github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

null #2782

New issue

Open

opened 2026-05-05 09:26:30 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:26:30 -06:00

Owner

Originally created by @crocket on GitHub (Jan 2, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4808

Problem

Some system daemons are started as a non-root user with /dev/null as HOME.

Firejail has difficulties when HOME is /dev/null because include *.local fails when HOME is /dev/null.

Solution

Firejail should be fine with /dev/null as HOME.

Alternatives

I haven't tried AppArmor. Can AppArmor do things that firejail can do? I think AppArmor can be great for system daemons and programs that launch other programs.

Originally created by @crocket on GitHub (Jan 2, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/4808 ### Problem Some system daemons are started as a non-root user with /dev/null as HOME. Firejail has difficulties when HOME is /dev/null because `include *.local` fails when `HOME` is `/dev/null`. ### Solution Firejail should be fine with `/dev/null` as HOME. ### Alternatives I haven't tried AppArmor. Can AppArmor do things that firejail can do? I think AppArmor can be great for system daemons and programs that launch other programs.

gitea-mirror added the

enhancement

label 2026-05-05 09:26:30 -06:00

gitea-mirror commented

2026-05-05 09:26:33 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 2, 2022):

FTR: #4778

@rusty-snake commented on GitHub (Jan 2, 2022): FTR: #4778

gitea-mirror commented

2026-05-05 09:26:34 -06:00

Author

Owner

@crocket commented on GitHub (Feb 14, 2022):

include *.local shouldn't require ${HOME} to not be /dev/null.
- A workaround is to create /etc/firejail/profile.local and /etc/firejail/globals.local
private and private-cache shouldn't require ${HOME} to not be /dev/null.
- A workaround is to put ignore private and ignore private-cache in /etc/firejail/globals.local

@crocket commented on GitHub (Feb 14, 2022): * `include *.local` shouldn't require `${HOME}` to not be /dev/null. * A workaround is to create /etc/firejail/profile.local and /etc/firejail/globals.local * `private` and `private-cache` shouldn't require `${HOME}` to not be /dev/null. * A workaround is to put `ignore private` and `ignore private-cache` in /etc/firejail/globals.local

gitea-mirror commented

2026-05-05 09:26:35 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 8, 2022):

private and private-cache shouldn't require ${HOME} to not be /dev/null.

You should they work if it is /dev/null?

@rusty-snake commented on GitHub (Jun 8, 2022): > private and private-cache shouldn't require ${HOME} to not be /dev/null. You should they work if it is /dev/null?

gitea-mirror commented

2026-05-05 09:26:35 -06:00

Author

Owner

@crocket commented on GitHub (Jun 9, 2022):

System daemons often don't have $HOME. I was trying to sandbox system daemons with firejail.

I think firejail should be able to work with $HOME at /dev/null.

@crocket commented on GitHub (Jun 9, 2022): System daemons often don't have $HOME. I was trying to sandbox system daemons with firejail. I think firejail should be able to work with $HOME at /dev/null.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2782

No description provided.

Rows
Columns