github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #7132] can't disable blacklist of ~/.config/firejail #3497

New issue
Open
opened 2026-05-05 10:02:01 -06:00 by gitea-mirror · 10 comments
gitea-mirror commented 2026-05-05 10:02:01 -06:00
Owner
Copy link

Originally created by @carlsampurna on GitHub (Apr 10, 2026).
Original GitHub issue: https://github.com/netblue30/firejail/issues/7132

Description

firejail calls disable_config() if not running as root, which blacklists ~/.config/firejail. There is no way to tell firejail not to do this, which means when I sandbox a program to back up my home directory, my firejail configs don't get backed up.

Steps to Reproduce

run from your home directory:

$ firejail --noprofile ls -ld .config/firejail
firejail version 0.9.80

Parent pid 2765731, child pid 2765732
Base filesystem installed in 0.05 ms
Child process initialized in 18.53 ms
dr-------- 2 root root 40 Mar 30 09:24 .config/firejail

Parent is shutting down, bye...

Expected behavior

I did not expect the firejail source to contain hardcoded blacklists that cannot be disabled, though from the many calls to disable_file() in fs.c this is only one of many, and as far as I can tell this is undocumented behavior.

Environment

Arch
Linux 6.19.10-zen1-1-zen x86_64
firejail 0.9.80-1

Checklist

  • I am using firejail 0.9.80 or later
  • I am using the full program path (e.g. firejail /usr/bin/vlc instead of firejail vlc; see https://github.com/netblue30/firejail/issues/2877)
  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • I have performed a short search for similar issues (to avoid opening a duplicate).

Log

Output of LC_ALL=C firejail --debug /path/to/program 

firejail version 0.9.80

DISPLAY=:0 parsed as 0
Parent pid 2782310, child pid 2782311
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
pid=2782310: locking /run/firejail/firejail-run.lock ...
pid=2782310: locked /run/firejail/firejail-run.lock
pid=2782310: unlocking /run/firejail/firejail-run.lock ...
pid=2782310: unlocked /run/firejail/firejail-run.lock
Building quoted command line: 'ls' '-ld' '.config/firejail' 
Command name #ls#
pid=2782310: locking /run/firejail/firejail-run.lock ...
pid=2782310: locked /run/firejail/firejail-run.lock
pid=2782310: unlocking /run/firejail/firejail-run.lock ...
pid=2782310: unlocked /run/firejail/firejail-run.lock
Using the local network stack
Base filesystem installed in 0.05 ms
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
pid=2782310: locking /run/firejail/firejail-run.lock ...
pid=2782310: locked /run/firejail/firejail-run.lock
pid=2782310: unlocking /run/firejail/firejail-run.lock ...
pid=2782310: unlocked /run/firejail/firejail-run.lock
Building quoted command line: 'ls' '-ld' '.config/firejail' 
Command name #ls#
pid=2782310: locking /run/firejail/firejail-run.lock ...
pid=2782310: locked /run/firejail/firejail-run.lock
pid=2782310: unlocking /run/firejail/firejail-run.lock ...
pid=2782310: unlocked /run/firejail/firejail-run.lock
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
8781 8722 253:0 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/zot-root rw
mountid=8781 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
8782 8781 253:0 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/zot-root rw
mountid=8782 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
8783 8722 253:0 /var /var ro,relatime master:1 - ext4 /dev/mapper/zot-root rw
mountid=8783 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
8784 8783 253:0 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/zot-root rw
mountid=8784 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
8785 8722 253:0 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/zot-root rw
mountid=8785 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/sampurna/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
blacklist /run/firejail/dbus
Creating a new /etc/hostname file
Creating empty /run/firejail/mnt/hostname file
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /proc/1/comm
Disable /proc/1/comm
Disable /proc/1/cmdline
Disable /proc/1/stat
Disable /proc/1/statm
Disable /proc/1/status
Disable /proc/1/task/1/comm
Disable /proc/1/task/1/cmdline
Disable /proc/1/task/1/stat
Disable /proc/1/task/1/statm
Disable /proc/1/task/1/status
Disable /usr/lib/modules/6.19.10-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /dev/port
Disable /run/user/1501/gnupg
Disable /run/user/1501/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /sys/fs
Disable /sys/module
DISPLAY=:0 parsed as 0
Globbing /dev/tcm[0-9]* (type=tpm skip_symlinks=0)
No match /dev/tcm[0-9]* (type=tpm)
Globbing /dev/tcmrm[0-9]* (type=tpm skip_symlinks=0)
No match /dev/tcmrm[0-9]* (type=tpm)
Globbing /dev/tpm[0-9]* (type=tpm skip_symlinks=0)
blacklist /dev/tpm0
Globbing /dev/tpmrm[0-9]* (type=tpm skip_symlinks=0)
blacklist /dev/tpmrm0
Globbing /dev/ntsync (type=ntsync skip_symlinks=0)
No match /dev/ntsync (type=ntsync)
Current directory: /home/sampurna
Mounting read-only /run/firejail/mnt/seccomp
8842 8778 0:387 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64,huge=within_size
mountid=8842 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             120 .
drwxr-xr-x root     root             220 ..
-rw-r--r-- sampurna users            720 seccomp
-rw-r--r-- sampurna users            432 seccomp.32
-rw-r--r-- sampurna users              0 seccomp.postexec
-rw-r--r-- sampurna users              0 seccomp.postexec32
No active seccomp files
Drop privileges: pid 1, uid 1501, gid 984, force_nogroups 0
Closing non-standard file descriptors
Not enforcing Landlock (see landlock.enforce)
Child process initialized in 19.14 ms
Starting application
LD_PRELOAD=(null)
execvp argument 0: ls
execvp argument 1: -ld
execvp argument 2: .config/firejail
dr-------- 2 root root 40 Mar 30 09:24 .config/firejail

