Comments (5)
opensnitchd --help
-rules-path string
Path to load JSON rules from. (default "rules")
This reminds me:
I have not tested environment variables with this argument but they do not work with list of Domains rules
New rule > $HOME/myrules/ UI returns "Lists field must be a directory"
Same with $SUDO_USER
from opensnitch.
That's an option for the system-wide daemon, right? I want there to be system-wide rules managed by the sysadmin and per-user rules managed by the user; I don't think I can do that with the existing options.
from opensnitch.
What distro do you use? with systemd, create a user service with the args above
https://wiki.archlinux.org/title/Systemd/User
/usr/lib/systemd/system/opensnitchd.service:
ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules
from opensnitch.
NixOS, so yes I have systemd, but unless you're saying it's possible to run two opensnitchd processes at the same time (one for the entire system regardless of who is at the seat, one for the current user) that unfortunately isn't what I'm asking for.
from opensnitch.
Hi all,
I think the main problem is, that by default any user can launch the GUI and view all the rules. There's no per-user authentication mechanism. By default, we assume that the GUI is used by the admin(s).
If there're more users on the same computer, right now you'll have to restrict the use of the GUI to the admins.
If the rules are stored in a world-readable location is a another issue. Rules are not world-readable, and one can remove world-readable permissions to the rules directory if needed.
By the way @rhendric , could you explain in detail the use case of this feature request? just out of curiosity O:)
So I'd love it if there were a configurable secondary rule location in the user's home that, on startup, the OpenSnitch GUI would read and then send to the daemon as until-restart rules (perhaps also restricted to the current user?). The rule editor should allow for a rule to be saved as a system or a user rule and, in the case of the latter, persist the rule file to this secondary location if it is permanent.
We should add the concept of users to the GUI, separate privileges for read (view) and write rules by user.
Right now adding a secondary rule location per user wouldn't make any difference, because you can view and edit all the rules with the GUI.
Previous discussions: #388 , #983
from opensnitch.
Related Issues (20)
- [Feature Request] Filter By Nodes (improve search textbox) HOT 1
- [Bug] Missing Rule Still Displayed In UI HOT 2
- Links to download the v1.6.3 files show the v1.6.2 files HOT 2
- Error applying configuration /etc/opensnitchd/opensnitch.o no such file or directory HOT 3
- Blocked domains issue HOT 2
- version number in release 1.6.4
- option to allow/deny all connections by particular application (AppImages) HOT 9
- Cannot properly verify opensnitch daemon HOT 2
- Autostart folder getting root permissions with rpm HOT 8
- No signature in GUI deb v1.6.4 HOT 2
- [Feature Request] UI improvements HOT 4
- Installation problem HOT 1
- TestProcIOStats check fails on latest unstable HOT 4
- ERR: Module not found (opensnitch-dns.o) in any of the paths HOT 2
- Manajro kernel 6.1.69-1 wont work HOT 8
- [Feature Request] Rule Groups HOT 5
- Intercept forwarded rule not working with docker and local network HOT 1
- Some suggestions after building your project. Added instrusctions, and found a problem. HOT 1
- [Feature] Display bytes sent/received per process HOT 2
- OpenSnitch does not start (aarch64, manjaro) HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensnitch.