[PR #7095] [MERGED] modif: replace --keep-hostname with new --hostname-randomize #6314

New issue

Closed

opened 2026-05-05 10:54:37 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:54:37 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/7095
Author: @kmk3
Created: 3/7/2026
Status: ✅ Merged
Merged: 3/9/2026
Merged by: @netblue30

Base: master ← Head: add-hostname-randomize

📝 Commits (1)

09329b9 modif: replace --keep-hostname with new --hostname-randomize

📊 Changes

15 files changed (+87 additions, -53 deletions)

View changed files

📝 README.md (+11 -5)
📝 RELNOTES (+3 -1)
📝 contrib/syntax/lists/profile_commands_arg0.list (+1 -0)
📝 etc/profile-a-l/libreoffice.profile (+2 -2)
📝 etc/profile-m-z/noprofile.profile (+0 -1)
📝 etc/templates/profile.template (+1 -1)
📝 src/firejail/firejail.h (+3 -2)
📝 src/firejail/fs_hostname.c (+13 -10)
📝 src/firejail/main.c (+9 -6)
📝 src/firejail/profile.c (+10 -5)
📝 src/firejail/sandbox.c (+6 -3)
📝 src/firejail/usage.c (+1 -1)
📝 src/man/firejail-profile.5.in (+2 -3)
📝 src/man/firejail.1.in (+24 -12)
📝 test/private-etc/hostname.exp (+1 -1)

📄 Description

Changes:

Keep hostname by default (same as using --keep-hostname)
Add --hostname-randomize command to randomize the hostname
Ignore --keep-hostname command and print a warning if it is used

Setting a different hostname inside of the sandbox may prevent X11
programs from authenticating to the X server and displaying windows at
all (see #7062).

To avoid breakage, keep the hostname as is by default and only set it to
a random value if a new hostname-randomize command is used.

This also avoids potentially surprising behavior, as the user might not
expect the hostname to be changed inside of the sandbox, considering
that usually the protections that are applied firejail involve
restricting access to resources (like file paths), rather than modifying
their values inside of the sandbox.

Related commits:

cc8b019b5 ("--keep-hostname part 1 (#7048)", 2026-02-03)
6f164f415 ("--keep-hostname part 2 (#7048)", 2026-02-03)
ef7f8ee83 ("--keep-hostname part 3 (#7048)", 2026-02-08)
026332a81 ("merges", 2026-02-08)
fbc94070e ("adding keep-hostname to libreoffice.profile", 2026-02-11)
e31d872a5 ("profiles: add keep-hostname to profile.template", 2026-02-11)
df75e45cf ("profiles: add keep-hostname to noprofile.profile", 2026-02-19)

Fixes #7062

Relates to #7048 #7069.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/7095 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 3/7/2026 **Status:** ✅ Merged **Merged:** 3/9/2026 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `add-hostname-randomize` --- ### 📝 Commits (1) - [`09329b9`](https://github.com/netblue30/firejail/commit/09329b990fe668b2c41531faf4383b55423d86c2) modif: replace --keep-hostname with new --hostname-randomize ### 📊 Changes **15 files changed** (+87 additions, -53 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+11 -5) 📝 `RELNOTES` (+3 -1) 📝 `contrib/syntax/lists/profile_commands_arg0.list` (+1 -0) 📝 `etc/profile-a-l/libreoffice.profile` (+2 -2) 📝 `etc/profile-m-z/noprofile.profile` (+0 -1) 📝 `etc/templates/profile.template` (+1 -1) 📝 `src/firejail/firejail.h` (+3 -2) 📝 `src/firejail/fs_hostname.c` (+13 -10) 📝 `src/firejail/main.c` (+9 -6) 📝 `src/firejail/profile.c` (+10 -5) 📝 `src/firejail/sandbox.c` (+6 -3) 📝 `src/firejail/usage.c` (+1 -1) 📝 `src/man/firejail-profile.5.in` (+2 -3) 📝 `src/man/firejail.1.in` (+24 -12) 📝 `test/private-etc/hostname.exp` (+1 -1) </details> ### 📄 Description Changes: * Keep hostname by default (same as using `--keep-hostname`) * Add `--hostname-randomize` command to randomize the hostname * Ignore `--keep-hostname` command and print a warning if it is used Setting a different hostname inside of the sandbox may prevent X11 programs from authenticating to the X server and displaying windows at all (see #7062). To avoid breakage, keep the hostname as is by default and only set it to a random value if a new `hostname-randomize` command is used. This also avoids potentially surprising behavior, as the user might not expect the hostname to be changed inside of the sandbox, considering that usually the protections that are applied firejail involve restricting access to resources (like file paths), rather than modifying their values inside of the sandbox. Related commits: * cc8b019b5 ("--keep-hostname part 1 (#7048)", 2026-02-03) * 6f164f415 ("--keep-hostname part 2 (#7048)", 2026-02-03) * ef7f8ee83 ("--keep-hostname part 3 (#7048)", 2026-02-08) * 026332a81 ("merges", 2026-02-08) * fbc94070e ("adding keep-hostname to libreoffice.profile", 2026-02-11) * e31d872a5 ("profiles: add keep-hostname to profile.template", 2026-02-11) * df75e45cf ("profiles: add keep-hostname to noprofile.profile", 2026-02-19) Fixes #7062 Relates to #7048 #7069. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:54:37 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6314

No description provided.

Rows
Columns