sys-apps / firejail

Security sandbox for any type of processes

Official package sites : https://firejail.wordpress.com/ ·

Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. This is the regular version. For a long term support version see sys-apps/firejail-lts.

v9999 :: 0 :: gentoo

Modified
License
GPL-2
USE flags
X apparmor chroot contrib dbusproxy file-transfer globalcfg network private-home suid test userns whitelist

v0.9.64.4 :: 0 :: gentoo

Modified
License
GPL-2
Keywords
amd64 ~arm ~arm64 ~x86
USE flags
X apparmor chroot contrib dbusproxy file-transfer globalcfg network private-home suid test userns whitelist

General

X
Enable X11 sandboxing
apparmor
Enable support for custom AppArmor profiles
chroot
Enable chrooting to custom directory
contrib
Install contrib scripts
dbusproxy
Enable DBus proxying to filter access in supporting profiles
file-transfer
Enable file transfers between sandboxes and the host system
globalcfg
Enable global config file
network
Enable networking features
private-home
Enable private home feature
suid
Enable setuid root program, with potential security risks
test
Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
userns
Enable attaching a new user namespace to a sandbox (--noroot option)
whitelist
Enable whitelist

kernel

linux
KERNEL setting for system using the Linux kernel

python_single_target

python3_7
Build for Python 3.7 only
python3_8
Build for Python 3.8 only
python3_9
Build for Python 3.9 only

dev-lang / python : An interpreted, interactive, object-oriented programming language

dev-lang / python-exec : Python script wrapper

dev-tcltk / expect : tool for automating interactive applications

sys-apps / firejail-lts : Security sandbox for any type of processes; LTS version

sys-apps / xdg-dbus-proxy : Filtering proxy for D-Bus connections

sys-libs / libapparmor : Library to support AppArmor userspace utilities

sys-libs / libseccomp : high level interface to Linux seccomp filter

dev-lang / python : An interpreted, interactive, object-oriented programming language

dev-lang / python-exec : Python script wrapper

sys-apps / firejail-lts : Security sandbox for any type of processes; LTS version

sys-apps / xdg-dbus-proxy : Filtering proxy for D-Bus connections

sys-libs / libapparmor : Library to support AppArmor userspace utilities

sys-apps / firejail-lts : Security sandbox for any type of processes; LTS version

