Replies: 2 comments 1 reply
-
Patch and compile. Or grab the faudit code, build the binary and start it like Also note that audit was never more that a false feeling of security. Self marketing: Or use raudit.
It requires root not sudo. How do you install updates for example? Second user with sudo?
https://github.com/igo95862/bubblejail |
Beta Was this translation helpful? Give feedback.
-
Not a programmer, so alas!
Thank you.
https://madaidans-insecurities.github.io/linux.html
Is raudit better? If it is I will use it.
I tried running it as root on home directory of target user and it refused.
This. Only one user has access to the sudo/su thing. I however must admit that this is paranoid bullshit for systemd systems (my case), because there is polkit and it is deliberately designed in a way no normal user will be able to configure it ever. And it by default allows anyone to authenticate as root, for example through 'systemctl edit' for crafting a malicious service. Paranoia is so paranoia. I will look into your links maybe, but I already have some working firejail configs and I am not very keen to rewrite them again. |
Beta Was this translation helpful? Give feedback.
-
Previously, it was possible to use --audit flag to review your sandbox for basic flaws, which was a very useful feature. Now, however, this option is gone. Instead of it I see jailcheck utility which is terribly useless, because requires you to have access to sudo. I am not going to allow sudo. I am not going to allow su either. firejail is enough of security issues already.
How can I get --audit option back?
Beta Was this translation helpful? Give feedback.
All reactions