[PR #4004] [MERGED] add PATH_FCOPY to private-lib automatically #4987

New issue

Closed

opened 2026-05-05 10:30:15 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:30:15 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/4004
Author: @smitsohu
Created: 2/23/2021
Status: ✅ Merged
Merged: 2/24/2021
Merged by: @netblue30

Base: master ← Head: privatelib4

📝 Commits (1)

a274ad1 add PATH_FCOPY to private-lib automatically

📊 Changes

3 files changed (+82 additions, -34 deletions)

View changed files

📝 src/firejail/fs_lib.c (+26 -26)
📝 src/firejail/fs_lib2.c (+52 -5)
📝 src/firejail/sbox.c (+4 -3)

📄 Description

Essentially restores 45304621a6. Removing read permission on helper executables (fcopy) broke this original fix.

Now run fldd as root in order to fix #3741 without having to compromise or give up on the new permission system. It runs as root only on binaries that are not controlled by the user, and that Firejail needs to trust anyway. Also infrastructure is put in place to add more helper binaries to private-lib, should the need arise.

This pull request might be useful also for other reasons. For example, if one day we want to run the test suite with ASan/UBsan instrumentation, private-lib should now pick up all necessary libraries automatically (again).

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/4004 **Author:** [@smitsohu](https://github.com/smitsohu) **Created:** 2/23/2021 **Status:** ✅ Merged **Merged:** 2/24/2021 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `privatelib4` --- ### 📝 Commits (1) - [`a274ad1`](https://github.com/netblue30/firejail/commit/a274ad13bb5a0fcf7b42ab13955be6e042301cf4) add PATH_FCOPY to private-lib automatically ### 📊 Changes **3 files changed** (+82 additions, -34 deletions) <details> <summary>View changed files</summary> 📝 `src/firejail/fs_lib.c` (+26 -26) 📝 `src/firejail/fs_lib2.c` (+52 -5) 📝 `src/firejail/sbox.c` (+4 -3) </details> ### 📄 Description Essentially restores 45304621a6c600d8e30e98bfbef05149caaf56c5. Removing read permission on helper executables (fcopy) broke this original fix. Now run fldd as root in order to fix #3741 without having to compromise or give up on the new permission system. It runs as root only on binaries that are not controlled by the user, and that Firejail needs to trust anyway. Also infrastructure is put in place to add more helper binaries to private-lib, should the need arise. This pull request might be useful also for other reasons. For example, if one day we want to run the test suite with ASan/UBsan instrumentation, private-lib should now pick up all necessary libraries automatically (again). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:30:15 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#4987

No description provided.

Rows
Columns