[GH-ISSUE #5895] nautilus: How to make the entire sandbox inescapable and read-only?

gitea-mirror commented

2026-05-05 09:45:42 -06:00

Owner

Originally created by @Lizhijian-123 on GitHub (Jul 11, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5895

I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside. I use the --read-only=/ command, but I can still copy the files in the sandbox to the /run and /dev directories. How can I set it up? Make /run and /dev read-only in the sandbox?
`[root@localhost myroot]# firejail --noprofile --private=/root/lzj/ --read-only=/
firejail version 0.9.73

Parent pid 2771, child pid 2772
The new log directory is /proc/2772/root/var/log
Child process initialized in 113.43 ms
[root@localhost ~]# ls
bcd b.txt myroot
[root@localhost ~]# cp b.txt /run
[root@localhost ~]# cp b.txt /dev
[root@localhost ~]# cp b.txt /etc
cp: 无法创建普通文件"/etc/b.txt": 只读文件系统
[root@localhost ~]#
In addition, I use --private=/root/lzj, my behavior in the sandbox will be saved outside the sandbox, such as creating a new file, when the sandbox is closed, the file under /root/lzj/ still exists. --private-home=/root/lzj can solve this problem, but --private-home=/root will fail, is there a way to solve this?[root@localhost ~]# firejail --private-home=/root
Reading profile /root/.config/firejail/server.profile
Reading profile /root/.config/firejail/disable-common.inc
Reading profile /root/.config/firejail/disable-programs.inc
Reading profile /root/.config/firejail/disable-write-mnt.inc
Reading profile /root/.config/firejail/disable-xdg.inc

** Note: you can use --noprofile to disable server.profile **

firejail version 0.9.73

Parent pid 2961, child pid 2962
The new log directory is /proc/2962/root/var/log
Error: invalid file /root
Error: proc 2961 cannot sync with peer: unexpected EOF
Peer 2962 unexpectedly exited with status 1
[root@localhost ~]#
`

Originally created by @Lizhijian-123 on GitHub (Jul 11, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5895 I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside. I use the --read-only=/ command, but I can still copy the files in the sandbox to the /run and /dev directories. How can I set it up? Make /run and /dev read-only in the sandbox? `[root@localhost myroot]# firejail --noprofile --private=/root/lzj/ --read-only=/ firejail version 0.9.73 Parent pid 2771, child pid 2772 The new log directory is /proc/2772/root/var/log Child process initialized in 113.43 ms [root@localhost ~]# ls bcd b.txt myroot [root@localhost ~]# cp b.txt /run [root@localhost ~]# cp b.txt /dev [root@localhost ~]# cp b.txt /etc cp: 无法创建普通文件"/etc/b.txt": 只读文件系统 [root@localhost ~]# ` In addition, I use --private=/root/lzj, my behavior in the sandbox will be saved outside the sandbox, such as creating a new file, when the sandbox is closed, the file under /root/lzj/ still exists. --private-home=/root/lzj can solve this problem, but --private-home=/root will fail, is there a way to solve this? `[root@localhost ~]# firejail --private-home=/root Reading profile /root/.config/firejail/server.profile Reading profile /root/.config/firejail/disable-common.inc Reading profile /root/.config/firejail/disable-programs.inc Reading profile /root/.config/firejail/disable-write-mnt.inc Reading profile /root/.config/firejail/disable-xdg.inc ** Note: you can use --noprofile to disable server.profile ** firejail version 0.9.73 Parent pid 2961, child pid 2962 The new log directory is /proc/2962/root/var/log Error: invalid file /root Error: proc 2961 cannot sync with peer: unexpected EOF Peer 2962 unexpectedly exited with status 1 [root@localhost ~]# `

gitea-mirror added the

question

label 2026-05-05 09:45:42 -06:00

gitea-mirror commented

2026-05-05 09:45:44 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 11, 2023):

I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside.

From a process inside of the sandbox or outside? The laterone is impossible.

