New profile: irssi #6549
New profile: irssi #6549
Conversation
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
rusty-snake
dismissed
their stale review
almost resolved, give chance to other reviewers
|
|
||
| disable-mnt | ||
| private-cache | ||
| private-dev |
There was a problem hiding this comment.
| private-dev | |
| private-dev | |
| private-etc @network,@tls-ca |
Does it work with private-etc?
Note: The @group syntax only exists in firejail-git.
There was a problem hiding this comment.
I had installed -git to test with the notpm line, but now i'm back to my distro version and did not test private-etc. I will test with -git later on and report. But I don't see why not.
There was a problem hiding this comment.
instead I ran it now in debugger, also watching lsof for the pid, and nothing on etc is ever touched. I think it is OK.
There was a problem hiding this comment.
instead I ran it now in debugger, also watching
lsoffor the pid, and
nothing on etc is ever touched. I think it is OK.
Can you test connecting to a server in firejail-git to make sure?
It seems strange that nothing on /etc would be accessed (such as TLS-related
paths).
What is the output of trace.txt in the following?
firejail --trace=trace.txt --profile=irssi /usr/bin/irssiThere was a problem hiding this comment.
My bad. My irssi profile is very uncommon. Retested this with a clean irssi profile, and indeed, it does break dns as expected.
with private-etc: Irssi: Unable to connect server irc.freenode.net port 6667 [Temporary failure in name resolution]
without: resolves names fine.
There was a problem hiding this comment.
My bad. My irssi profile is very uncommon. Retested this with a clean irssi
profile, and indeed, it does break dns as expected.with private-etc: Irssi: Unable to connect server irc.freenode.net port 6667
[Temporary failure in name resolution]without: resolves names fine.
Strange, what program do you use to manage dns?
On what distribution name/version?
Also, could you retest with the current irssi.profile in firejail-git (there is
one new change) and post the output of trace.txt?
|
Thanks for the patch, merging in! |
|
I added and commented out (see kmk3 above): @gcb give it a try, maybe is working. Thanks. |
cross irssi off the wanted list #1139
I think it will work, but I don't have how to test DCC, because well, like the entire universe i'm behind layers of NAT, CGNAT, etc... and nobody should use DCC anyway.