github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #4321] Yarn profile causing error #2621

New issue

Closed

opened 2026-05-05 09:17:03 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 09:17:03 -06:00

Owner

Originally created by @skrat on GitHub (May 31, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4321

version 0.9.64.4

running yarn with the bundled profile results in:

Error getpwuid: main.c:236 init_cfg: Success

That led me to issues #2547 and the workaround mentioned there, ie.

firejail --ignore=private-bin --private-etc=group,passwd

works for me, although I don't understand the security implication of those args.

Originally created by @skrat on GitHub (May 31, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4321 version 0.9.64.4 running yarn with the bundled profile results in: ``` Error getpwuid: main.c:236 init_cfg: Success ``` That led me to issues #2547 and the workaround mentioned there, ie. ``` firejail --ignore=private-bin --private-etc=group,passwd ``` works for me, although I don't understand the security implication of those args.

gitea-mirror

2026-05-05 09:17:03 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 09:17:06 -06:00

Author

Owner

@rusty-snake commented on GitHub (May 31, 2021):

--ignore=private-bin

yarn.profile does not have private-bin => ignoreing it is a no-op => no security implication

--private-etc=group,passwd

yarn.profile has both => no security implication

(since 699a803f17)

running yarn with the bundled profile

FTR: yarn.profile is designed to be the base for user adaptation since you never know which package/project/workflow requires which permissions. Therefore is is not in firecfg.config

Error getpwuid: main.c:236 init_cfg: Success

How do you run it? Did you created symlinks for it?

@rusty-snake commented on GitHub (May 31, 2021): > --ignore=private-bin yarn.profile does not have `private-bin` => `ignore`ing it is a no-op => no security implication > --private-etc=group,passwd yarn.profile has both => no security implication (since 699a803f174662a8ec62442438bb0807e41d3971) > running yarn with the bundled profile FTR: yarn.profile is designed to be the base for user adaptation since you never know which package/project/workflow requires which permissions. Therefore is is not in firecfg.config > Error getpwuid: main.c:236 init_cfg: Success How do you run it? Did you created symlinks for it?

gitea-mirror commented

2026-05-05 09:17:07 -06:00

Author

Owner

@skrat commented on GitHub (May 31, 2021):

@rusty-snake no in this case I have yarn.local in ~/.config/firejail (with added whitelist) and I'm running it with firejail yarn dev

@skrat commented on GitHub (May 31, 2021): @rusty-snake no in this case I have `yarn.local` in `~/.config/firejail` (with added whitelist) and I'm running it with `firejail yarn dev`

gitea-mirror commented

2026-05-05 09:17:08 -06:00

Author

Owner

@skrat commented on GitHub (May 31, 2021):

I see that nodejs-common has passwd in private-etc, mine doesn't (arch linux, latest package version) so that's the problem I assume. Build date of that package is Wed Feb 10, passwd was added on May 8th.

@skrat commented on GitHub (May 31, 2021): I see that `nodejs-common` has `passwd` in `private-etc`, mine doesn't (arch linux, latest package version) so that's the problem I assume. Build date of that package is Wed Feb 10, `passwd` was added on May 8th.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2621

No description provided.

Rows
Columns