@rusty-snake commented on GitHub (Jul 11, 2023): > I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside. From a process inside of the sandbox or outside? The laterone is impossible.

gitea-mirror commented

2026-05-05 09:45:45 -06:00

Author

Owner

@kmk3 commented on GitHub (Jul 11, 2023):

(Offtopic)

@Lizhijian-123

Please see the following links for how to format code blocks in markdown:

@kmk3 commented on GitHub (Jul 11, 2023): (Offtopic) @Lizhijian-123 Please see the following links for how to format code blocks in markdown: * <https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks> * <https://github.github.com/gfm/#fenced-code-blocks>

gitea-mirror commented

2026-05-05 09:45:46 -06:00

Author

Owner

@Lizhijian-123 commented on GitHub (Jul 12, 2023):

(Offtopic)

@Lizhijian-123

Please see the following links for how to format code blocks in markdown:

https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks

https://github.github.com/gfm/#fenced-code-blocks

Thanks，get it

@Lizhijian-123 commented on GitHub (Jul 12, 2023): > (Offtopic) > > @Lizhijian-123 > > Please see the following links for how to format code blocks in markdown: > > * https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks > * https://github.github.com/gfm/#fenced-code-blocks Thanks，get it

gitea-mirror commented

2026-05-05 09:45:47 -06:00

Author

Owner

@Lizhijian-123 commented on GitHub (Jul 12, 2023):

I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside.

From a process inside of the sandbox or outside? The laterone is impossible.

Thank you for your reply. Please allow me to rephrase my question, as my original wording and expression may not have been accurate.

the first question:

I'd like to run nautilus within a Firejail sandbox and restrict file movement from inside the sandbox to the outside.
I would like to inquire if there is a way to prohibit the copying of files from within the sandbox to /run and /dev？

The command I'm using is: "firejail --private=/root/kkk --read-only=/ --env=GTK_THEME=Adwaita:dark --noprofile nautilus".

There are files "a.txt" and "c.txt" in the "/root/kkk" directory.

[root@localhost kkk]# ls
a.txt  c.txt

Then I run the command：

[root@localhost kkk]# firejail --private=/root/kkk --read-only=/ --env=GTK_THEME=Adwaita:dark --noprofile nautilus
firejail version 0.9.73

Parent pid 3135, child pid 3136
The new log directory is /proc/3136/root/var/log
Child process initialized in 24.32 ms

** (nautilus:3): WARNING **: 09:56:15.846: Unable to get contents of the bookmarks file: 打开文件 /root/.gtk-bookmarks 时出错：No such file or directory

In this command, I have configured the "/" directory as read-only in order to limit the movement of files within the sandbox (primarily those located under the root directory) into folders within the "/" directory. This is necessary because the contents of the "/" directory are shared between the sandbox and the outside environment.

However, I have noticed that even though I have set the root directory to be read-only, files from within the sandbox can still be copied to the /run and /dev directories. Please take a look at the following execution results.

[root@localhost ~]# ls
a.txt  c.txt
[root@localhost ~]# cp a.txt /run         //Copying successful.
[root@localhost ~]# cp a.txt /dev        //Copying successful. 
[root@localhost ~]# cp a.txt /bin         //Copying failure
cp: 无法创建普通文件"/bin/a.txt": 只读文件系统

I tried adding /run and /dev to the blacklist, but it had no effect. I would like to inquire if there is a way to prohibit the copying of files from within the sandbox to /run and /dev.

The second question：

I want to realize that the content under /root in the sandbox is consistent with the content under /root in the user space, but isolated, that is, the modifications I make in the sandbox will not be synchronized to the user space /root.

As described above, when I set --private=/root/kkk, any actions performed within the sandbox, such as deleting or creating files, will be synchronized with the /root/kkk directory in the user space.
However, if I set --private-home=/root/kkk, any actions performed within the sandbox will not be synchronized with the /root/kkk directory in the user space. This is a great feature, but using --private-home=/root results in an error, indicating that it is not possible to include the entire /root directory in the sandbox when using --private-home.

Is there any way to achieve the goal of copying the contents of the user's /root directory into the sandbox under /root and ensuring that modifications made within the sandbox do not synchronize with the user's /root directory? I have attempted to use mounting as a solution.