Parent is shutting down, bye...
pid=2782310: unlocking /run/firejail/firejail-network.lock ...
pid=2782310: already unlocked /run/firejail/firejail-network.lock

</p>
</details>
Originally created by @carlsampurna on GitHub (Apr 10, 2026). Original GitHub issue: https://github.com/netblue30/firejail/issues/7132 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description firejail calls disable_config() if not running as root, which blacklists ~/.config/firejail. There is no way to tell firejail not to do this, which means when I sandbox a program to back up my home directory, my firejail configs don't get backed up. ### Steps to Reproduce run from your home directory: $ firejail --noprofile ls -ld .config/firejail firejail version 0.9.80 Parent pid 2765731, child pid 2765732 Base filesystem installed in 0.05 ms Child process initialized in 18.53 ms dr-------- 2 root root 40 Mar 30 09:24 .config/firejail Parent is shutting down, bye... ### Expected behavior I did not expect the firejail source to contain hardcoded blacklists that cannot be disabled, though from the many calls to disable_file() in fs.c this is only one of many, and as far as I can tell this is undocumented behavior. ### Environment Arch Linux 6.19.10-zen1-1-zen x86_64 firejail 0.9.80-1 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] I am using firejail [0.9.80 or later](https://github.com/netblue30/firejail/tree/master/SECURITY.md) - [x] I am using the full program path (e.g. `firejail /usr/bin/vlc` instead of `firejail vlc`; see `https://github.com/netblue30/firejail/issues/2877`) - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). ### Log <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> <!-- If the output is too long, save it to a file (e.g. "fjdebug.txt") and attach it to the comment: https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files If that does not work, create a secret gist at https://gist.github.com/ and link it here. --> ``` firejail version 0.9.80 DISPLAY=:0 parsed as 0 Parent pid 2782310, child pid 2782311 Looking for kernel processes Found kthreadd process, we are not running in a sandbox pid=2782310: locking /run/firejail/firejail-run.lock ... pid=2782310: locked /run/firejail/firejail-run.lock pid=2782310: unlocking /run/firejail/firejail-run.lock ... pid=2782310: unlocked /run/firejail/firejail-run.lock Building quoted command line: 'ls' '-ld' '.config/firejail' Command name #ls# pid=2782310: locking /run/firejail/firejail-run.lock ... pid=2782310: locked /run/firejail/firejail-run.lock pid=2782310: unlocking /run/firejail/firejail-run.lock ... pid=2782310: unlocked /run/firejail/firejail-run.lock Using the local network stack Base filesystem installed in 0.05 ms Looking for kernel processes Found kthreadd process, we are not running in a sandbox pid=2782310: locking /run/firejail/firejail-run.lock ... pid=2782310: locked /run/firejail/firejail-run.lock pid=2782310: unlocking /run/firejail/firejail-run.lock ... pid=2782310: unlocked /run/firejail/firejail-run.lock Building quoted command line: 'ls' '-ld' '.config/firejail' Command name #ls# pid=2782310: locking /run/firejail/firejail-run.lock ... pid=2782310: locked /run/firejail/firejail-run.lock pid=2782310: unlocking /run/firejail/firejail-run.lock ... pid=2782310: unlocked /run/firejail/firejail-run.lock Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 8781 8722 253:0 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/zot-root rw mountid=8781 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 8782 8781 253:0 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/zot-root rw mountid=8782 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 8783 8722 253:0 /var /var ro,relatime master:1 - ext4 /dev/mapper/zot-root rw mountid=8783 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 8784 8783 253:0 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/zot-root rw mountid=8784 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 8785 8722 253:0 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/zot-root rw mountid=8785 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/sampurna/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 blacklist /run/firejail/dbus Creating a new /etc/hostname file Creating empty /run/firejail/mnt/hostname file Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /proc/1/comm Disable /proc/1/comm Disable /proc/1/cmdline Disable /proc/1/stat Disable /proc/1/statm Disable /proc/1/status Disable /proc/1/task/1/comm Disable /proc/1/task/1/cmdline Disable /proc/1/task/1/stat Disable /proc/1/task/1/statm Disable /proc/1/task/1/status Disable /usr/lib/modules/6.19.10-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /dev/port Disable /run/user/1501/gnupg Disable /run/user/1501/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /sys/fs Disable /sys/module DISPLAY=:0 parsed as 0 Globbing /dev/tcm[0-9]* (type=tpm skip_symlinks=0) No match /dev/tcm[0-9]* (type=tpm) Globbing /dev/tcmrm[0-9]* (type=tpm skip_symlinks=0) No match /dev/tcmrm[0-9]* (type=tpm) Globbing /dev/tpm[0-9]* (type=tpm skip_symlinks=0) blacklist /dev/tpm0 Globbing /dev/tpmrm[0-9]* (type=tpm skip_symlinks=0) blacklist /dev/tpmrm0 Globbing /dev/ntsync (type=ntsync skip_symlinks=0) No match /dev/ntsync (type=ntsync) Current directory: /home/sampurna Mounting read-only /run/firejail/mnt/seccomp 8842 8778 0:387 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64,huge=within_size mountid=8842 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 220 .. -rw-r--r-- sampurna users 720 seccomp -rw-r--r-- sampurna users 432 seccomp.32 -rw-r--r-- sampurna users 0 seccomp.postexec -rw-r--r-- sampurna users 0 seccomp.postexec32 No active seccomp files Drop privileges: pid 1, uid 1501, gid 984, force_nogroups 0 Closing non-standard file descriptors Not enforcing Landlock (see landlock.enforce) Child process initialized in 19.14 ms Starting application LD_PRELOAD=(null) execvp argument 0: ls execvp argument 1: -ld execvp argument 2: .config/firejail dr-------- 2 root root 40 Mar 30 09:24 .config/firejail Parent is shutting down, bye... pid=2782310: unlocking /run/firejail/firejail-network.lock ... pid=2782310: already unlocked /run/firejail/firejail-network.lock </p> </details>
gitea-mirror commented 2026-05-05 10:02:03 -06:00
Author
Owner
Copy link

