Open simonfxr opened 5 years ago
--net
(except of --net=none
):
# Enable or disable restricted network support, default disabled. If enabled,
# networking features should also be enabled (network yes).
# Restricted networking grants access to --interface, --net=ethXXX and
# --netfilter only to root user. Regular users are only allowed --net=none.
# restricted-network no
or firejail.users
to restrict users who are allowed to use it.
netns_allow
, net_allow
or netns_deny
, net_deny
or simelar, would be greate.--join-network
can used to bypass 3. if a sandbox is running.
Using
--netns/--net
as a non root user is quite useful, however without further access checking it is insecure. It allows any firejail user to join any network namespace or access the net through any device. E.g. some user may run an private openvpn instance in a network namespace (as I do) and a different firejail user can now join the network namespace which is clearly not desirable. I believe--net=XXX
(except--net=none
of course) poses a similar problem, since it might make it possible to sidestep system routing policies. My suggestion would be to add some access checking, e.g. by introducing new options in firejail.config. E.g. something like