@Lizhijian-123 commented on GitHub (Jul 12, 2023): > > I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside. > > From a process inside of the sandbox or outside? The laterone is impossible. **Thank you for your reply. Please allow me to rephrase my question, as my original wording and expression may not have been accurate.** ### the first question: I'd like to run **nautilus within a Firejail sandbox** and **restrict file movement from inside the sandbox to the outside**. **I would like to inquire if there is a way to prohibit the copying of files from within the sandbox to /run and /dev？** The command I'm using is: "**firejail --private=/root/kkk --read-only=/ --env=GTK_THEME=Adwaita:dark --noprofile nautilus**". **There are files "a.txt" and "c.txt" in the "/root/kkk" directory.** ``` [root@localhost kkk]# ls a.txt c.txt ``` **Then I run the command：** ``` [root@localhost kkk]# firejail --private=/root/kkk --read-only=/ --env=GTK_THEME=Adwaita:dark --noprofile nautilus firejail version 0.9.73 Parent pid 3135, child pid 3136 The new log directory is /proc/3136/root/var/log Child process initialized in 24.32 ms ** (nautilus:3): WARNING **: 09:56:15.846: Unable to get contents of the bookmarks file: 打开文件 /root/.gtk-bookmarks 时出错：No such file or directory ``` In this command, I have configured the "/" directory as read-only in order to limit the movement of files within the sandbox (primarily those located under the root directory) into folders within the "/" directory. This is necessary because the contents of the "/" directory are shared between the sandbox and the outside environment. However, I have noticed that even though I have set the root directory to be read-only, files from within the sandbox can still be copied to the /run and /dev directories. Please take a look at the following execution results. ``` [root@localhost ~]# ls a.txt c.txt [root@localhost ~]# cp a.txt /run //Copying successful. [root@localhost ~]# cp a.txt /dev //Copying successful. [root@localhost ~]# cp a.txt /bin //Copying failure cp: 无法创建普通文件"/bin/a.txt": 只读文件系统 ``` I tried adding /run and /dev to the blacklist, but it had no effect. **I would like to inquire if there is a way to prohibit the copying of files from within the sandbox to /run and /dev**. ### The second question： **I want to realize that the content under **/root in the sandbox** is consistent with the content under **/root in the user space**, but isolated, that is, the modifications I make in the sandbox will not be synchronized to the user space /root.** As described above, when I set **--private=/root/kkk**, any actions performed within the sandbox, such as deleting or creating files, will be synchronized with the **/root/kkk directory in the user space**. However, if I set **--private-home=/root/kkk**, any actions performed within the sandbox **will not be synchronized with the /root/kkk directory in the user space**. This is a great feature, but **using --private-home=/root results in an error**, indicating **that it is not possible to include the entire /root directory in the sandbox when using --private-home**. Is there any way to achieve the goal of **copying the contents of the user's /root directory into the sandbox under /root and ensuring that modifications made within the sandbox do not synchronize with the user's /root directory**? I have attempted to use mounting as a solution.

gitea-mirror commented

2026-05-05 09:45:48 -06:00

Author

Owner

@Lizhijian-123 commented on GitHub (Jul 12, 2023):

I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside.

From a process inside of the sandbox or outside? The laterone is impossible.

inside the sandbox

@Lizhijian-123 commented on GitHub (Jul 12, 2023): > > I want to use firejail to realize the function that the files in the sandbox cannot be transferred outside. > > From a process inside of the sandbox or outside? The laterone is impossible. inside the sandbox

gitea-mirror commented

2026-05-05 09:45:49 -06:00

Author

Owner

@ghost commented on GitHub (Jul 12, 2023):

Sandboxing GUI file managers (like Nautilus) is an exercise in futility IMO. That's one of the reasons we don't enable any file managers by default in firecfg. We've had questions about this topic before. A search through our repo could provide you with some more context. Additionally, attempting to run it as root is bound to run into obstacles:

1d5fff9034/etc/firejail.config (L81-L84)

You can change that limit, but do you really want to waste all that RAM?

I'm not entirely sure about the use-case, but IMO using a 'regular' bind mount as read-only technique without Firejail seems less stressful (to the OS and its user both). Have you tried to look into that yet?

@ghost commented on GitHub (Jul 12, 2023): Sandboxing GUI file managers (like Nautilus) is an exercise in futility IMO. That's one of the reasons we don't enable any file managers by default in firecfg. We've had questions about this topic before. A search through our repo could provide you with some more context. Additionally, attempting to run it as root is bound to run into obstacles: https://github.com/netblue30/firejail/blob/1d5fff9034796d69f287abbcfedff0342990fb7c/etc/firejail.config#L81-L84 You _can_ change that limit, but do you really want to waste all that RAM? I'm not entirely sure about the use-case, but IMO using a 'regular' bind mount as read-only technique without Firejail seems less stressful (to the OS and its user both). Have you tried to look into that yet?

gitea-mirror commented

2026-05-05 09:45:49 -06:00

Author

Owner

@Lizhijian-123 commented on GitHub (Jul 12, 2023):

Sandboxing GUI file managers (like Nautilus) is an exercise in futility IMO. That's one of the reasons we don't enable any file managers by default in firecfg. We've had questions about this topic before. A search through our repo could provide you with some more context. Additionally, attempting to run it as root is bound to run into obstacles:

1d5fff9034/etc/firejail.config (L81-L84)

You can change that limit, but do you really want to waste all that RAM?

