications to start services via the kdeinit5 socket.

When the sockets blacklisted by this patch are created after the jail is launched, the blacklist has no effect.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/960 **Author:** [@valoq](https://github.com/valoq) **Created:** 12/6/2016 **Status:** ✅ Merged **Merged:** 12/9/2016 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (2) - [`6c262c3`](https://github.com/netblue30/firejail/commit/6c262c3e8746b4460a6a42a6686b89e44018ed99) block dbus ipc - [`8d929a7`](https://github.com/netblue30/firejail/commit/8d929a786fec68549d0dbe00ceb4f9c7d3e94217) removed dbus blacklist ### 📊 Changes **1 file changed** (+66 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/firejail/fs.c` (+66 -1) </details> ### 📄 Description This patch prevents applications inside firejail to start services outside the jail via dbus IPC sockets Using --ipc-namespace does not suffice here. This attempt to block breaking out of the jail via ipc is a just an early workaround. It will likely break some applications, that depend on such services. For a final solution, an additional option to disable this change is needed, as well as a way to start those services inside the jail by providing dbus and possibly systemd services. It does not prevent kde applications to start services via the kdeinit5 socket. When the sockets blacklisted by this patch are created after the jail is launched, the blacklist has no effect. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:08:17 -06:00

closed this issue
added the
pull-request
label

gitea-mirror referenced this issue

2026-05-05 10:28:22 -06:00

[PR #3808] [MERGED] integrate relevant options into server.profile #4886

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3808

No description provided.

Rows
Columns