663784
=sys-apps/firejail-0.9.54[-suid] Error mkdir: util.c:931 create_empty_dir_as_root: Permission denied
694966
sys-apps/firejail profiles for strings and fontforge breake installation of media-libs/x264 and app-office/libreoffice
769542
<sys-apps/firejail-0.9.64.4: root privilege escalation (CVE-2021-26910)
769731
sys-apps/firejail test failures
Repository mirror & CI · gentoo
Merge updates from master
Sam James · gentoo
sys-apps/firejail: Keyword 0.9.64.4 arm, #769710
Signed-off-by: Sam James <sam@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Repository mirror & CI · gentoo
Merge updates from master
Sam James · gentoo
sys-apps/firejail: RESTRICT tests which fail in sandbox
See bug and referenced GitHub PR for details. Bug: https://bugs.gentoo.org/769731 Package-Manager: Portage-3.0.14-prefix, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org>
Hank Leininger · gentoo
sys-apps/firejail: Removed old versions and obsolete USE flag
Closes: https://github.com/gentoo/gentoo/pull/19512 Signed-off-by: Hank Leininger <hlein@korelogic.com> Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
Sam James · gentoo
sys-apps/firejail: Stabilize 0.9.64.4 amd64, #769542
Signed-off-by: Sam James <sam@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Hank Leininger · gentoo
sys-apps/firejail: Version bump, disables overlayfs to fix privesc
New version disables overlayfs, which has a root privesc vuln. Some new profiles and other minor fixes also included. Disable overlayfs USE flag in live ebuild as well. Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://bugs.gentoo.org/769230 Bug: https://bugs.gentoo.org/769542 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Closes: https://github.com/gentoo/gentoo/pull/19377 Signed-off-by: Sam James <sam@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Michał Górny · gentoo
*/*: Remove obsolete values from PYTHON_COMPAT
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Roy Bamford · gentoo
sys-apps/firejail: added ~arm64
Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Roy Bamford <neddyseagoon@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Repository mirror & CI · gentoo
Merge updates from master
Hank Leininger · gentoo
sys-apps/firejail: Cleanup old versions
Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/736816 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Closes: https://github.com/gentoo/gentoo/pull/18263 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Sam James · gentoo
sys-apps/firejail: Stabilize 0.9.64 amd64, #736816
Signed-off-by: Sam James <sam@gentoo.org>
Hank Leininger · gentoo
sys-apps/firejail: bring live ebuild in line with current
The live ebuild lags behind various fixes; sync it. Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://bugs.gentoo.org/751466 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Closes: https://github.com/gentoo/gentoo/pull/18258 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Hank Leininger · gentoo
sys-apps/firejail: Check for CONFIG_SQUASHFS
firejail's --appimage mode requires squashfs. Not a fatal error since other modes work fine without it. Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://bugs.gentoo.org/697930 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Hank Leininger · gentoo
sys-apps/firejail: Disabled nonworking tests
Skip some tests that were not included in this version of the release tarball. Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://bugs.gentoo.org/753991 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Closes: https://github.com/gentoo/gentoo/pull/18245 Signed-off-by: Aaron Bauman <bman@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Joonas Niilola · gentoo
sys-apps/firejail: move weak blocker to RDEPEND in 0.9.64
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Joonas Niilola · gentoo
sys-apps/firejail: rename 'x11' USE to more globally matched 'X'
- only applied to latest ebuild since previous will get security-cleaned. Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Hank Leininger · gentoo
sys-apps/firejail: Version bump for CVEs, fixes, add proxy maintainer
Version bump to address outstanding CVEs. Confirmed the current release includes the fixes for several open bugs, so closing those. Updated to address feedback in https://github.com/gentoo/gentoo/pull/17929 Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://bugs.gentoo.org/698062 Closes: https://bugs.gentoo.org/747859 Closes: https://bugs.gentoo.org/747613 Closes: https://bugs.gentoo.org/747859 Bug: https://bugs.gentoo.org/736816 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Closes: https://github.com/gentoo/gentoo/pull/17929 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: fixed QA violation
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org>
Dennis Lamm · gentoo
sys-apps/firejail: general ebuild improvement
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org>
Dennis Lamm · gentoo
sys-apps/firejail: don't call CC directly
Closes: https://bugs.gentoo.org/725606 Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org>
Dennis Lamm · gentoo
sys-apps/firejail: drop old
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #730392
Package-Manager: Portage-2.3.99, Repoman-2.3.22 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: version bump
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.79, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: removed old
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.76, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #687108
Package-Manager: Portage-2.3.76, Repoman-2.3.16 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: added live ebuild
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: remove old
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: [QA] fix compressed man pages
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: metadata changed upstream
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Mikle Kolyada · gentoo
sys-apps/firejail: [QA] fix sed calls
Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Mikle Kolyada · gentoo
sys-apps/firejail: QA fixes
Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: bump 0.9.60
Bug: https://bugs.gentoo.org/656360 Bug: https://bugs.gentoo.org/678976 Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.66, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Amadeusz Piotr Żołnowski · gentoo
sys-apps/firejail: Prepare for xpra removal
Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org>
Amadeusz Piotr Żołnowski · gentoo
sys-apps/firejail: Remove older versions
Leave only latest stable and testing versions. Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Bug: https://bugs.gentoo.org/668178 Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Tobias Klausmann · gentoo
sys-apps/firejail-0.9.50-r0: amd64 stable
Gentoo-Bug: http://bugs.gentoo.org/639340
Thomas Deutschmann · gentoo
sys-apps/firejail: keyworded for x86 (bug #595208)
Package-Manager: Portage-2.3.16, Repoman-2.3.6
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Restrict test
Some tests require super user privileges, some require Xorg, etc. Test is not suitable to run from ebuild. Gentoo-Bug: 620118 Package-Manager: Portage-2.3.8, Repoman-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 622540 Package-Manager: Portage-2.3.7, Repoman-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 6201180 Package-Manager: Portage-2.3.5, Repoman-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: Portage-2.3.5, Repoman-2.3.2
Robin H. Johnson · gentoo
Drop $Id$ per council decision in bug #611234.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove vulnerable version
Gentoo-Bug: 607382 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #607382
Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Don't install license file
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 607382 Package-Manager: Portage-2.3.3, Repoman-2.3.1
T. Malfatti · gentoo
media-libs/portaudio: Version bump
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove vulnerable version
Gentoo-Bug: 604758 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #604758
Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Sebastian Pipping · gentoo
sys-apps/firejail: 0.9.44.4 (bug #604758)
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Block firejail-lts rather than itself
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail-lts: Move LTS version to separate package
Having it in a separate package makes it easier for users to follow LTS branch of firejail. Before that users had to mask older versions to test LTS. It's better than having it slotted because portage by default picks up latest version from any slot and user would have to explicitly install particular slot. Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove older LTS version
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump LTS version
It includes security bug fix back-ported to 0.9.38.4. Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Backport security fix to 0.9.38.4
Gentoo-Bug: 601994 Package-Manager: portage-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove vulnerable stable version
Gentoo-Bug: 601994 Package-Manager: portage-2.3.3
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #601994
Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove the vulnerable version
Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
0.9.44.2 is a maintenance and security release for version 0.9.44. Gentoo-Bug: 601994 Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove busybox flag
Busybox workaround is only meant for busybox-based system. Gentoo-Bug: 597910 Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump LTS version to 0.9.38.4
0.9.38.4 addresses CVE-2016-7545. Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove versions with potential security failures
See news from September 2016 at <https://firejail.wordpress.com/>. Package-Manager: portage-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #593710
Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove older revision of 0.9.40
Package-Manager: portage-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove oldest version
Package-Manager: portage-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #588258
Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version to 0.9.42
Package-Manager: portage-2.3.0
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Add version 0.9.38.2
It comes with security fixes. 0.9.38 is stable there this one should be stabilized ASAP. Package-Manager: portage-2.3.0
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #584376
Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Correct deps for X11
It requires xpra both server and client. Package-Manager: portage-2.3.0_rc1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Allow compile time configuration
Networking features and most Linux kernel security features require root privileges during configuration. Firejail (as a SUID binary) opens the access to these features therefore it may be desired to turn off some of the features on compile time. Bump EAPI to 6. Depend on x11-wm/xpra for X11 sandboxing feature. Package-Manager: portage-2.3.0_rc1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: portage-2.3.0_rc1
Mike Frysinger · gentoo
sys-apps/firejail: respect build settings
Mike Frysinger · gentoo
sys-apps/firejail: fix build w/newer glibc #580390
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Downgrade EAPI to 5
Ebuild with EAPI 6 cannot be stabilized. Package-Manager: portage-2.2.27
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 574258 Package-Manager: portage-2.2.27
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Add new package
Package-Manager: portage-2.2.26