[ User ] Login

Bug 205: OPEN

Update firejail package

Date: 2018-10-27 - Creator: Ed - Priority critical - 3 messages

The firejail package is severely out of date, which is a bit unfortunate for a 
SUID program. There have been quite a bunch of CVE's since 0.9.34, and 
I'm unsure how many fixes have been backported by the maintainers.

But there is now a fresh LTS version (0.9.56-LTS) with announced two years of 
support, and it builds and runs just fine.

I needed linux-api-headers for building, and had to comment out the following 
lines in /etc/firejail/disable-common.inc for running (I would suggest to patch 
this in the package):
blacklist ${PATH}/crontabs
blacklist ${PATH}/nc
blacklist ${PATH}/su

Best regards, Ed

Affected package(s): firejail


By: Ed on 2018-10-28 02:46

Investigating further, there exists a compile time flag 

This fixes most of these problems with blacklist, unfortunately with exception 
of crontabs. So there is still a need for a manual patch.

By: Ed on 2018-10-28 03:13

Upstream patch: 

By: hgt on 2022-06-14 16:44

Meanwhile firejail-0.9.68 is in the repository.

Can this bug report be closed?