@haplo commented on GitHub (Apr 13, 2026):

I don't know whether it will make a difference, but have you tried /usr/bin/ls instead of just ls?

<!-- gh-comment-id:4235506670 --> @haplo commented on GitHub (Apr 13, 2026): I don't know whether it will make a difference, but have you tried `/usr/bin/ls` instead of just `ls`?
gitea-mirror commented 2026-05-05 10:02:03 -06:00
Author
Owner
Copy link

@carlsampurna commented on GitHub (Apr 13, 2026):

I don't know whether it will make a difference, but have you tried /usr/bin/ls instead of just ls?

produces the same result:

$ firejail --noprofile /usr/bin/ls -ld .config/firejail
firejail version 0.9.80

Parent pid 101929, child pid 101930
Base filesystem installed in 0.05 ms
Child process initialized in 19.21 ms
dr-------- 2 root root 40 Mar 30 09:24 .config/firejail

Parent is shutting down, bye...

<!-- gh-comment-id:4237168408 --> @carlsampurna commented on GitHub (Apr 13, 2026): > I don't know whether it will make a difference, but have you tried `/usr/bin/ls` instead of just `ls`? produces the same result: $ firejail --noprofile /usr/bin/ls -ld .config/firejail firejail version 0.9.80 Parent pid 101929, child pid 101930 Base filesystem installed in 0.05 ms Child process initialized in 19.21 ms dr-------- 2 root root 40 Mar 30 09:24 .config/firejail Parent is shutting down, bye...
gitea-mirror commented 2026-05-05 10:02:04 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Apr 13, 2026):

A sandbox that can modify its own policy is ... well, think of it.

