github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #94] add an --ignore option #57

New issue

Closed

opened 2026-05-05 04:54:43 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented

2026-05-05 04:54:43 -06:00

Owner

Originally created by @nick75e on GitHub (Oct 24, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/94

Hi!
I have this common profile:

block.inc

include /etc/firejail/disable-mgmt.inc
blacklist /media
netfilter
caps.drop all
seccomp
noroot
nogroups
shell none

I can't use this profile with Steam since it includes seccomp or with command line programs because of shell none. So like noblacklist ignores blacklisted files and/or folders, an --ignore < option > would ignore other options like seccomp, shell etc.
Thanks.

Originally created by @nick75e on GitHub (Oct 24, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/94 Hi! I have this common profile: > # block.inc > > include /etc/firejail/disable-mgmt.inc > blacklist /media > netfilter > caps.drop all > seccomp > noroot > nogroups > shell none I can't use this profile with Steam since it includes _seccomp_ or with command line programs because of _shell none_. So like _noblacklist_ ignores blacklisted files and/or folders, an _--ignore < option >_ would ignore other options like _seccomp, shell_ etc. Thanks.

gitea-mirror

2026-05-05 04:54:43 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 04:54:49 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 24, 2015):

I move the discussion here: https://github.com/netblue30/firejail/issues/86

I am pushing for a full fix, with a dual 32/64 filter. You'll be able to run steam, wine, or any other 32bit executable with default seccomp filter support.

@netblue30 commented on GitHub (Oct 24, 2015): I move the discussion here: https://github.com/netblue30/firejail/issues/86 I am pushing for a full fix, with a dual 32/64 filter. You'll be able to run steam, wine, or any other 32bit executable with default seccomp filter support.

gitea-mirror commented

2026-05-05 04:54:53 -06:00

Author

Owner

@nick75e commented on GitHub (Oct 24, 2015):

I think you misunderstood what I meant.
It's not about running Steam with seccomp but ignoring options from included profiles !

@nick75e commented on GitHub (Oct 24, 2015): I think you misunderstood what I meant. It's not about running Steam with seccomp but ignoring options from included profiles !

gitea-mirror commented

2026-05-05 04:54:55 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 24, 2015):

Sorry! I'll implement it.

@netblue30 commented on GitHub (Oct 24, 2015): Sorry! I'll implement it.

gitea-mirror commented

2026-05-05 04:54:58 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 25, 2015):

All set! Example:

$ firejail --ignore=seccomp --ignore=shell --profile=block.inc

@netblue30 commented on GitHub (Oct 25, 2015): All set! Example: ``` $ firejail --ignore=seccomp --ignore=shell --profile=block.inc ```

gitea-mirror commented

2026-05-05 04:55:01 -06:00

Author

Owner

@nick75e commented on GitHub (Oct 25, 2015):

Thanks! That was fast!
Will it also be available in profile files like noblacklist?

@nick75e commented on GitHub (Oct 25, 2015): Thanks! That was fast! Will it also be available in profile files like _noblacklist_?

gitea-mirror commented

2026-05-05 04:55:04 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 25, 2015):

You're welcome. Sure, I can do that.

@netblue30 commented on GitHub (Oct 25, 2015): You're welcome. Sure, I can do that.

gitea-mirror commented

2026-05-05 04:55:06 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 26, 2015):