mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #2188] disable-mnt is unintuitive and complicated, suggesting removal or alteration #1468
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#1468
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Radtoo on GitHub (Oct 13, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2188
I just found out about disable-mnt in configuration files in a very ungood way.
I tried whitelisting a subfolder in /media for a firejailed software that invokes a firejailed software that invokes a filejailed software. Which did not work even after gratitous use of whitelisting and noblacklisting, which I tried to do by creating configurations in ${HOME}/.config/firejail that included the configurations in /etc/firejail/.
I eventually became aware that disable-mnt in one of the involved configurations is the problem, which took a while because the directive does not include "media" for grep. And that this directive unintuitively does not seem to respond to noblacklist/whitelist in my configuration files.
But even once I knew, fixing this with my own configuration files in the user home directory (by creating copies of files without the "disable-mnt" directive and then copies of everything that directly or indirectly included those files) was also quite cumbersome.
Maybe I missed a directive that could have disabled "disable-mnt" in a configuration file...? Although even if: Why does the disable-mnt directive even exist? I feel like getting rid of it and just using blacklisting directives for the respective directories would be far easier - one less thing to be aware of. Or at least allow overriding it with noblackist / whitelist in configuration files as if it was a set of blacklist directives.
Edit: I just saw that #2149 looks pretty comparable to this bug.
@smitsohu commented on GitHub (Oct 13, 2018):
You are right. There is already a fix in, see #2154.
@Radtoo commented on GitHub (Oct 13, 2018):
I see. Thanks, that seems like a fix to the main issues involved.
Although I do not necessarily get why it couldn't simply be one of the /etc/firejail/disable-*.inc ?
@smitsohu commented on GitHub (Oct 15, 2018):
Btw, it is always possible to override options with
ignore, both on the command line and in profiles.@chiraag-nataraj commented on GitHub (Oct 16, 2018):
It could (indeed, @Vincent43 made that point in #2149).
@chiraag-nataraj commented on GitHub (May 20, 2019):
I'm going to go ahead and close this, since the original issue was fixed a while ago.
@Radtoo commented on GitHub (May 21, 2019):
Sure, thanks for the notice!