search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.69k stars 557 forks source link

Patches from Jolla #3960

Closed SkewedZeppelin closed 3 years ago

SkewedZeppelin commented 3 years ago

The Jolla company seems to have used Firejail in their recent OS update. That is pretty neat. https://forum.sailfishos.org/t/release-notes-koli-4-0-1/4542

They have some patches here which maybe should be considered for upstream inclusion: https://github.com/sailfishos/firejail/blob/master/rpm/0002-Fix-symlinks-that-go-though-proc-self.patch https://github.com/sailfishos/firejail/blob/master/rpm/0007-fcopy-Fix-memory-leaks.patch https://github.com/sailfishos/firejail/blob/master/rpm/0009-sandbox-Do-not-leave-file-mounts-underneath-private-.patch

netblue30 commented 3 years ago

I think I'll grab all of them - thanks!

Tomin1 commented 3 years ago

Hi! I'm glad that there is interest in our enhancements to firejail. We would like to prepare pull requests for our patches.

netblue30 commented 3 years ago

Thanks, that's even better. Send the patches!

Tomin1 commented 3 years ago

@netblue30 Do you think you could handle these three patches as one PR or should I create separate PRs? Additionally I think 0005-Add-missing-linefeeds-in-stderr-logging.patch would be also good fit to the same PR if you agree that it's a useful fix.

I will also make PRs for some of the other patches if they have any chance of being accepted. I'm thinking I would first do those three or four already mentioned and then separately: 0003-Add-utility-functions-for-handing-comma-separa.patch, and 0004-Allow-changing-protocol-list-after-initial-set.patch together since they are part of the same improvement.

0006-PATCH-Add-mkdir-and-mkfile-command-line-options-for-.patch as yet another PR.

That would leave two patches that I guess are not that useful for most firejail users since they are very Sailfish OS specific.

netblue30 commented 3 years ago

Do you think you could handle these three patches as one PR or should I create separate PRs?

Your choice, it doesn't really mater. And send patches for all the rest! Thanks a lot!

Tomin1 commented 3 years ago

That would leave two patches that I guess are not that useful for most firejail users since they are very Sailfish OS specific.

Just to be clear, I don't intend to upstream these two. Everything else is already there.

rusty-snake commented 3 years ago

Can we close here?