New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
firejail: 0.9.58.2 -> 0.9.60 #62186
firejail: 0.9.58.2 -> 0.9.60 #62186
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feel free to add yourself as maintainer if you prefer (I use nsjail
pretty much exclusively nowadays)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't run for me in nix-review as it tries to create a directory inside /run.
[nix-shell:~/tmp]$ firejail
Error mkdir: util.c:1025 create_empty_dir_as_root: Permission denied
[nix-shell:~/tmp]$
stat("/run", {st_mode=S_IFDIR|0755, st_size=600, ...}) = 0
stat("/run/firejail", 0x7ffcfbfdeac0) = -1 ENOENT (No such file or directory)
stat("/run/firejail", 0x7ffcfbfde780) = -1 ENOENT (No such file or directory)
mkdir("/run/firejail", 0755) = -1 EACCES (Permission denied)
dup(2) = 3
fcntl(3, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat(3, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
write(3, "Error mkdir: util.c:1025 create_"..., 69Error mkdir: util.c:1025 create_empty_dir_as_root: Permission denied
) = 69
close(3) = 0
setresuid(-1, 0, -1) = -1 EPERM (Operation not permitted)
setresgid(-1, 0, -1) = -1 EPERM (Operation not permitted)
getpid() = 26427
unlink("/run/firejail/bandwidth/26427-bandwidth") = -1 ENOENT (No such file or directory)
unlink("/run/firejail/network/26427-netmap") = -1 ENOENT (No such file or directory)
unlink("/run/firejail/name/26427") = -1 ENOENT (No such file or directory)
unlink("/run/firejail/x11/26427") = -1 ENOENT (No such file or directory)
unlink("/run/firejail/profile/26427") = -1 ENOENT (No such file or directory)
exit_group(1) = ?
+++ exited with 1 +++
@mmahut Unfortunately, firejail needs setuid-root for multiple things it wants to do, and it doesn't provide rootless mode (which is a bit unfortunate). So I think what you observe isn't a regression. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@7c6f434c you are right, I confirm it is the same case with the previous version. Installing it directly and running from root works fine.
- reviewed the diff and commit messages
- made sure ofBorg build succeeded for all applicable platforms
- run nix-review without any failures
- run and tested the binaries
Will consider, but mostly a fly-by. Will adopt if find myself using it even a little! :) |
Motivation for this change
https://firejail.wordpress.com/download-2/release-notes/
(link not specific to this version, sorry!)
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)