.cache #1000

New issue

Closed

opened 2026-05-05 07:17:25 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 07:17:25 -06:00

Owner

Originally created by @ghost on GitHub (Aug 27, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1497

https://github.com/qutebrowser/qutebrowser/issues/2927

This is pretty much a crosspost since I thought at first that this is qutebrowser related but then I noticed that if I specifically block .cache and .local with blacklist it will no longer starts.

What happens in the initial case ?

Originally created by @ghost on GitHub (Aug 27, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1497 https://github.com/qutebrowser/qutebrowser/issues/2927 This is pretty much a crosspost since I thought at first that this is qutebrowser related but then I noticed that if I specifically block .cache and .local with blacklist it will no longer starts. What happens in the initial case ?

gitea-mirror

2026-05-05 07:17:25 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:17:31 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Aug 27, 2017):

So if you don't explicitly blacklist it, but whitelist something, it'll see a blank home dir with just the things you whitelisted. Meaning it can create a .local and .cache itself, which will be deleted once exited. However when you blacklist those they do exist in the sandbox, but nothing has permission to write to them, which causes it to crash since it can't create or open them.

@SkewedZeppelin commented on GitHub (Aug 27, 2017): So if you don't explicitly blacklist it, but whitelist something, it'll see a blank home dir with just the things you whitelisted. Meaning it can create a .local and .cache itself, which will be deleted once exited. However when you blacklist those they do exist in the sandbox, but nothing has permission to write to them, which causes it to crash since it can't create or open them.

gitea-mirror commented

2026-05-05 07:17:34 -06:00

Author

Owner

@ghost commented on GitHub (Aug 27, 2017):

Ok, so qutebrowser works thanks to the lines whitelisting stuff in .cache and .local from /etc/firejail/whitelist-common.inc.

A temporary file system is mounted on the top directory, and the whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, everything else is discarded when the sandbox is closed. The top directory could be user home, /dev, /media, /mnt, /opt, /srv, /var, and /tmp.

How does the temporary filesystem work ?

edit: asking because I could not find much about it in the man page;

@ghost commented on GitHub (Aug 27, 2017): Ok, so qutebrowser works thanks to the lines whitelisting stuff in .cache and .local from /etc/firejail/whitelist-common.inc. >A temporary file system is mounted on the top directory, and the whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, everything else is discarded when the sandbox is closed. The top directory could be user home, /dev, /media, /mnt, /opt, /srv, /var, and /tmp. How does the temporary filesystem work ? edit: asking because I could not find much about it in the man page;

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1000

No description provided.

Rows
Columns