Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify that file globbing occurs only at start #3347

Merged
merged 1 commit into from
Apr 12, 2020
Merged

Clarify that file globbing occurs only at start #3347

merged 1 commit into from
Apr 12, 2020

Conversation

aerusso
Copy link
Contributor

@aerusso aerusso commented Apr 11, 2020

firejail can blacklist (and now also whitelist) files based on glob pattern. This pattern is evaluated at firejail start, and not updated at run time. This patch documents this behavior.

The problem

You should be able to reproduce this behavior by:

 firejail --blacklist="${HOME}/somedir/*" /bin/bash

Then, in another shell,

mkdir "${HOME}/somedir"
touch mkdir "${HOME}/somedir/something"

You can access this in the jailed shell. Stopping and restarting it gives the proper blacklisting.

Alternatives

Ideally, the blacklist glob would be evaluated at runtime, but that doesn't seem compatible with the approach firejail uses.

@aerusso
Clarify that file globbing occurs only at start
7352501 
firejail can blacklist (and now also whitelist) files based on glob
pattern.  This pattern is evaluated at firejail start, and not updated
at run time.  This patch documents this behavior.
rusty-snake
rusty-snake reviewed Apr 11, 2020
View reviewed changes
Copy link
Collaborator

@rusty-snake rusty-snake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Maybe we should also document that you will lost all your created (not edited) documents with something like this:

firejail --whitelist=~/Documents/*.odt libreoffice

(libreoffice creates backup in its dotdir AFAIK).

@rusty-snake rusty-snake merged commit aa62872 into netblue30:master Apr 12, 2020
@rusty-snake
Copy link
Collaborator

Merged, Thanks.

kmk3 added a commit to kmk3/firejail that referenced this pull request Sep 12, 2024
@kmk3
docs: man: fix wrong escapes
08b3862 
Remove extranous escape characters and fix bold escaping.

Command used to check for unusual escape sequences:

    $ git grep -E '\\[^ "\f-]|\\f[^BR]' -- src/man/*.in

With this, the only escape sequences used are:

    $ git grep -E -ho -e '\\-' -e '\\[^-][^ ]?' -- src/man/*.in |
      LC_ALL=C sort | uniq -c
          9 \"
          1 \&.
       1194 \-
         23 \\
        507 \fB
        127 \fR

Related commits:

* 1379851 ("Baseline firejail 0.9.28", 2015-08-08)
* 1684c9e ("Fixes for man firejail (netblue30#2628)", 2019-03-29)
* 7352501 ("Clarify that file globbing occurs only at start",
  2020-04-11) / PR netblue30#3347
* f54ee53 ("man text for --include command", 2021-03-05).

This is a follow-up to netblue30#6472.

Kind of relates to netblue30#5903.
@kmk3 kmk3 mentioned this pull request Sep 12, 2024
Merged
kmk3 added a commit to kmk3/firejail that referenced this pull request Sep 13, 2024
@kmk3
docs: man: fix wrong escapes
e8e83c9 
Remove extranous escape characters and fix bold escaping.

Command used to check for unusual escape sequences:

    $ git grep -E -e '\\f[^BR]' -e '\\[^ "\f-]' -- src/man/*.in

With this, the only escape sequences used are:

    $ git grep -E -ho -e '\\-' -e '\\[^-][^ ]?' -- src/man/*.in |
      LC_ALL=C sort | uniq -c
          9 \"
          1 \&.
       1194 \-
         23 \\
        507 \fB
        127 \fR

Related commits:

* 1379851 ("Baseline firejail 0.9.28", 2015-08-08)
* 1684c9e ("Fixes for man firejail (netblue30#2628)", 2019-03-29)
* 7352501 ("Clarify that file globbing occurs only at start",
  2020-04-11) / PR netblue30#3347
* f54ee53 ("man text for --include command", 2021-03-05).

This is a follow-up to netblue30#6472.

Kind of relates to netblue30#5903.
kmk3 added a commit that referenced this pull request Sep 13, 2024
@kmk3
docs: man: fix wrong escapes (#6474)
ef5ca49 
Remove extranous escape characters and fix bold escaping.

Command used to check for unusual escape sequences:

    $ git grep -E -e '\\f[^BR]' -e '\\[^ "\f-]' -- src/man/*.in

With this, the only escape sequences used are:

    $ git grep -E -ho -e '\\-' -e '\\[^-][^ ]?' -- src/man/*.in |
      LC_ALL=C sort | uniq -c
          9 \"
          1 \&.
       1194 \-
         23 \\
        507 \fB
        127 \fR

Related commits:

* 1379851 ("Baseline firejail 0.9.28", 2015-08-08)
* 1684c9e ("Fixes for man firejail (#2628)", 2019-03-29)
* 7352501 ("Clarify that file globbing occurs only at start",
  2020-04-11) / PR #3347
* f54ee53 ("man text for --include command", 2021-03-05).

This is a follow-up to #6472.

Kind of relates to #5903.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rusty-snake rusty-snake rusty-snake left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aerusso @rusty-snake