Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Busybox #3416

Closed
reinerh opened this issue May 14, 2020 · 5 comments
Closed

Busybox #3416

reinerh opened this issue May 14, 2020 · 5 comments

Comments

@reinerh
Copy link
Collaborator

reinerh commented May 14, 2020

I just saw and #3411 and remembered that BusyBox also has a built-in shell.
But in addition to that it also has a bunch of other programs (busybox --list).
So BusyBox might be used to run programs that would otherwise be blocked.
What about blocking it by default? In the case it is needed, one can unblock it again.

@glitsj16
Copy link
Collaborator

What about blocking it by default? In the case it is needed, one can unblock it again.

Nice catch. We could add it to disable-common.inc, which should provide broader blocking coverage than #3411 would IMO. Being a utility for rescue and embedded systems the impact of blocking busybox by default should be (very) minimal. Plus we can do that straight-away, no need to wait until @rusty-snake is ready to merge his disable-shell.inc work.

@reinerh
Copy link
Collaborator Author

reinerh commented May 16, 2020

Added in 5e2d5aa.

@reinerh reinerh closed this as completed May 16, 2020
@xplshn
Copy link

xplshn commented Apr 15, 2024

Nice catch. We could add it to disable-common.inc, which should provide broader blocking coverage than #3411 would IMO. Being a utility for rescue and embedded systems the impact of blocking busybox by default should be (very) minimal. Plus we can do that straight-away, no need to wait until @rusty-snake is ready to merge his disable-shell.inc work.

... How can I build firejail in Alpine?

@kmk3
Copy link
Collaborator

kmk3 commented Apr 15, 2024

... How can I build firejail in Alpine?

It's described in README.md:

See also the alpine CI job:

  • firejail/.gitlab-ci.yml

    Lines 95 to 110 in 2301ab2

    build_src_package:
    image: alpine:latest
    timeout: 10 minutes
    script:
    - apk update
    - apk upgrade
    - apk add build-base linux-headers gawk
    - ./ci/printenv.sh
    # Note: Do not use ` --enable-fatal-warnings` because the build
    # currently produces warnings on Alpine (see #6224).
    - >
    ./configure --prefix=/usr
    || (cat config.log; exit 1)
    - make
    - make install-strip
    - make print-version

@xplshn
Copy link

xplshn commented Apr 15, 2024

Sorry, didn't catch it. THanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants