github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #5336] firejail --private fails if the root user home directory is not /root #2960

New issue
Open
opened 2026-05-05 09:37:25 -06:00 by gitea-mirror · 10 comments
gitea-mirror commented 2026-05-05 09:37:25 -06:00
Owner
Copy link

Originally created by @birdie-github on GitHub (Aug 23, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5336

Using firejail-0.9.66-3.fc36.x86_64.

According to /etc/passwd my root user home directory is elsewhere, precisely in /home/root.

firejail --private fails in this case:

Mounting a new /root directory
Error mounting /root directory: fs_home.c:371 fs_private: No such file or directory
Error: proc 274926 cannot sync with peer: unexpected EOF
Peer 274927 unexpectedly exited with status 1

The location of the root directory must be read programmatically instead of being assumed to be /root, e.g. using

https://stackoverflow.com/a/26696759

Originally created by @birdie-github on GitHub (Aug 23, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5336 Using firejail-0.9.66-3.fc36.x86_64. According to `/etc/passwd` my root user home directory is elsewhere, precisely in `/home/root`. `firejail --private` fails in this case: ``` Mounting a new /root directory Error mounting /root directory: fs_home.c:371 fs_private: No such file or directory Error: proc 274926 cannot sync with peer: unexpected EOF Peer 274927 unexpectedly exited with status 1 ``` The location of the root directory must be read programmatically instead of being assumed to be `/root`, e.g. using https://stackoverflow.com/a/26696759
gitea-mirror added the
bug
 label 2026-05-05 09:37:25 -06:00
gitea-mirror commented 2026-05-05 09:37:27 -06:00
Author
Owner
Copy link

@birdie-github commented on GitHub (Aug 24, 2022):

0.9.70 is affected as well. The root home directory must not be hard coded.

<!-- gh-comment-id:1225769233 --> @birdie-github commented on GitHub (Aug 24, 2022): 0.9.70 is affected as well. The root home directory must not be hard coded.
gitea-mirror commented 2026-05-05 09:37:28 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 28, 2022):

FWIW: Firejail assumes a lot paths to be at the standard location and shows unexpected results if a system differs much from FHS and XDG standards. In some case this can not be avoided.

Anyway labeling as bug.

<!-- gh-comment-id:1229506966 --> @rusty-snake commented on GitHub (Aug 28, 2022): FWIW: Firejail assumes a lot paths to be at the standard location and shows unexpected results if a system differs much from FHS and XDG standards. In some case this can not be avoided. Anyway labeling as bug.
gitea-mirror commented 2026-05-05 09:37:29 -06:00
Author
Owner
Copy link

@birdie-github commented on GitHub (Aug 28, 2022):

FWIW: Firejail assumes a lot paths to be at the standard location and shows unexpected results if a system differs much from FHS and XDG standards. In some case this can not be avoided.

Anyway labeling as bug.

/root is not defined in the FHS or POSIX standards: https://unix.stackexchange.com/questions/714726/is-root-a-hard-requirement-for-a-modern-linux-system-what-about-posix-unix

<!-- gh-comment-id:1229508070 --> @birdie-github commented on GitHub (Aug 28, 2022): > FWIW: Firejail assumes a lot paths to be at the standard location and shows unexpected results if a system differs much from FHS and XDG standards. In some case this can not be avoided. > > Anyway labeling as bug. `/root` is _not_ defined in the FHS or POSIX standards: https://unix.stackexchange.com/questions/714726/is-root-a-hard-requirement-for-a-modern-linux-system-what-about-posix-unix
gitea-mirror commented 2026-05-05 09:37:30 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 28, 2022):

It is defined in the FHS. Read the answer on your link/question. You are correct that it isn't a hard requirement but it is the suggested/standard path of it. And that's what I said, firejail assumes standard/suggested paths in a lot places.

