[PR #4229] [MERGED] Whitelist2 #5070

New issue

Closed

opened 2026-05-05 10:31:44 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:31:44 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/4229
Author: @smitsohu
Created: 5/1/2021
Status: ✅ Merged
Merged: 5/18/2021
Merged by: @netblue30

Base: master ← Head: whitelist2

📝 Commits (5)

289d648 enhance clean_pathname function
923d7ad introduce safer_openat function
5445d87 add support for arbitrary whitelist directories
14b104a tweak
9e7cad0 add /run whitelist support

📊 Changes

13 files changed (+540 additions, -976 deletions)

View changed files

📝 etc/firejail.config (+4 -0)
📝 src/firejail/checkcfg.c (+26 -0)
📝 src/firejail/chroot.c (+4 -4)
📝 src/firejail/dbus.c (+1 -1)
📝 src/firejail/firejail.h (+13 -16)
📝 src/firejail/fs.c (+5 -5)
📝 src/firejail/fs_home.c (+3 -3)
📝 src/firejail/fs_whitelist.c (+436 -900)
📝 src/firejail/pulseaudio.c (+1 -1)
📝 src/firejail/restrict_users.c (+1 -1)
📝 src/firejail/util.c (+41 -28)
📝 src/firejail/x11.c (+5 -5)
📝 src/include/rundefs.h (+0 -12)

📄 Description

Somewhat experimental whitelist implementation. Fixes #2041.

All top level directories are allowed except /proc, /sys and /run. As an exception from the exception, /sys/module and /run/user/$UID are allowed. This way all profiles will continue to work. Another special case is /usr, where the subdirectories (like /usr/share) are top level directories for the purpose of whitelisting.

For now all restrictions regarding symbolic links are gone (and follow-symlink-as-user from firejail.config is without effect). I'm not entirely sure if that is sustainable, but it can always be added back.

Otherwise this implementation should be very close to the current one.

Maybe it would also make sense to reimplement private-lib as whitelist then, in order to prevent name collisions as in #3236

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/4229 **Author:** [@smitsohu](https://github.com/smitsohu) **Created:** 5/1/2021 **Status:** ✅ Merged **Merged:** 5/18/2021 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `whitelist2` --- ### 📝 Commits (5) - [`289d648`](https://github.com/netblue30/firejail/commit/289d648004c78b19cd953b36db69df6958dfb0aa) enhance clean_pathname function - [`923d7ad`](https://github.com/netblue30/firejail/commit/923d7ada73f9600cda12a4ceb59b90928e4ce0d6) introduce safer_openat function - [`5445d87`](https://github.com/netblue30/firejail/commit/5445d87af6e9fc5fb4508e1c7558f349c012e2b3) add support for arbitrary whitelist directories - [`14b104a`](https://github.com/netblue30/firejail/commit/14b104aa026de9dc1e206bc8b821e516300feee5) tweak - [`9e7cad0`](https://github.com/netblue30/firejail/commit/9e7cad06c86b64a8608e690b8c637c33ce18c6c3) add /run whitelist support ### 📊 Changes **13 files changed** (+540 additions, -976 deletions) <details> <summary>View changed files</summary> 📝 `etc/firejail.config` (+4 -0) 📝 `src/firejail/checkcfg.c` (+26 -0) 📝 `src/firejail/chroot.c` (+4 -4) 📝 `src/firejail/dbus.c` (+1 -1) 📝 `src/firejail/firejail.h` (+13 -16) 📝 `src/firejail/fs.c` (+5 -5) 📝 `src/firejail/fs_home.c` (+3 -3) 📝 `src/firejail/fs_whitelist.c` (+436 -900) 📝 `src/firejail/pulseaudio.c` (+1 -1) 📝 `src/firejail/restrict_users.c` (+1 -1) 📝 `src/firejail/util.c` (+41 -28) 📝 `src/firejail/x11.c` (+5 -5) 📝 `src/include/rundefs.h` (+0 -12) </details> ### 📄 Description Somewhat experimental whitelist implementation. Fixes #2041. All top level directories are allowed except /proc, /sys and /run. As an exception from the exception, /sys/module and /run/user/$UID are allowed. This way all profiles will continue to work. Another special case is /usr, where the subdirectories (like /usr/share) are top level directories for the purpose of whitelisting. For now all restrictions regarding symbolic links are gone (and `follow-symlink-as-user` from firejail.config is without effect). I'm not entirely sure if that is sustainable, but it can always be added back. Otherwise this implementation should be very close to the current one. Maybe it would also make sense to reimplement private-lib as whitelist then, in order to prevent name collisions as in #3236 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:31:44 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5070

No description provided.

Rows
Columns