feature: add --disable-sandbox-check configure flag #6592
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kmk3
changed the title
powerjungle
force-pushed
the
feat/run-firejail-in-sandbox-for-testing
branch
3 times, most recently
from
1f7e9d6 to
422c544
Compare
powerjungle
force-pushed
the
feat/run-firejail-in-sandbox-for-testing
branch
from
422c544 to
5f36f03
Compare
This flag disables the code which checks whether the current instance of firejail is running within a sandbox like LXC, chroot or firejail itself. If we want to develop firejail inside of a sandbox, to keep the "host system" clean of unnecessary installed dependencies and changes to the system, we might want to force firejail to run normally, so that we can test different profiles inside of the sandbox. This is only meant for people who are working on the firejail code, not someone attempting to run firejail inside of a sandbox as a user, because it needs to run as root and it can escape the sandbox easily.
powerjungle
force-pushed
the
feat/run-firejail-in-sandbox-for-testing
branch
from
5f36f03 to
108327c
Compare
|
Merging in, thanks! |
kmk3
changed the title
kmk3
added a commit
that referenced
this pull request
Jan 16, 2025
This reverts commit 5c6fa6a. The commit in question causes `HAVE_SANDBOX_CHECK` to always be unset (instead of only when `--disable-sandbox-check` is used), as its value was being passed to the compiler through `MANFLAGS`. Move the macro back into `MANFLAGS` for simplicity. Also, using `--disable-sandbox-check` breaks the tests and thus also breaks CI (see #6619). Relates to #6592.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This flag disables the code which checks whether the current instance of
firejail is running within a sandbox like LXC, chroot or firejail itself.
If we want to develop firejail inside of a sandbox, to keep the "host system"
clean of unnecessary installed dependencies and changes to the system,
we might want to force firejail to run normally, so that we can test different
profiles inside of the sandbox. This is only meant for people who are working
on the firejail code, not someone attempting to run firejail inside of a
sandbox as a user, because it needs to run as root and it can escape the
sandbox easily.