<!-- gh-comment-id:1229510475 --> @rusty-snake commented on GitHub (Aug 28, 2022): It _is_ defined in the FHS. Read the answer on your link/question. You are correct that it isn't a hard requirement but it is the suggested/standard path of it. And that's what I said, firejail assumes standard/suggested paths in a lot places.
gitea-mirror commented 2026-05-05 09:37:31 -06:00
Author
Owner
Copy link

@birdie-github commented on GitHub (Feb 13, 2023):

I guess no one will fix this issue, are there any firejail alternatives?

<!-- gh-comment-id:1427816564 --> @birdie-github commented on GitHub (Feb 13, 2023): I guess no one will fix this issue, are there any firejail alternatives?
gitea-mirror commented 2026-05-05 09:37:33 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 13, 2023):

Depends on your usage and required features. Maybe https://github.com/igo95862/bubblejail.

<!-- gh-comment-id:1428258028 --> @rusty-snake commented on GitHub (Feb 13, 2023): Depends on your usage and required features. Maybe https://github.com/igo95862/bubblejail.
gitea-mirror commented 2026-05-05 09:37:34 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 13, 2023):

According to /etc/passwd my root user home directory is elsewhere, precisely in /home/root.

Have you run in any other trouble, besides firejail --private issues, with such a setup? Can you re-assign root's home to /root or isn't that an option? I realize this is probably not a very useful response, but did your OS configure root like this? What OS are we talking about here?

<!-- gh-comment-id:1428398737 --> @ghost commented on GitHub (Feb 13, 2023): > According to /etc/passwd my root user home directory is elsewhere, precisely in /home/root. Have you run in any other trouble, besides firejail --private issues, with such a setup? Can you re-assign root's home to /root or isn't that an option? I realize this is probably not a very useful response, but did your OS configure root like this? What OS are we talking about here?
gitea-mirror commented 2026-05-05 09:37:35 -06:00
Author
Owner
Copy link

@birdie-github commented on GitHub (Feb 13, 2023):

I could have posted a patch to find out the real root home directory but I feel like the main developer(s) behind the project totally oppose this idea, so ok, never mind.

As for the location of my root home directory: my / filesystem is non-essential and I don't care about it, that's why I moved /root to a different location (/home/root). I did it by choice and everything works just fine.

I'm closing this feature request/bug report and uninstalling the application. Sorry for the noise.

<!-- gh-comment-id:1428407115 --> @birdie-github commented on GitHub (Feb 13, 2023): I could have posted a patch to find out the real root home directory but I feel like the main developer(s) behind the project totally oppose this idea, so ok, never mind. As for the location of my root home directory: my `/` filesystem is non-essential and I don't care about it, that's why I moved /root to a different location (/home/root). I did it by choice and everything works just fine. I'm closing this feature request/bug report and uninstalling the application. Sorry for the noise.
gitea-mirror commented 2026-05-05 09:37:35 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 13, 2023):

Still a bug, reopening.

<!-- gh-comment-id:1428503229 --> @rusty-snake commented on GitHub (Feb 13, 2023): Still a bug, reopening.
gitea-mirror commented 2026-05-05 09:37:36 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 13, 2023):

The problem seems to be more that /root does not exists rather than $HOME for uid0 isn't /root.

a67bb37b0d/src/firejail/fs_home.c (L366-L409)

	if (arg_debug)
		printf("Mounting a new /root directory\n");
	if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME,  "mode=700,gid=0") < 0)
+               if (errno != ENOENT)
!		    errExit("mounting /root directory");
	selinux_relabel_path("/root", "/root");
	fs_logger("tmpfs /root");
<!-- gh-comment-id:1428515397 --> @rusty-snake commented on GitHub (Feb 13, 2023): The problem seems to be more that `/root` does not exists rather than `$HOME` for uid0 isn't `/root`. https://github.com/netblue30/firejail/blob/a67bb37b0ddac080008cd5cf494aaaf8531f45c0/src/firejail/fs_home.c#L366-L409 ```diff if (arg_debug) printf("Mounting a new /root directory\n"); if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_STRICTATIME, "mode=700,gid=0") < 0) + if (errno != ENOENT) ! errExit("mounting /root directory"); selinux_relabel_path("/root", "/root"); fs_logger("tmpfs /root"); ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2960
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?