mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #3092] firefox: u2f does not work if plugged in after launching (private-dev) #1938
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#1938
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ibahnasy on GitHub (Dec 22, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3092
U2F doesn't work if Firefox is launched with firejail.
Even
firejail --ignore=private-dev firefoxdidn't solve the issue.There should be a permanent fix in the firejail profile file for Firefox.
@rusty-snake commented on GitHub (Dec 22, 2019):
grep "browser-disable-u2f" /etc/firejail/firejail.config#2531. Firejail version?@ibahnasy commented on GitHub (Dec 22, 2019):
I set it
browser-disable-u2ftonoand now it works.Thanks a lot!
@ibahnasy commented on GitHub (Dec 22, 2019):
But the u2f key has to be plugged first before launching Firefox!
Any solution to this case?
@rusty-snake commented on GitHub (Dec 22, 2019):
What happens with
firejail --noprofile firefox@ibahnasy commented on GitHub (Dec 22, 2019):
In this scenario, the u2f works fine.
@SkewedZeppelin commented on GitHub (Dec 22, 2019):
private-dev causes any devices attached after sandbox creation to not be available.
@cockytrumpet commented on GitHub (Dec 23, 2019):
I found this issue trying to solve the same problem with my Yubikey, but firefox would crash when I press the button to authenticate even with
browser-disable-u2fset to no.The solution was to remove
sys_name_to_handle_atfrom the seccomp list.I’m sure there’s a better way to do that, but adding
seccomp.keep sys_name_to_handle_atto firefox.local didn’t work.@Vincent43 commented on GitHub (Dec 23, 2019):
Did you added some custom rules to firefox profile? This sounds similar to https://github.com/netblue30/firejail/issues/3074#issuecomment-563013316
@rusty-snake commented on GitHub (Dec 23, 2019):
seccomp.keep"whitelist" syscall, this means every syscall not listed is blocked.Replace
seccompwith:Firejail >=0.9.61:
seccomp !name_to_handle_atFirejail <=0.9.60:
seccomp.drop @debug,@obsolete,@privileged,@resources,add_key,fanotify_init,i@cpu-emulation,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice@cockytrumpet commented on GitHub (Dec 23, 2019):
@Vincent43 The only other change I made to the profile was commenting out
?BROWSER_DISABLE_U2F: nou2fwhich i saw in https://github.com/netblue30/firejail/issues/2531.@rusty-snake Thanks, I misunderstood what .keep was doing.
@rusty-snake commented on GitHub (Jan 17, 2020):
@ibahnasy
I'm closing here due to inactivity, please fell free to reopen if you still have this issue.
@ibahnasy commented on GitHub (Jan 20, 2020):
How does using no profile affects the security
firejail --noprofile firefox?@rusty-snake commented on GitHub (Jan 20, 2020):
You have no seccomp, all caps, no disable-*, ...
@Vincent43 commented on GitHub (Jan 20, 2020):
--noprofileis very close to not using firejail at all.