Bug 1301286 - Review Request: firejail - A SUID sandbox program
Review Request: firejail - A SUID sandbox program
Status: NEW
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-23 10:32 EST by Jamie Nguyen
Modified: 2017-05-11 14:16 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jamie Nguyen 2016-01-23 10:32:02 EST
Spec URL: https://jamielinux.fedorapeople.org/firejail/firejail.spec
SRPM URL: https://jamielinux.fedorapeople.org/firejail/firejail-0.9.36-1.fc23.src.rpm
Fedora Account System Username: jamielinux

Description:
Firejail is a SUID security sandbox program that reduces the risk of security
breaches by restricting the running environment of untrusted applications using
Linux namespaces and seccomp-bpf. It allows a process and all its descendants
to have their own private view of the globally shared kernel resources, such as
the network stack, process table, and mount table.
Comment 1 Petr Pisar 2016-02-02 10:10:51 EST
The firejail package must own %{_datadir}/bash-completion directory because it install files there and the directory is not owned by any dependency.
Comment 2 Jamie Nguyen 2016-02-02 10:34:02 EST
Thanks Petr.

Spec URL: https://jamielinux.fedorapeople.org/firejail/firejail.spec
SRPM URL: https://jamielinux.fedorapeople.org/firejail/firejail-0.9.36-2.fc23.src.rpm

* Tue Feb 02 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.9.36-2
- own bash-completion directory
- fix libdir in disable-devel.inc
Comment 3 Dhiru Kholia 2016-03-27 05:36:28 EDT
https://fedorapeople.org/~halfie/packages/firejail/firejail.spec

This .spec files packages Firejail 0.9.38, and it also simplifies inclusion of various profiles.

I am actually unable to run Firejail on Fedora. Running "firejail hexchat" does not launch hexchat on Fedora systems. While doing the same on Ubuntu launches hexchat just fine. How do I test this package further in Fedora?
Comment 4 Dhiru Kholia 2016-05-19 03:13:36 EDT
Firejail packages from https://copr.fedorainfracloud.org/coprs/heikoada/firejail/ run fine on Fedora 24.

Also see https://github.com/netblue30/firejail/issues/399 page.

Note You need to log in before you can comment on or make changes to this bug.