[PR #3347] [MERGED] Clarify that file globbing occurs only at start #4733

New issue

Closed

opened 2026-05-05 10:25:35 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:25:35 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/3347
Author: @aerusso
Created: 4/11/2020
Status: ✅ Merged
Merged: 4/12/2020
Merged by: @rusty-snake

Base: master ← Head: pulls/documentation-globbing

📝 Commits (1)

7352501 Clarify that file globbing occurs only at start

📊 Changes

2 files changed (+13 additions, -5 deletions)

View changed files

📝 src/man/firejail-profile.txt (+3 -2)
📝 src/man/firejail.txt (+10 -3)

📄 Description

firejail can blacklist (and now also whitelist) files based on glob pattern. This pattern is evaluated at firejail start, and not updated at run time. This patch documents this behavior.

The problem

You should be able to reproduce this behavior by:

 firejail --blacklist="${HOME}/somedir/*" /bin/bash

Then, in another shell,

mkdir "${HOME}/somedir"
touch mkdir "${HOME}/somedir/something"

You can access this in the jailed shell. Stopping and restarting it gives the proper blacklisting.

Alternatives

Ideally, the blacklist glob would be evaluated at runtime, but that doesn't seem compatible with the approach firejail uses.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/3347 **Author:** [@aerusso](https://github.com/aerusso) **Created:** 4/11/2020 **Status:** ✅ Merged **Merged:** 4/12/2020 **Merged by:** [@rusty-snake](https://github.com/rusty-snake) **Base:** `master` ← **Head:** `pulls/documentation-globbing` --- ### 📝 Commits (1) - [`7352501`](https://github.com/netblue30/firejail/commit/73525015e11100db0972d40c02e35fb682a6c44a) Clarify that file globbing occurs only at start ### 📊 Changes **2 files changed** (+13 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `src/man/firejail-profile.txt` (+3 -2) 📝 `src/man/firejail.txt` (+10 -3) </details> ### 📄 Description firejail can blacklist (and now also whitelist) files based on glob pattern. This pattern is evaluated at firejail start, and not updated at run time. This patch documents this behavior. # The problem You should be able to reproduce this behavior by: ```bash firejail --blacklist="${HOME}/somedir/*" /bin/bash ``` Then, in another shell, ```bash mkdir "${HOME}/somedir" touch mkdir "${HOME}/somedir/something" ``` You can access this in the jailed shell. Stopping and restarting it gives the proper blacklisting. # Alternatives Ideally, the blacklist glob would be evaluated at runtime, but that doesn't seem compatible with the approach firejail uses. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:25:35 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#4733

No description provided.

Rows
Columns