github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6097] chromium: blacklisted paths are accessible (dbus) #3177

New issue
Closed
opened 2026-05-05 09:48:01 -06:00 by gitea-mirror · 6 comments
gitea-mirror commented 2026-05-05 09:48:01 -06:00
Owner
Copy link

Originally created by @Lonniebiz on GitHub (Nov 21, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6097

firejail version: 0.9.72
OS: Debian 12
Profile: chromium-browser-privacy.profile

I'm using firejail to run an AppImage of Ungoogled Chromium, which can be downloaded here:
https://ungoogled-software.github.io/ungoogled-chromium-binaries/releases/appimage/64bit/

Specifically, I've download this is the exact file/version:
https://ungoogled-software.github.io/ungoogled-chromium-binaries/releases/appimage/64bit/119.0.6045.123-1

I'm running this AppImage with the following command:
firejail --appimage --profile=/etc/firejail/chromium-browser-privacy.profile /home/user/apps/ungoogled-chromium_119.0.6045.123-1.1.AppImage

Upon running this command, after the browser launches, press ctrl-o. A file dialog will appear, and you can navigate to any file on your computer.

I typically expect firejail profiles to sandbox web browsers, but this profile is not sand-boxed.

Relates to:

Originally created by @Lonniebiz on GitHub (Nov 21, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/6097 **firejail version:** 0.9.72 **OS:** Debian 12 **Profile:** [chromium-browser-privacy.profile](https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/chromium-browser-privacy.profile) I'm using firejail to run an AppImage of Ungoogled Chromium, which can be downloaded here: https://ungoogled-software.github.io/ungoogled-chromium-binaries/releases/appimage/64bit/ Specifically, I've download this is the exact file/version: https://ungoogled-software.github.io/ungoogled-chromium-binaries/releases/appimage/64bit/119.0.6045.123-1 I'm running this AppImage with the following command: firejail --appimage --profile=/etc/firejail/chromium-browser-privacy.profile /home/user/apps/ungoogled-chromium_119.0.6045.123-1.1.AppImage Upon running this command, after the browser launches, press **ctrl-o**. A file dialog will appear, and **you can navigate to any file on your computer**. I typically expect firejail profiles to sandbox web browsers, but this profile is not sand-boxed. Relates to: * #5869
gitea-mirror 2026-05-05 09:48:01 -06:00
  • closed this issue
  • added the
    notabug
         label
gitea-mirror commented 2026-05-05 09:48:05 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 21, 2023):

profile is not sand-boxed

It is. What you see is the file picker of your Desktop Environment (specifically the xdg-desktop-portal Documents portal implementation)

<!-- gh-comment-id:1821187927 --> @rusty-snake commented on GitHub (Nov 21, 2023): > profile is not sand-boxed It is. What you see is the file picker of your Desktop Environment (specifically the xdg-desktop-portal Documents portal implementation)
gitea-mirror commented 2026-05-05 09:48:06 -06:00
Author
Owner
Copy link

@Lonniebiz commented on GitHub (Nov 21, 2023):

In Firefox, or LibreWolf, if you press alt and then go to File > Open, the sandbox doesn't even allow navigation outside of the sandbox.

In Ungoogled Chromium, with ctrl+o, you can navigate anywhere on the file system, but if you try to open a file outside of the sandbox it fails.

So, the reason for this difference is that Ungoogled Chromium doesn't have its own file picker? Hitting ctrl-o is using your desktop's file picker (which is not sandboxed). It can navigate anywhere, but cannot share with Chromium anything that's outside of the sandbox.

I guess LibreWolf has its own file picker built-in, and that's why that one can't even navigate out of the sandbox.

Is this the correct understanding? @rusty-snake

<!-- gh-comment-id:1821269049 --> @Lonniebiz commented on GitHub (Nov 21, 2023): In Firefox, or LibreWolf, if you press alt and then go to **File > Open**, the sandbox doesn't even allow **navigation** outside of the sandbox. In Ungoogled Chromium, with **ctrl+o**, you can navigate anywhere on the file system, but if you try to open a file outside of the sandbox it fails. So, the reason for this difference is that Ungoogled Chromium doesn't have its own file picker? Hitting ctrl-o is using your desktop's file picker (which is not sandboxed). It can navigate anywhere, but cannot share with Chromium anything that's outside of the sandbox. I guess LibreWolf has its own file picker built-in, and that's why that one can't even **navigate** out of the sandbox. Is this the correct understanding? @rusty-snake
gitea-mirror commented 2026-05-05 09:48:06 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 21, 2023):

In short yes.

  • You can configure Firefox and Firefox.profile to geht the same behaviuor.
  • It fails to open because the Portal assumes it has access. If x-d-p would support firejail, it would work (dynamically grant permission like in firejail).
<!-- gh-comment-id:1821430686 --> @rusty-snake commented on GitHub (Nov 21, 2023): In short yes. - You can configure Firefox and Firefox.profile to geht the same behaviuor. - It fails to open because the Portal assumes it has access. If x-d-p would support firejail, it would work (dynamically grant permission like in firejail).
gitea-mirror commented 2026-05-05 09:48:06 -06:00
Author
Owner
Copy link

@Lonniebiz commented on GitHub (Nov 22, 2023):

@rusty-snake You mentioned that the Firefox.profile can be configured to exhibit the same behavior. How?

I'd specifically like to try that in LibreWolf to address this issue I have with its built-in file picker. Thanks for the information, and for being such a good shepherd of firejail. I really appreciate it.

<!-- gh-comment-id:1821947847 --> @Lonniebiz commented on GitHub (Nov 22, 2023): @rusty-snake You mentioned that the Firefox.profile can be configured to exhibit the same behavior. How? I'd specifically like to try that in [LibreWolf](https://librewolf.net/) to address [this issue I have with its built-in file picker](https://gitlab.com/librewolf-community/browser/appimage/-/issues/18). Thanks for the information, and for being such a good shepherd of firejail. I really appreciate it.
gitea-mirror commented 2026-05-05 09:48:07 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 22, 2023):

Allow dbus access to org.freedesktop.Portal.*, maybe ignore noroot and search on about:config for Portal to find the relevant pref.

<!-- gh-comment-id:1822777529 --> @rusty-snake commented on GitHub (Nov 22, 2023): Allow dbus access to `org.freedesktop.Portal.*`, maybe ignore noroot and search on about:config for Portal to find the relevant pref.
gitea-mirror commented 2026-05-05 09:48:07 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 22, 2023):

FF pref: widget.use-xdg-desktop-portal.file-picker=1

<!-- gh-comment-id:1823344540 --> @rusty-snake commented on GitHub (Nov 22, 2023): FF pref: `widget.use-xdg-desktop-portal.file-picker=1`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3177
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?