github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2966] firejail should follow symlinks for private-etc? #1852

New issue

Closed

opened 2026-05-05 08:31:21 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 08:31:21 -06:00

Owner

Originally created by @adrelanos on GitHub (Sep 16, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2966

Had a difficult to debug issue with SecBrowser and firejail. (Using torbrowser-launcher profile since SecBrowser is a derivative of Tor Browser.)

This line in torbrowser-launcher was the cause:

private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache

/etc/resolv.conf was a symlink to /etc/resolv.conf.kicksecure

ls -la /etc/resolv.conf*
lrwxrwxrwx 1 root root 22 Sep 15 13:25 /etc/resolv.conf -> resolv.conf.kicksecure
-rw-r--r-- 1 root root 311 Sep 16 06:46 /etc/resolv.conf.kicksecure
-rw-rw-r-- 1 root root 0 Sep 15 13:24 /etc/resolv.conf.kicksecure-orig

Similar to resolvconf which also uses symlinks.

Appending ,resolv.conf.kicksecure to that line fixed the issue.

Therefore DNS was broken.

Therefore would ti be good if firejail would follow symlinks?

Originally created by @adrelanos on GitHub (Sep 16, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2966 Had a difficult to debug issue with SecBrowser and firejail. (Using torbrowser-launcher profile since SecBrowser is a derivative of Tor Browser.) This line in torbrowser-launcher was the cause: > private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache /etc/resolv.conf was a symlink to /etc/resolv.conf.kicksecure ls -la /etc/resolv.conf* lrwxrwxrwx 1 root root 22 Sep 15 13:25 /etc/resolv.conf -> resolv.conf.kicksecure -rw-r--r-- 1 root root 311 Sep 16 06:46 /etc/resolv.conf.kicksecure -rw-rw-r-- 1 root root 0 Sep 15 13:24 /etc/resolv.conf.kicksecure-orig Similar to `resolvconf` which also uses symlinks. Appending `,resolv.conf.kicksecure` to that line fixed the issue. Therefore DNS was broken. Therefore would ti be good if firejail would follow symlinks?

gitea-mirror

2026-05-05 08:31:21 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 08:31:24 -06:00

Author

Owner

@netblue30 commented on GitHub (Sep 22, 2019):

I'll add support for it. The requirement would be file linked should be owned by root and have the same attributes.

@netblue30 commented on GitHub (Sep 22, 2019): I'll add support for it. The requirement would be file linked should be owned by root and have the same attributes.

gitea-mirror commented

2026-05-05 08:31:25 -06:00

Author

Owner

@adrelanos commented on GitHub (Sep 22, 2019):

That sounds good!

@adrelanos commented on GitHub (Sep 22, 2019): That sounds good!

gitea-mirror commented

2026-05-05 08:31:26 -06:00

Author

Owner

@rusty-snake commented on GitHub (Mar 10, 2022):

00cb236add/RELNOTES (L56)
Fixed?

@rusty-snake commented on GitHub (Mar 10, 2022): https://github.com/netblue30/firejail/blob/00cb236addce37b13ed7d30093c8d47fba70e787/RELNOTES#L56 Fixed?

gitea-mirror commented

2026-05-05 08:31:27 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 11, 2022):

Yes, it was fixed. I forgot to close it.

@netblue30 commented on GitHub (Mar 11, 2022): Yes, it was fixed. I forgot to close it.

gitea-mirror referenced this issue

2026-05-05 10:13:34 -06:00

[PR #1852] [MERGED] Fix private-lib again #4091

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1852

No description provided.

Rows
Columns