[GH-ISSUE #5229] Allow removing noexec from private mount points #2923

New issue

Open

opened 2026-05-05 09:35:21 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 09:35:21 -06:00

Owner

Originally created by @blastrock on GitHub (Jul 3, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5229

I want to run an installer and the installed program in a jail. I proceed as such

$ firejail --whitelist=~/the-installer --shell none /bin/zsh
# in the jail
$ ./the-installer
# do the installation
$ ./the-software/bin/run
zsh: permission denied: ./the-software/bin/run

This is because all tmpfs mounts from firejail are noexec. I think there can be many more use-cases, I like to see firejail as a sandbox, I want to be able to do anything I want (like running programs) and just flush all the files as soon as I exit the sandbox.

Describe the solution you'd like

I would like an option to allow exec on some mount points. Maybe --private-exec=/home?
See also https://github.com/netblue30/firejail/discussions/5228#discussioncomment-3072982

Originally created by @blastrock on GitHub (Jul 3, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5229 ### Is your feature request related to a problem? Please describe. I want to run an installer and the installed program in a jail. I proceed as such ```shell $ firejail --whitelist=~/the-installer --shell none /bin/zsh # in the jail $ ./the-installer # do the installation $ ./the-software/bin/run zsh: permission denied: ./the-software/bin/run ``` This is because all `tmpfs` mounts from firejail are `noexec`. I think there can be many more use-cases, I like to see firejail as a sandbox, I want to be able to do anything I want (like running programs) and just flush all the files as soon as I exit the sandbox. ### Describe the solution you'd like I would like an option to allow exec on some mount points. Maybe `--private-exec=/home`? See also https://github.com/netblue30/firejail/discussions/5228#discussioncomment-3072982