github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #4910] private-cwd not expanding macros (e.g. ${HOME}) #2815

New issue

Closed

opened 2026-05-05 09:28:09 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented

2026-05-05 09:28:09 -06:00

Owner

Originally created by @reinerh on GitHub (Feb 7, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4910

hyperrogue.profile currently contains the following line:

private-cwd ${HOME}

(it's currently the only profile using private-cwd.)

When trying to run firejail with this profile it fails with the following error:

$ firejail hyperrogue
Reading profile /etc/firejail/hyperrogue.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Error: invalid private working directory

Removing ${HOME} from the private-cwd line fixes it. According to the manpage the home directory is also the default directory when no other directory is specified.

Was the ${HOME} added by accident? Or should this be supported?

(Problem was found by Ubuntu CI btw: https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/arm64/f/firejail/20220207_124108_3cf17@/log.gz
This will currently prevent the package from entering 22.04 until it is fixed, if I understand their CI correctly.)

Originally created by @reinerh on GitHub (Feb 7, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/4910 hyperrogue.profile currently contains the following line: > private-cwd ${HOME} (it's currently the only profile using `private-cwd`.) When trying to run firejail with this profile it fails with the following error: ``` $ firejail hyperrogue Reading profile /etc/firejail/hyperrogue.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Error: invalid private working directory ``` Removing `${HOME}` from the `private-cwd` line fixes it. According to the manpage the home directory is also the default directory when no other directory is specified. Was the `${HOME}` added by accident? Or should this be supported? (Problem was found by Ubuntu CI btw: https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/arm64/f/firejail/20220207_124108_3cf17@/log.gz This will currently prevent the package from entering 22.04 until it is fixed, if I understand their CI correctly.)

gitea-mirror

2026-05-05 09:28:09 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 09:28:12 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 7, 2022):

hyperrogue saves it's game state at ./hyperrogue.ini. Which works badly with (no)blacklist/whitelist. That's why I added the private-cwd.

@rusty-snake commented on GitHub (Feb 7, 2022): hyperrogue saves it's game state at `./hyperrogue.ini`. Which works badly with `(no)blacklist/whitelist`. That's why I added the private-cwd.

gitea-mirror commented

2026-05-05 09:28:13 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 7, 2022):

firejail --private-cwd="${HOME}" --noprofile ls: Works
firejail --private-cwd='${HOME}' --noprofile ls: Broken

The fix for #4780 seems to check for relative/absolute path before expanding macros (${HOME}).

@rusty-snake commented on GitHub (Feb 7, 2022): - `firejail --private-cwd="${HOME}" --noprofile ls`: Works - `firejail --private-cwd='${HOME}' --noprofile ls`: Broken The fix for #4780 seems to check for relative/absolute path before expanding macros (`${HOME}`).

gitea-mirror commented

2026-05-05 09:28:14 -06:00

Author

Owner

@reinerh commented on GitHub (Feb 7, 2022):

hyperrogue saves it's game state at ./hyperrogue.ini. Which works badly with (no)blacklist/whitelist. That's why I added the private-cwd.

Ah, I remember that hyperrogue bug. If you use Debian, I fixed that in 12.0f-1 (#985797), otherwise just build with -DFHS, then it will store the config in ~/.hyperrogue.ini. (In my opinion building without -DFHS is a bug in the distribution package; so we could use a black/whitelist approach in the profile)

@reinerh commented on GitHub (Feb 7, 2022): > hyperrogue saves it's game state at `./hyperrogue.ini`. Which works badly with `(no)blacklist/whitelist`. That's why I added the private-cwd. Ah, I remember that hyperrogue bug. If you use Debian, I fixed that in 12.0f-1 ([#985797](https://bugs.debian.org/985797)), otherwise just build with `-DFHS`, then it will store the config in `~/.hyperrogue.ini`. (In my opinion building without `-DFHS` is a bug in the distribution package; so we could use a black/whitelist approach in the profile)

gitea-mirror commented

2026-05-05 09:28:15 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 7, 2022):

Got the same on Debian stable, removed ${HOME} from the profile. This fixes it for the game.

"private-cwd" and "private-cwd ${HOME}" should be equivalent. I'll look to see what's going on in the code. Same problem with "firejail --private-cwd='${HOME}' --noprofile ls"

@netblue30 commented on GitHub (Feb 7, 2022): Got the same on Debian stable, removed ${HOME} from the profile. This fixes it for the game. "private-cwd" and "private-cwd ${HOME}" should be equivalent. I'll look to see what's going on in the code. Same problem with "firejail --private-cwd='${HOME}' --noprofile ls"

gitea-mirror commented

2026-05-05 09:28:16 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 7, 2022):

5753400f0a

@netblue30 commented on GitHub (Feb 7, 2022): https://github.com/netblue30/firejail/commit/5753400f0a39c2479003ffefa15462a93f5a4ec5

gitea-mirror commented

2026-05-05 09:28:17 -06:00

Author

Owner

@kmk3 commented on GitHub (Feb 8, 2022):

fix --private-cwd, issue #4910

Nice, it works for me with --private-cwd='${HOME}'.

Can this be closed then?

@kmk3 commented on GitHub (Feb 8, 2022): > [fix --private-cwd, issue #4910](https://github.com/netblue30/firejail/commit/86a57917aa2ef664cc27865a235860412a0a381d) Nice, it works for me with `--private-cwd='${HOME}'`. Can this be closed then?

gitea-mirror commented

2026-05-05 09:28:18 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 9, 2022):

Yes, closed! Will reopen again if necessary.

@netblue30 commented on GitHub (Feb 9, 2022): Yes, closed! Will reopen again if necessary.

gitea-mirror referenced this issue

2026-05-05 10:22:00 -06:00

[PR #2815] [MERGED] Update wording in templates #4538

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2815

No description provided.

Rows
Columns