github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #218] Whitelisting a folder is a bit tricky #151

New issue

Closed

opened 2026-05-05 05:11:01 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 05:11:01 -06:00

Owner

Originally created by @0xBRM on GitHub (Jan 11, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/218

Wanted to add the folder /home/cris (no, it's not the same as ~/cris ($HOME is /home/home on my machine) so I could fill it with stuff only firefox could access, like my locally hosted startpage, but the options whitelist /home/cris/ and/or noblacklist /home/cris do not work, as it still can't access my startpage, which is right there.

I have read the man page and I would expect either option to work, so maybe you could shed some light on this.

Originally created by @0xBRM on GitHub (Jan 11, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/218 Wanted to add the folder /home/cris (no, it's not the same as ~/cris ($HOME is /home/home on my machine) so I could fill it with stuff only firefox could access, like my locally hosted startpage, but the options `whitelist /home/cris/` and/or `noblacklist /home/cris` do not work, as it still can't access my startpage, which is right there. I have read the man page and I would expect either option to work, so maybe you could shed some light on this.

gitea-mirror

2026-05-05 05:11:01 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 05:11:07 -06:00

Author

Owner

@the8472 commented on GitHub (Jan 11, 2016):

man page says:

--whitelist=dirname_or_filename

Whitelist directory or file. This feature is implemented only for user home, /dev, /media, /opt, /var, and /tmp directories.

Note that it says user home not /home

@the8472 commented on GitHub (Jan 11, 2016): man page says: > --whitelist=dirname_or_filename > > Whitelist directory or file. This feature is implemented only for user home, /dev, /media, /opt, /var, and /tmp directories. Note that it says _user home_ not `/home`

gitea-mirror commented

2026-05-05 05:11:10 -06:00

Author

Owner

@0xBRM commented on GitHub (Jan 11, 2016):

In which case shouldn't noblacklist do what I want?

@0xBRM commented on GitHub (Jan 11, 2016): In which case shouldn't `noblacklist` do what I want?

gitea-mirror commented

2026-05-05 05:11:13 -06:00

Author

Owner

@the8472 commented on GitHub (Jan 11, 2016):

If you're running firejail as non-root it mounts a tmpfs over /home and then bind-mounts only that one user back into the tmpfs.
Running as root and then using su to change to that particular user inside the jail might work.

@the8472 commented on GitHub (Jan 11, 2016): If you're running firejail as non-root it mounts a tmpfs over `/home` and then bind-mounts only that one user back into the tmpfs. Running as root and then using su to change to that particular user inside the jail might work.

gitea-mirror commented

2026-05-05 05:11:17 -06:00

Author

Owner

@0xBRM commented on GitHub (Jan 11, 2016):

Question: would creating a user called cris with the home set to /home/cris fix this issue?

@0xBRM commented on GitHub (Jan 11, 2016): Question: would creating a user called cris with the home set to /home/cris fix this issue?

gitea-mirror commented

2026-05-05 05:11:21 -06:00

Author

Owner

@the8472 commented on GitHub (Jan 11, 2016):

if you run the jail under that user, probably.

@the8472 commented on GitHub (Jan 11, 2016): if you run the jail under that user, probably.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#151

No description provided.

Rows
Columns