Firejail: Making cgroup feature configurable in firejail.config

Created on 27 Jan 2019  路  3Comments  路  Source: netblue30/firejail

Currently some functionality can be globally disabled in /etc/firejail/firejail.config.
Can you please extend it to allow disabling --cgroup?
Some users might want to disallow that as it can place the process in a different cgroup with different restrictions.

enhancement
Source
picture reinerh

Most helpful comment

all set: https://github.com/netblue30/firejail/commit/a061b3f3d43d760f074ad49317f9659717ff7101

picture netblue30 on 27 Jan 2019
👍3

All 3 comments

all set: https://github.com/netblue30/firejail/commit/a061b3f3d43d760f074ad49317f9659717ff7101

netblue30 picture netblue30 on 27 Jan 2019
👍3

Awesome, thanks.
I will probably backport it to Debian's 0.9.58 package, as this was mentioned in a bug report (https://bugs.debian.org/916920) and disable it in the default configuration.

reinerh picture reinerh on 27 Jan 2019
👍1

No problem, and thanks for the fix! Somehow I've missed strncmp!

netblue30 picture netblue30 on 28 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

reinerh picture reinerh  路  3Comments
ghost picture ghost  路  3Comments
dandelionred picture dandelionred  路  3Comments
polyzen picture polyzen  路  4Comments
Fincer picture Fincer  路  4Comments