search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.8k stars 567 forks source link

Firejail breaks process substitution #6288

Open rusty-snake opened 7 months ago

rusty-snake commented 7 months ago

Description

Firejail breaks process substitution which is really hard to find/debug.

For programs that are typically used in shell scripts we could consider to add keep-fd all.

Steps to Reproduce

$ LC_ALL=C firejail --quiet --noprofile cat <(echo hi)
cat: /proc/self/fd/11: No such file or directory

Additional context

firecfg.py has the concept of alias overrides. i.e. you do not use firejail if you call from $PATH but from a interactive shell.

glitsj16 commented 7 months ago

Reproduced on Arch Linux with firejail from git master.

For programs that are typically used in shell scripts we could consider to add keep-fd all.

Adding keep-fd all to such profiles would be a welcome addition indeed.