github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4906] steam: whitelisting may cause data loss in multiple games (config, saves, screenshots, etc) #2812

New issue
Open
opened 2026-05-05 09:28:01 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 09:28:01 -06:00
Owner
Copy link

Originally created by @jose1711 on GitHub (Feb 6, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4906

Description

We are already unblacklisting/whitelisting quite a few games but there may be a lot of missing and keeping up with changes may be sustainable.

Steps to Reproduce

  1. Run Steam client
  2. Play a (new?) game not covered by an existing noblacklist/whitelist set
  3. Realize on a next day that the game data have not been saved to disk

One such example would be Road Redemption which uses ${HOME}/Road Redemption. We could add it manually to steam.profile but a long-term/more dynamic solution would be needed (IMHO).

Environment

  • Arch Linux, x86_64

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)
Originally created by @jose1711 on GitHub (Feb 6, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/4906 ### Description We are already unblacklisting/whitelisting quite a few games but there may be a lot of missing and keeping up with changes may be sustainable. ### Steps to Reproduce 1. Run Steam client 2. Play a (new?) game not covered by an existing `noblacklist`/`whitelist` set 3. Realize on a next day that the game data have not been saved to disk One such example would be Road Redemption which uses `${HOME}/Road Redemption`. We could add it manually to `steam.profile` but a long-term/more dynamic solution would be needed (IMHO). ### Environment - Arch Linux, x86_64 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages)
gitea-mirror added the
enhancement
 label 2026-05-05 09:28:01 -06:00
gitea-mirror commented 2026-05-05 09:28:03 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Feb 6, 2022):

Yes, I originally brought this up as a negative to switching steam.profile to whitelist.
Can be very annoying.

edit: see #3292

<!-- gh-comment-id:1030916480 --> @SkewedZeppelin commented on GitHub (Feb 6, 2022): Yes, I originally brought this up as a negative to switching steam.profile to whitelist. Can be very annoying. edit: see #3292
gitea-mirror commented 2026-05-05 09:28:04 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Feb 6, 2022):

What if we revert it back to a regular blacklisted profile?

We have in steam profile hardcoded at least 10 games with directories all over ~/.config and ~/.local/share. We clean up disable-programs.inc, then grab the old steam blacklisted profile and fix it. We just have to find when the whitelisting was put in.

<!-- gh-comment-id:1030927487 --> @netblue30 commented on GitHub (Feb 6, 2022): What if we revert it back to a regular blacklisted profile? We have in steam profile hardcoded at least 10 games with directories all over ~/.config and ~/.local/share. We clean up disable-programs.inc, then grab the old steam blacklisted profile and fix it. We just have to find when the whitelisting was put in.
gitea-mirror commented 2026-05-05 09:28:05 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Feb 14, 2022):

I'll attempt a full rewrite of steam profile, and I'll ask you guys to test it - I don't have steam here.

<!-- gh-comment-id:1039189430 --> @netblue30 commented on GitHub (Feb 14, 2022): I'll attempt a full rewrite of steam profile, and I'll ask you guys to test it - I don't have steam here.
gitea-mirror commented 2026-05-05 09:28:05 -06:00
Author
Owner
Copy link

@nutta-git commented on GitHub (Nov 23, 2023):

I do not know what I am talking about, take this with a grain of salt.

Would a GUI be useful?
An application is given a default profile, but any more access will prompt the use a GUI asking for permission (notification).

Without a GUI: Currently

  1. User sets steam with the default firejail permission (steam.profile).
  2. User plays a game not covered under steam.profile and firejail silently voids access to resources.
  3. Game can't save/perform, poor user experience.

With a GUI:

  1. User sets steam with the default firejail permission (steam.profile).
  2. User plays a game not covered under steam.profile and firejail request the user's permission for resources.
  3. Game works, improved user experience.

The granted permission can persist only during that session or it can permanently persist.

I can see a some downsides to this:

  1. Firejail is currently a CLI application and a GUI application "won't be in the spirit" of the project.
  2. The GUI application has to be maintained.
  3. GUI generated rules have to be tagged for logging and debugging.
  4. An application can abuse the human role, if a user doesn't fully understand the resources they are granting, it could open a potential security hole.
  5. The scope of the permission an application is requesting, how could Firejail know if an application need access to the whole folder or just a specific one within a folder.

Possible Solutions:

For Downside 4: The rules within the default profile are nonnegotiable, meaning If a game in steam.profile wanted to access ~/Documents, but steam.profile contained a rule that prevented this access, then the GUI will NOT prompt a notification and the request is silently voided.

For Downside 5: The user is allowed to edit the rules found the GUI. When the GUI prompts a resources request, the user has the ability to define the rule. Example. Application asks for access to ~/Documents, but the user can edit the request and override to ~/Documents/Specific_FileorFolder

These were my thoughts on a solution, I am pretty sure there is more downsides, but this was the only things I could come up with.

<!-- gh-comment-id:1823832178 --> @nutta-git commented on GitHub (Nov 23, 2023): I do not know what I am talking about, take this with a grain of salt. Would a GUI be useful? An application is given a default profile, but any more access will prompt the use a GUI asking for permission (notification). Without a GUI: Currently 1. User sets steam with the default firejail permission (steam.profile). 2. User plays a game not covered under steam.profile and firejail silently voids access to resources. 3. Game can't save/perform, poor user experience. With a GUI: 1. User sets steam with the default firejail permission (steam.profile). 2. User plays a game not covered under steam.profile and firejail request the user's permission for resources. 3. Game works, improved user experience. The granted permission can persist only during that session or it can permanently persist. I can see a some downsides to this: 1. Firejail is currently a CLI application and a GUI application "won't be in the spirit" of the project. 2. The GUI application has to be maintained. 3. GUI generated rules have to be tagged for logging and debugging. 4. An application can abuse the human role, if a user doesn't fully understand the resources they are granting, it could open a potential security hole. 5. The scope of the permission an application is requesting, how could Firejail know if an application need access to the whole folder or just a specific one within a folder. Possible Solutions: For Downside 4: The rules within the default profile are nonnegotiable, meaning If a game in steam.profile wanted to access ~/Documents, but steam.profile contained a rule that prevented this access, then the GUI will NOT prompt a notification and the request is silently voided. For Downside 5: The user is allowed to edit the rules found the GUI. When the GUI prompts a resources request, the user has the ability to define the rule. Example. Application asks for access to ~/Documents, but the user can edit the request and override to ~/Documents/Specific_FileorFolder These were my thoughts on a solution, I am pretty sure there is more downsides, but this was the only things I could come up with.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2812
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?