search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.5k stars 552 forks source link

Support bash like alias #3412

Open rusty-snake opened 4 years ago

rusty-snake commented 4 years ago

A alias statement like in bash can be very handy.

Example

alias notrash=blacklist ${HOME}/.local/share/Trash
alias dbus:notifications=|
dbus-user.call org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notification
dbus-user.broadcast org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notification

Why?

Easier maintenance of profiles.

New command like notrash (see #3081) can be implemented w/o touching C-code.

Performance: Firejail profile becoming harder to maintain a cross distros, getting new features (such as dbus). To deal with that we add more include allow-*.inc commands. include will always cause a disk I/O even for small things. If we now also add dbus-*.inc files (see https://github.com/netblue30/firejail/pull/3406#issuecomment-625455112) which makes sense form the maintenance standpoint, we get more and more files to open just for a few lines.

My firefox.profile has already 22 profiles included.

Alternatives

Instead of a new profile option we could also use a aliasen.xml (or what ever the name/file-type is) in /etc/firejail and ~/.config/firejail.

glitsj16 commented 4 years ago

Personally I really like the aliases idea! Besides the already mentioned complexity/maintenance/performance issues, IMO we face a real need to come up with a syntax format that would also work on the command-line. Something like firejail --notrash --dbus=notifications foo is manageable and reasonably clear as to what it does exactly, which I can't say of the longer format.

rusty-snake commented 4 years ago

I was already thinking about splitting everything regarding the filesystem (blacklist, whitelist, disable-mnt, tmpfs, private-bin, ...) into a low-level-profile-language and a high-level one. Profiles would be written in the high-level-language which will have all things like notrash, nodesktop, private-gnupg (#2786), allusers, private-dev, .... Options like nonewprivs exists in both and are unchanged. The high-level-language would be parsed by a plugin/helper-program (which can be sandboxed, chrooted, setuid=nodboy, ...) which generated the low-level-commands (only blacklist, tmpfs (needs restrictions which paths can be tmpfsed[1]), bind (need restriction too), and nonewprivs, seccomp, mdwe, ...) which is then applied by firejail. This allows faster implementing of new options, less code running with uid=0,euid=nobody.

[1] example: tmpfs is always allowed in $HOME, for /etc only if nonewprivs is set, ...