-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: feature: add support for wayland-security-context-v1 #6436
base: master
Are you sure you want to change the base?
Conversation
Sounds good. But consider For what is the name used? Does a random name make sense, problems?
Since pids can get reused, a random id (maybe We do not have anything like a unique instance identifier (usually pids are used) in firejail yet, so it can not be used for anything else.
Adding a new feature ( |
makes sense
From the wayland protocol:
So it should not be random, and it should be the same for every instance of the running program, so it should probably not be the sandbox name either. On second thought the profile name may not be suited for this as it does not identify the actually running program since you can just use
It's mostly just a way for compositors to identify a running instance in a race free way, I would just use a secure random source that's easy to call.
Sounds reasonable. I'll keep it here as a reminder, for the time being and open a new PR if this one has been merged. |
#endif | ||
"\n\t- wayland security context support is " | ||
#ifdef HAVE_WAYLAND_SECURITY_CONTEXT | ||
"enabled" | ||
#else | ||
"disabled" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By default put the wayland code right before the x11 code so that it's more or
less sorted.
This applies to all files except wayland.c (and env.c, which is already sorted).
Add support for limiting access to privileged wayland protocols via security-context-v1
To do this firejail needs to create a new wayland socket and attach a security context to it, which it then passes to the sandboxed application.
See also: flatpak#4920
Todo:
HAVE_WAYLAND_SECURITY_CONTEXT
--wayland
cli flagsecurity-context
global and creating a security context for an applicationwayland
for using a security context, orwayland none
to disable access to wayland)Open Questions:
WAYLAND_SOCKET
, see flatpak#5614:sandbox_engine
to use. Flatpak usesorg.flatpak
, usecom.wordpress.firejail
, thanks @rusty-snakeapp_id
to use. Flatpak uses the flatpak application ID (e.g.org.signal.Signal
for the Signal messenger app), maybe use the name of the profile in use?instance_id
to use. Has to be unique to the currently running sandbox and should never be reused. Just use a (secure) random identifier from/dev/urandom
or similar?