I'm not entirely sure about the use-case, but IMO using a 'regular' bind mount as read-only technique without Firejail seems less stressful (to the OS and its user both). Have you tried to look into that yet?
Thank you for your reply.
Do you mean, I can only copy a maximum of 500M using commands like --private-home, or is it in RAM? This is surprising.

I mount the /root directory into the sandbox by read-only, so that the contents of /root can be seen but not modified in the sandbox.
The effect of this is not bad, but it is not a satisfactory solution.
As people know firejail is a great work, thanks for your contributions, I need to spend more time to learn how to use firejail, it's a little hard for me，thank you.

@Lizhijian-123 commented on GitHub (Jul 12, 2023): > Sandboxing GUI file managers (like Nautilus) is an exercise in futility IMO. That's one of the reasons we don't enable any file managers by default in firecfg. We've had questions about this topic before. A search through our repo could provide you with some more context. Additionally, attempting to run it as root is bound to run into obstacles: > > https://github.com/netblue30/firejail/blob/1d5fff9034796d69f287abbcfedff0342990fb7c/etc/firejail.config#L81-L84 > > You _can_ change that limit, but do you really want to waste all that RAM? > > I'm not entirely sure about the use-case, but IMO using a 'regular' bind mount as read-only technique without Firejail seems less stressful (to the OS and its user both). Have you tried to look into that yet? **Thank you for your reply.** **Do you mean, I can only copy a maximum of 500M using commands like --private-home, or is it in RAM? This is surprising.** I mount the **/root directory into the sandbox by read-only**, **so that the contents of /root can be seen but not modified in the sandbox**. The effect of this is not bad, but it is not a satisfactory solution. As people know firejail is a great work, thanks for your contributions, I need to spend more time to learn how to use firejail, it's a little hard for me，thank you.

gitea-mirror commented

2026-05-05 09:45:50 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 12, 2023):

Can you explain more on your thread model. Because if you want to secure this against malicious code, you have to do more. What about D-Bus, it can be used to write files too; If you run as root, the program can just remount,rw the directories. What's your result with --read-only=/*?

@rusty-snake commented on GitHub (Jul 12, 2023): Can you explain more on your thread model. Because if you want to secure this against malicious code, you have to do more. What about D-Bus, it can be used to write files too; If you run as root, the program can just `remount,rw` the directories. What's your result with `--read-only=/*`?

gitea-mirror commented

2026-05-05 09:45:51 -06:00

Author

Owner

@Lizhijian-123 commented on GitHub (Jul 13, 2023):

Can you explain more on your thread model. Because if you want to secure this against malicious code, you have to do more. What about D-Bus, it can be used to write files too; If you run as root, the program can just remount,rw the directories. What's your result with --read-only=/*?

My goal is to implement everything in the sandbox that can see the user space, but I can't move the things in the sandbox to outside the sandbox, so I did a few things:

Create a folder /root/ sandbox as the sandbox root directory --private-home=/root/sandbox
Create a root directory /root/sandbox/root under /root/sandbox, and mount the root directory to /root/sandbox/root, so that you can see the content under /root in the sandbox and cannot modify it
Set a --read-only=/ for the root directory, so as to ensure that the files in the sandbox will not be copied to the **/ ***directory, but unfortunately it can still be copied to /run and /dev。
About D-bus，i need more knowledege ，I'll seriously research if this works for me，Thanks

@Lizhijian-123 commented on GitHub (Jul 13, 2023): > Can you explain more on your thread model. Because if you want to secure this against malicious code, you have to do more. What about D-Bus, it can be used to write files too; If you run as root, the program can just `remount,rw` the directories. What's your result with `--read-only=/*`? My goal is to implement everything in the sandbox that can see the user space, but I can't move the things in the sandbox to outside the sandbox, so I did a few things: 1. Create a folder /root/ sandbox as the sandbox root directory **--private-home=/root/sandbox** 2. Create a root directory /root/sandbox/root under /root/sandbox, and **mount the root directory to /root/sandbox/root,** so that you can see the content under /root in the sandbox and **cannot modify it** 3. Set a **--read-only=/** for the root directory, so as to ensure that the files in the sandbox will not be copied to the **/ ***directory, but unfortunately it can still be copied to /run and /dev。 About D-bus，i need more knowledege ，I'll seriously research if this works for me，Thanks

Rows
Columns

[GH-ISSUE #5895] nautilus: How to make the entire sandbox inescapable and read-only? #3126

the first question:

The second question：