[PR #6878] [MERGED] feature: add arg-max-count / arg-max-len to firejail.config #6215

New issue

Closed

opened 2026-05-05 10:52:51 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:52:51 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6878
Author: @tht2005
Created: 8/21/2025
Status: ✅ Merged
Merged: 10/30/2025
Merged by: @kmk3

Base: master ← Head: make-max-args-configurable

📝 Commits (10+)

bf64a37 feature: add max-arg-count and max-arg-len to firejail.config
1396541 change type of max_arg_count and max_arg_len to unsigned long
0188d3b use long for max-arg-count
49ac6ed only alloc fullargv when needed
3af47f3 max-arg-count: limit the alloc size of fullargv
3fd86ad max-arg-count: add debug messages
67ae33b max-arg-count: fix fullargv length check
a5c0111 max-arg-count: rename size var to fullargv_sz
428f1be max-arg-count: memset fullargv
75eda63 max-arg-count: turn max-arg-count into int again

📊 Changes

5 files changed (+70 additions, -11 deletions)

View changed files

📝 etc/firejail.config (+12 -0)
📝 src/firejail/checkcfg.c (+23 -0)
📝 src/firejail/firejail.h (+3 -3)
📝 src/firejail/main.c (+30 -7)
📝 src/firejail/restricted_shell.c (+2 -1)

📄 Description

Firejail can not run when number of arguments is too much ( > 128) so we should replace hardcoded MAX_ARGS=128 by a global configurable option.

We can implement a simple vector (like std::vector) so that we can have as many arguments as the heap can contain, i think this is safe because if it use too much memory we can kill the program after. I would like to hear opinion of maintainers about this.

Closes #4633

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6878 **Author:** [@tht2005](https://github.com/tht2005) **Created:** 8/21/2025 **Status:** ✅ Merged **Merged:** 10/30/2025 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `make-max-args-configurable` --- ### 📝 Commits (10+) - [`bf64a37`](https://github.com/netblue30/firejail/commit/bf64a375f5ff5d9845c84bbce1c727507231d02c) feature: add max-arg-count and max-arg-len to firejail.config - [`1396541`](https://github.com/netblue30/firejail/commit/13965413d1fafdbbc346dfb8cbff6b688b4c4dfe) change type of max_arg_count and max_arg_len to unsigned long - [`0188d3b`](https://github.com/netblue30/firejail/commit/0188d3be6dc853a3c6e1b68eb0a344738401085c) use long for max-arg-count - [`49ac6ed`](https://github.com/netblue30/firejail/commit/49ac6ed985a673f68ebd27f5218f1359cdb953d1) only alloc fullargv when needed - [`3af47f3`](https://github.com/netblue30/firejail/commit/3af47f343c9d80b3b0208595cc01a1f64726cc3f) max-arg-count: limit the alloc size of fullargv - [`3fd86ad`](https://github.com/netblue30/firejail/commit/3fd86add359c82a883cf0326fe0c407170c13b3a) max-arg-count: add debug messages - [`67ae33b`](https://github.com/netblue30/firejail/commit/67ae33b83601467a237aff6fbeef68f7ebc50873) max-arg-count: fix fullargv length check - [`a5c0111`](https://github.com/netblue30/firejail/commit/a5c011166437deaed219e04ea1a2348d33351e1a) max-arg-count: rename size var to fullargv_sz - [`428f1be`](https://github.com/netblue30/firejail/commit/428f1be658c3dae86d36f1852c493f600d8074f1) max-arg-count: memset fullargv - [`75eda63`](https://github.com/netblue30/firejail/commit/75eda6371fb5782c1154d20cc832a9eec97c6bfc) max-arg-count: turn max-arg-count into int again ### 📊 Changes **5 files changed** (+70 additions, -11 deletions) <details> <summary>View changed files</summary> 📝 `etc/firejail.config` (+12 -0) 📝 `src/firejail/checkcfg.c` (+23 -0) 📝 `src/firejail/firejail.h` (+3 -3) 📝 `src/firejail/main.c` (+30 -7) 📝 `src/firejail/restricted_shell.c` (+2 -1) </details> ### 📄 Description Firejail can not run when number of arguments is too much ( > 128) so we should replace hardcoded MAX_ARGS=128 by a global configurable option. We can implement a simple vector (like std::vector) so that we can have as many arguments as the heap can contain, i think this is safe because if it use too much memory we can kill the program after. I would like to hear opinion of maintainers about this. Closes #4633 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:52:51 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6215

No description provided.

Rows
Columns