github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3185] allowing fscrypt files #1993

New issue

Closed

opened 2026-05-05 08:39:33 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 08:39:33 -06:00

Owner

Originally created by @reinerh on GitHub (Jan 25, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3185

A Debian user reported probems with whitelisting and accessing fscrypt-related files from within firejail.
Especially /home/.fscrypt seems to be a problem, because only the user's home directory is available in /home, not any other directories/files.

Does anyone have an idea how this could be fixed?

Originally created by @reinerh on GitHub (Jan 25, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3185 A Debian user [reported](https://bugs.debian.org/949469) probems with whitelisting and accessing fscrypt-related files from within firejail. Especially /home/.fscrypt seems to be a problem, because only the user's home directory is available in /home, not any other directories/files. Does anyone have an idea how this could be fixed?

gitea-mirror

2026-05-05 08:39:33 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 08:39:36 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 25, 2020):

unsure whether helpful

--allusers
All directories under /home are visible inside the sandbox. By default, only current user home directory is visible.

@rusty-snake commented on GitHub (Jan 25, 2020): unsure whether helpful > **--allusers** All directories under /home are visible inside the sandbox. By default, only current user home directory is visible.

gitea-mirror commented

2026-05-05 08:39:38 -06:00

Author

Owner

@reinerh commented on GitHub (Jan 25, 2020):

Thanks, that works for me. I'll forward your suggestion and ask if that solves their problem.

@reinerh commented on GitHub (Jan 25, 2020): Thanks, that works for me. I'll forward your suggestion and ask if that solves their problem.

gitea-mirror commented

2026-05-05 08:39:39 -06:00

Author

Owner

@reinerh commented on GitHub (Jan 25, 2020):

It looks like they are also using --private, and it's currently not possible to combine this with --allusers (Warning: allusers option disabled by private or whitelist option).
Do you know of any workaround for that?

@reinerh commented on GitHub (Jan 25, 2020): It looks like they are also using `--private`, and it's currently not possible to combine this with `--allusers` (`Warning: allusers option disabled by private or whitelist option`). Do you know of any workaround for that?

gitea-mirror commented

2026-05-05 08:39:40 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 25, 2020):

firejail --allusers --private -> Warning: allusers option disabled by private or whitelist option
firejail --allusers --private=/some/where -> works

#!/bin/bash
private_home="$(mktemp -dt private-firejail-home.XXXXXX)"
firejail --allusers --private="$private_home" <program>
rm -rf "$private_home"

NOTE: $private_home is visible for other programs (except firejail --private-tmp).

@rusty-snake commented on GitHub (Jan 25, 2020): - `firejail --allusers --private` -> `Warning: allusers option disabled by private or whitelist option` - `firejail --allusers --private=/some/where` -> works ```bash #!/bin/bash private_home="$(mktemp -dt private-firejail-home.XXXXXX)" firejail --allusers --private="$private_home" <program> rm -rf "$private_home" ``` NOTE: $private_home is visible for other programs (except `firejail --private-tmp`).

gitea-mirror commented

2026-05-05 08:39:42 -06:00

Author

Owner

@reinerh commented on GitHub (Jan 31, 2020):

Looks like the problem is actually with --whitelist, not with --private:

$ firejail --profile=/etc/firejail/firefox.profile /bin/bash

With --allusers its not possible to see the hidden files in /home.
Do you have another idea how to get access there with e.g. the firefox profile?

@reinerh commented on GitHub (Jan 31, 2020): Looks like the problem is actually with `--whitelist`, not with `--private`: ``` $ firejail --profile=/etc/firejail/firefox.profile /bin/bash ``` With `--allusers` its not possible to see the hidden files in /home. Do you have another idea how to get access there with e.g. the firefox profile?

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1993

No description provided.

Rows
Columns