profiles: private-etc fixes #5641
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is no `/etc/groups` AFAIK. Existing typo prior to private-etc rework likely caused this.
`passwd` is already in @default group.
There is no `/etc/groups` AFAIK. Existing typo prior to private-etc rework likely caused this.
There is no `/etc/groups` AFAIK. Existing typo prior to private-etc rework likely caused this.
`dconfgtk-3.0` was missing a `,` prior to the private-etc rework.
There is no `/etc/jwhois.conf` AFAIK. Existing typo prior to private-etc rework likely caused this.
There is no `/etc/ssli` AFAIK. Existing typo prior to private-etc rework likely caused this.
|
all merged, thanks! |
rusty-snake
reviewed
Feb 6, 2023
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
This reverts commit 5d0822c and later commits that touch the same files (which is necessary in order to revert the commit in question). There seems to be a non-trivial amount of changes done in error in the big refactor from commit 5d0822c ("private-etc: big profile changes", 2023-02-05). For example, there are profiles for CLI programs (including man.profile) and servers that now contain the @X11 group: $ git grep -l '^private-etc .*@X11' -- etc # [...] etc/profile-a-l/email-common.profile:private-etc @tls-ca,@X11,gnupg,hosts.conf,mailname,timezone etc/profile-m-z/man.profile:private-etc @X11,groff,man_db.conf,manpath.config,sysless etc/profile-m-z/mutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo etc/profile-m-z/neomutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver etc/profile-m-z/nextcloud.profile:private-etc @tls-ca,@X11,Nextcloud,host.conf,os-release etc/profile-m-z/nodejs-common.profile:private-etc @tls-ca,@X11,host.conf,mime.types,rpc,services Note: These are just the ones that I immediately noticed; it is possible that there are many that I missed. Part of the issue is that the groups appear to be inconsistent and rather broad. For exmaple, paths related to 3D graphics (vulkan) and audio (openal) are in the @games group, which are not used only by games and not all games use those standards/libraries. As another example, the @X11 group contains paths related to GTK, KDE and GPU hardware acceleration, even though those are not necessarily tied to X11 (and even though hardware acceleration may be used by headless programs). Replacing the known paths with groups that are not very granular results in loss of information about what exactly a profile actually needs and so makes the profiles less self-documenting. Note also that a given path could potentially belong to multiple groups, which would preclude using the "etc-cleanup" tool (in its current form at least), as it would not know which is the correct group to replace the path with. Command used to revert the changes: $ git revert \ 1be9bb3 \ e889db0 \ e6f2374 \ acb0154 \ 740f502 \ 5649bd4 \ 2e4e9d1 \ 0f996ea \ 5d0822c Note: This reverts commits from PRs netblue30#5641 netblue30#5642 netblue30#5643, most of which are later re-applied. Relates to netblue30#5610.
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/groups` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 001f541)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/password` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 5f01eb1)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/groups` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 2588d51)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/groups` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit aea2109)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
`dconfgtk-3.0` is missing a `,`. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 81f8847)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/ssli` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit f9c009e)
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
This reverts commit 5d0822c and later commits that touch the same files (which is necessary in order to revert the commit in question). There seems to be a non-trivial amount of changes done in error in the big refactor from commit 5d0822c ("private-etc: big profile changes", 2023-02-05). For example, there are profiles for CLI programs (including man.profile) and servers that now contain the @X11 group: $ git grep -l '^private-etc .*@X11' -- etc # [...] etc/profile-a-l/email-common.profile:private-etc @tls-ca,@X11,gnupg,hosts.conf,mailname,timezone etc/profile-m-z/man.profile:private-etc @X11,groff,man_db.conf,manpath.config,sysless etc/profile-m-z/mutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo etc/profile-m-z/neomutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver etc/profile-m-z/nextcloud.profile:private-etc @tls-ca,@X11,Nextcloud,host.conf,os-release etc/profile-m-z/nodejs-common.profile:private-etc @tls-ca,@X11,host.conf,mime.types,rpc,services Note: These are just the ones that I immediately noticed; it is possible that there are many that I missed. Part of the issue is that the groups appear to be inconsistent and rather broad. For example, paths related to 3D graphics (vulkan) and audio (openal) are in the @games group, which are not used only by games and not all games use those standards/libraries. As another example, the @X11 group contains paths related to GTK, KDE and GPU hardware acceleration, even though those are not necessarily tied to X11 (and even though hardware acceleration may be used by headless programs). Replacing the known paths with groups that are not very granular results in loss of information about what exactly a profile actually needs and so makes the profiles less self-documenting. Note also that a given path could potentially belong to multiple groups, which would preclude using the "etc-cleanup" tool (in its current form at least), as it would not know which is the correct group to replace the path with. Command used to revert the changes: $ git revert \ 1be9bb3 \ e889db0 \ e6f2374 \ acb0154 \ 740f502 \ 5649bd4 \ 2e4e9d1 \ 0f996ea \ 5d0822c Note: This reverts commits from PRs netblue30#5641 netblue30#5642 netblue30#5643, most of which are later re-applied. Relates to netblue30#5610.
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/groups` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 001f541)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/password` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 5f01eb1)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/groups` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 2588d51)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/groups` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit aea2109)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
`dconfgtk-3.0` is missing a `,`. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit 81f8847)
kmk3
pushed a commit
to kmk3/firejail
that referenced
this pull request
Feb 7, 2023
There is no `/etc/ssli` AFAIK. Existing typo likely caused this. Committer note: The original commit is part of PR netblue30#5641. (cherry picked from commit f9c009e)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The private-etc rework is really showing its value in 5d0822c. Easier to spot
odditiesnow, like prior typos that stayed undetected.Relates to #5610.