-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a new terminal session by default #571
Conversation
…of this with a new parameter "--no-new-session" (parameter "--new-session" will be deprecated), instead of having to opt in with "--new-session". This will, in my opinion, make `bwrap` more secure for new users who aren't completely familiar with it. Signed-off-by: Mikhail Kulko <mkulko@mkulko.me>
P.S. I understand that this change would break sandboxes that rely on not having a new terminal session, however:
Alternatively, I would propose officially deprecating Ultimately, I think that merging this PR would make Bubblewrap more secure, particularly for new users. |
No, this is an incompatible change, and in particular would break command-line use of Flatpak. I know because doing this by default is exactly what I proposed in early 2017 (#143), and it caused regressions and was mostly reverted, adding I would personally be in favour of adding a If we had
No, we should not do this. If you want "most" users of bwrap to be creating a new terminal session, then deprecating the option that they use to achieve that in a backwards-compatible way is exactly the wrong thing to do. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Marking this as "changes requested" to ensure this isn't merged by mistake, but in this case it's less like "changes requested" and more like "please open a different PR instead".
I'm fairly sure that the long-term answer to the various |
@smcv My apologies. Will open a different pull request that implements only |
Fedora disabled TIOCSTI by default even in current stable Fedora 37 (with Linux 6.2 and above). 🎉 |
Superseded by #572. |
This pull request will make it so that Bubblewrap will create a new terminal session by default and will allow users to opt out of this with a new parameter "--no-new-session" (parameter "--new-session" will be deprecated), instead of having to opt in with "--new-session". This will, in my opinion, make Bubblewrap more secure for new users who aren't completely familiar with it. (Fixes #555)