Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Remove --cgroups support #5200

Closed
kmk3 opened this issue Jun 14, 2022 · 2 comments
Closed

Remove --cgroups support #5200

kmk3 opened this issue Jun 14, 2022 · 2 comments
Labels
removal Removal of a feature/option

Comments

@kmk3
Copy link
Collaborator

kmk3 commented Jun 14, 2022

(Continued from #5190)

Some commits have been made to remove support for --cgroups:

  • 73b0890 ("disable cgroup code", 2022-06-13)
  • 95544a1 ("more on disable cgroups", 2022-06-13)

But there is still quite a bit of cgroup-related code left:

$ git show --pretty='%h %ai %s' -s
ed5f3fca1 2022-06-14 01:02:15 -0300 test/fs/invalid_filename.exp: s/end/send/
$ git grep cgroup | grep -v '^RELNOTES:' | grep cgroup
contrib/update_deb.sh:    -e "s/# cgroup .*/cgroup no/" \
contrib/vim/syntax/firejail.vim:syn match fjCommand /\v(bind|blacklist|blacklist-nolog|cgroup|cpu|defaultgw|dns|hostname|hosts-file|ip6|iprange|join-or-start|mac|mkdir|mkfile|mtu|name|netfilter|netfilter6|netmask|nice|noblacklist|noexec|nowhitelist|overlay-named|private|private-bin|private-cwd|private-etc|private-home|private-lib|private-opt|private-srv|read-only|read-write|rlimit-as|rlimit-cpu|rlimit-fsize|rlimit-nofile|rlimit-nproc|rlimit-sigpending|timeout|tmpfs|veth-name|whitelist|xephyr-screen) / skipwhite contained
etc/inc/disable-proc.inc:blacklist /proc/cgroups
etc/inc/disable-proc.inc:blacklist /proc/kpagecgroup
src/bash_completion/firejail.bash_completion.in:        --cgroup)
src/firejail/join.c:    // in user mode set caps seccomp, cpu, cgroup, etc
src/include/rundefs.h:#define RUN_CGROUP_CFG                    RUN_MNT_DIR "/cgroup"
src/zsh_completion/_firejail.in:    '--cgroup=-[place the sandbox in the specified control group]: :'
test/fs/sys_fs.exp:     "cgroup"
test/root/cgroup.exp:send -- "mkdir /sys/fs/cgroup/systemd/firejail\r"
test/root/cgroup.exp:send -- "ls /sys/fs/cgroup/systemd/firejail\r"
test/root/cgroup.exp:send --  "firejail --name=\"join testing\" --cgroup=/sys/fs/cgroup/systemd/firejail/tasks\r"
test/root/cgroup.exp:send -- "wc -l /sys/fs/cgroup/systemd/firejail/tasks\r"
test/root/cgroup.exp:send -- "wc -l /sys/fs/cgroup/systemd/firejail/tasks\r"
test/root/root.sh:echo "TESTING: cgroup (test/root/cgroup.exp)"
test/root/root.sh:./cgroup.exp

At a glance, I think that the syntax/completion/test code should probably also
be removed; not sure about the rest.

Cc: @netblue30

@kmk3 kmk3 mentioned this issue Jun 14, 2022
10 tasks
@netblue30 netblue30 added the bug Something isn't working label Jun 16, 2022
@netblue30
Copy link
Owner

Marking it a bug, I'll clean them up.

netblue30 added a commit that referenced this issue Jun 16, 2022
kmk3 added a commit that referenced this issue Jun 16, 2022
The "cgroup" option was removed from etc/firejail.config on commit
73b0890 ("disable cgroup code", 2022-06-13).

Relates to #5200.
@kmk3
Copy link
Collaborator Author

kmk3 commented Jun 16, 2022

I think that the code related to the option is all gone now:

$ git show --pretty='%h %ai %s' -s
0e0804635 2022-06-16 16:52:02 -0300 update_deb.sh: remove cgroup-related code
$ git grep cgroup | grep -v '^RELNOTES:' | grep cgroup
etc/inc/disable-proc.inc:blacklist /proc/cgroups
etc/inc/disable-proc.inc:blacklist /proc/kpagecgroup
test/fs/sys_fs.exp:     "cgroup"

Thanks for continuing the removal until the end.

@kmk3 kmk3 closed this as completed Jun 16, 2022
@kmk3 kmk3 added removal Removal of a feature/option and removed bug Something isn't working labels Jun 16, 2022
kmk3 added a commit to kmk3/firejail that referenced this issue Sep 19, 2022
And add the missing issue/PR references.

Misc: The items in question were added on commit 6d740d7 ("RELNOTES
and README.md - existing functionality modified for the next version",
2022-08-29).

Relates to netblue30#5190 netblue30#5196 netblue30#5200 netblue30#5209 netblue30#5216.
@kmk3 kmk3 moved this to Done (on RELNOTES) in Release 0.9.72 Sep 2, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
removal Removal of a feature/option
Projects
Status: Done (on RELNOTES)
Development

No branches or pull requests

2 participants