search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.71k stars 559 forks source link

Cannot add /usr/bin/[ to private-bin #3381

Open nicovs opened 4 years ago

nicovs commented 4 years ago

is there a possibility to add [ to the private-bin?

tried to add with [, "[", '[' or [ but doesnt appear in the jail.

Capistrano prepends /usr/bin/env to it's command eg [ -e path/to/file ], causing the shell not to use the [ internal, but the actual /usr/bin/[ command. The actual error:

[15:49:37] [jaileduser@server] ~  [ ! -e cachetool.phar ] && echo not found
not found
 [15:49:38] [jaileduser@server] ~  /usr/bin/env [ ! -e cachetool.phar ] && echo not found
env: ‘[’: Permission denied

With private-bin: private-bin ...xargs,zcat,zip,zless,'[',test

Debug output on the jail:

Checking /usr/local/bin/zip
Checking /usr/bin/zip
sbox run: /run/firejail/lib/fcopy /usr/bin/zip /run/firejail/mnt/bin (null)
Checking /usr/local/bin/zless
Checking /usr/bin/zless
Checking /bin/zless
sbox run: /run/firejail/lib/fcopy /bin/zless /run/firejail/mnt/bin (null)
Checking /usr/local/bin/test
Checking /usr/bin/test
sbox run: /run/firejail/lib/fcopy /usr/bin/test /run/firejail/mnt/bin (null)
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
rusty-snake commented 4 years ago

Using private-bin \[ gives: Error: "/usr/bin/[" is an invalid filename: rejected character: "["