A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
Firejail does not sufficiently validate the user's environment prior to using it as the root user when using the --join command line option.
An unprivileged user can exploit this vulnerability to achieve local root privileges.
System administrators can mitigate this vulnerability via adding either "force-nonewprivs yes" or "join no" to the Firejail configuration file in /etc/firejail/firejail.config.
Gentoo has discontinued support for sys-apps/firejail-lts. Users should unmerge it in favor of sys-apps/firejail:
# emerge --ask --depclean --verbose "sys-apps/firejail-lts"
# emerge --ask --verbose "sys-apps/firejail"
All Firejail users should upgrade to the latest version:
# emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"