[PR #6704] [MERGED] feature: use globbing in hardcoded numbered /dev paths #6128

New issue

Closed

opened 2026-05-05 10:51:17 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:51:17 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6704
Author: @kmk3
Created: 4/10/2025
Status: ✅ Merged
Merged: 4/12/2025
Merged by: @kmk3

Base: master ← Head: private-dev-glob

📝 Commits (7)

c5fba25 fs_dev.c: sort includes
9934dd1 fs_dev.c: fix misc whitespace
57c937e fs_dev.c: reduce indentation in deventry_mount
1c11f64 fs_dev.c: split deventry_mount into should_mount
4b99bd9 fs_dev.c: split deventry_mount into deventry_mount_all
edf623f fs_dev.c: improve checks and logging in deventry_mount
7ae5db2 feature: use globbing in hardcoded numbered /dev paths

📊 Changes

1 file changed (+253 additions, -122 deletions)

View changed files

📝 src/firejail/fs_dev.c (+253 -122)

📄 Description

Certain devices appear in numbered paths in /dev (such as /dev/hidraw0
or /dev/hidraw1) when they are plugged in. When private-dev is used,
it attempts to include a hardcoded list of /dev paths in the sandbox.

Since the hardcoded paths only go up to a specific number (mostly from 0
to 9), devices that appear at higher numbered paths (such as
/dev/hidraw10 or /dev/hidraw20) do not show up in /dev when
private-dev is enabled.

This issue also affects options that attempt to disable numbered paths
(such as --no3d and --nou2f), independently of whether private-dev is
used.

Fix this by using glob patterns (such as /dev/hidraw[0-9]*) to ensure
that all relevant numbered paths are matched regardless of number.

The globbing is similar to the one from commit 2993298aa ("firecfg:
parse config files in /etc/firejail/firecfg.d", 2023-06-29) / PR #5876.

Closes #2723.

Reported-by: @tsankuanglee
Reported-by: @WPettersson

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6704 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 4/10/2025 **Status:** ✅ Merged **Merged:** 4/12/2025 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `private-dev-glob` --- ### 📝 Commits (7) - [`c5fba25`](https://github.com/netblue30/firejail/commit/c5fba25a2cdf49de46b8de3ad75dccede1c9e3cf) fs_dev.c: sort includes - [`9934dd1`](https://github.com/netblue30/firejail/commit/9934dd1b69fba24fbc9b205e38c97a45b76700d8) fs_dev.c: fix misc whitespace - [`57c937e`](https://github.com/netblue30/firejail/commit/57c937ef31f929264034a6a96d8835c95fa6e097) fs_dev.c: reduce indentation in deventry_mount - [`1c11f64`](https://github.com/netblue30/firejail/commit/1c11f6498c1518c7267efa89b93dafd466acba10) fs_dev.c: split deventry_mount into should_mount - [`4b99bd9`](https://github.com/netblue30/firejail/commit/4b99bd9e9646458678ba0d4b7c76b0637b4c9cc3) fs_dev.c: split deventry_mount into deventry_mount_all - [`edf623f`](https://github.com/netblue30/firejail/commit/edf623f83eeeb11d34616645534370d33c0b99db) fs_dev.c: improve checks and logging in deventry_mount - [`7ae5db2`](https://github.com/netblue30/firejail/commit/7ae5db21339a10f8d1bac64a9bf7a7d192aab1dd) feature: use globbing in hardcoded numbered /dev paths ### 📊 Changes **1 file changed** (+253 additions, -122 deletions) <details> <summary>View changed files</summary> 📝 `src/firejail/fs_dev.c` (+253 -122) </details> ### 📄 Description Certain devices appear in numbered paths in /dev (such as `/dev/hidraw0` or `/dev/hidraw1`) when they are plugged in. When private-dev is used, it attempts to include a hardcoded list of /dev paths in the sandbox. Since the hardcoded paths only go up to a specific number (mostly from 0 to 9), devices that appear at higher numbered paths (such as `/dev/hidraw10` or `/dev/hidraw20`) do not show up in /dev when private-dev is enabled. This issue also affects options that attempt to disable numbered paths (such as --no3d and --nou2f), independently of whether private-dev is used. Fix this by using glob patterns (such as `/dev/hidraw[0-9]*`) to ensure that all relevant numbered paths are matched regardless of number. The globbing is similar to the one from commit 2993298aa ("firecfg: parse config files in /etc/firejail/firecfg.d", 2023-06-29) / PR #5876. Closes #2723. Reported-by: @tsankuanglee Reported-by: @WPettersson --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:51:17 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6128

No description provided.

Rows
Columns