github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #1105] Arbitrary command line arguments in profile files? #759

New issue

Closed

opened 2026-05-05 06:35:26 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 06:35:26 -06:00

Owner

Originally created by @nullchinchilla on GitHub (Feb 17, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1105

It seems like there are certain command-line arguments that cannot be configured in profile files, like x11=xorg. Is it possible to specify them in profile files instead of remembering to add the command-line argument every time the command is run? This is especially useful when you symlink firejail into /usr/local/bin to "magically" jail certain commands.

Originally created by @nullchinchilla on GitHub (Feb 17, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1105 It seems like there are certain command-line arguments that cannot be configured in profile files, like `x11=xorg`. Is it possible to specify them in profile files instead of remembering to add the command-line argument every time the command is run? This is especially useful when you symlink firejail into /usr/local/bin to "magically" jail certain commands.

gitea-mirror

2026-05-05 06:35:27 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 06:35:33 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 18, 2017):

Most commands are already supported in profile files. For example "x11 xorg":

$ man firejail-profile
[...]
      x11    Enable X11 sandboxing.

       x11 none
              Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and file
              specified in ${XAUTHORITY} environment variable.  Remove DISPLAY
              and  XAUTHORITY  environment variables.  Stop with error message
              if X11 abstract socket will be accessible in jail.

       x11 xephyr
              Enable X11 sandboxing with xephyr.

       x11 xorg
              Enable X11 sandboxing with X11 security extension.

       x11 xpra
              Enable X11 sandboxing with xpra.
[...]

If you find a command that is not supported, it is very easy to add it, so just let me know.

@netblue30 commented on GitHub (Feb 18, 2017): Most commands are already supported in profile files. For example "x11 xorg": ````` $ man firejail-profile [...] x11 Enable X11 sandboxing. x11 none Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and file specified in ${XAUTHORITY} environment variable. Remove DISPLAY and XAUTHORITY environment variables. Stop with error message if X11 abstract socket will be accessible in jail. x11 xephyr Enable X11 sandboxing with xephyr. x11 xorg Enable X11 sandboxing with X11 security extension. x11 xpra Enable X11 sandboxing with xpra. [...] ````` If you find a command that is not supported, it is very easy to add it, so just let me know.

gitea-mirror commented

2026-05-05 06:35:36 -06:00

Author

Owner

@nullchinchilla commented on GitHub (Feb 18, 2017):

Ah, I must have missed it then.

@nullchinchilla commented on GitHub (Feb 18, 2017): Ah, I must have missed it then.

gitea-mirror commented

2026-05-05 06:35:39 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 19, 2017):

No problem. The idea is to have all --options supported in profiles, if you find one missing let me know.

@netblue30 commented on GitHub (Feb 19, 2017): No problem. The idea is to have all --options supported in profiles, if you find one missing let me know.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#759

No description provided.

Rows
Columns