BTW, what's the purpose of sandboxing a backupprogram. It can access all your files, manipulate your backups. It's likely part of your TCB, isn't it?

<!-- gh-comment-id:4237373736 --> @rusty-snake commented on GitHub (Apr 13, 2026): A sandbox that can modify its own policy is ... well, think of it. BTW, what's the purpose of sandboxing a backupprogram. It can access all your files, manipulate your backups. It's likely part of your TCB, isn't it?
gitea-mirror commented 2026-05-05 10:02:05 -06:00
Author
Owner
Copy link

@carlsampurna commented on GitHub (Apr 13, 2026):

A sandbox that can modify its own policy is ... well, think of it.

of course, but there's been no suggestion of that. My point is more that firejail shouldn't have any policies compiled in, that can't be disabled. As default behavior it makes sense to blacklist ~/.config/firejail but I should be able to override that with:

noblacklist ~/.config/firejail
read-only ~/.config/firejail

if I want to.

Additionally, all compiled-in policy should be documented outside of the source. If it were all moved to something like /etc/firejail/default_policy.inc then it would be more visible, and all the normal override mechanism would apply.

BTW, what's the purpose of sandboxing a backup program. It can access all your files, manipulate your backups. It's likely part of your TCB, isn't it?

that's what I thought at first too, but I later realized that my backup program doesn't need network acccess, or device access, or write access to my home directory, etc. Obviously a malicious backup program is still a big problem, but sandboxing it will substantially reduce the available attack surface, and if its malicious behavior is implemented assuming no sandboxing, maybe I win... :)

<!-- gh-comment-id:4237904471 --> @carlsampurna commented on GitHub (Apr 13, 2026): > A sandbox that can modify its own policy is ... well, think of it. of course, but there's been no suggestion of that. My point is more that firejail shouldn't have any policies compiled in, that can't be disabled. As default behavior it makes sense to blacklist ~/.config/firejail but I should be able to override that with: noblacklist ~/.config/firejail read-only ~/.config/firejail if I want to. Additionally, all compiled-in policy should be documented outside of the source. If it were all moved to something like /etc/firejail/default_policy.inc then it would be more visible, and all the normal override mechanism would apply. > BTW, what's the purpose of sandboxing a backup program. It can access all your files, manipulate your backups. It's likely part of your TCB, isn't it? that's what I thought at first too, but I later realized that my backup program doesn't need network acccess, or device access, or write access to my home directory, etc. Obviously a malicious backup program is still a big problem, but sandboxing it will substantially reduce the available attack surface, and if its malicious behavior is implemented assuming no sandboxing, maybe I win... :)
gitea-mirror commented 2026-05-05 10:02:05 -06:00
Author
Owner
Copy link

@Changaco commented on GitHub (Apr 13, 2026):

For what it's worth, I agree that hardcoded blacklisting is a problem.

The workaround is to use another sandboxing tool like bubblewrap or nsjail.

<!-- gh-comment-id:4238384806 --> @Changaco commented on GitHub (Apr 13, 2026): For what it's worth, I agree that hardcoded blacklisting is a problem. The workaround is to use another sandboxing tool like [bubblewrap](https://github.com/containers/bubblewrap) or [nsjail](https://github.com/google/nsjail).
gitea-mirror commented 2026-05-05 10:02:05 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Apr 13, 2026):

My point is more that firejail shouldn't have any policies compiled in, that can't be disabled.

Some very basic policies are required to have a privileged escape vulnerability.

Some of the built-in policies can be overriden, see https://github.com/netblue30/firejail/blob/master/etc/profile-m-z/noprofile.profile. Which is also the best "documentation" of these built-in policies.

noblacklist ~/.config/firejail
read-only ~/.config/firejail

Beside the problem that you can create ~/.config/firejail if it does not exist, changing the built-in to read-only makes sense to me. /etc/firejail isn't blacklisted either.

but sandboxing it will substantially reduce the available attack surface

I'm unsure how to interpret this. If it means reduced attack surface for a malicious process to take over control of you backup program, then no, sandboxing can even increase this risk. If it is the attack surface from the backup program to your system, then is a sandbox that can be escaped only a sandbox that provides save-my-ass-security ("if its malicious behavior is implemented assuming no sandboxing").

The workaround is to use another sandboxing tool like bubblewrap or nsjail.

I would even go a step further and say that firejail might not be the best tool if you want fine control over your sandboxing policy. Firejail has more focus on convenience for GUI programs.

bubblejail and nsjail where already named, then there is minijail, plain unshare, setpriv and systemd-run.

FWIW: My current backup setup (with restic) uses a systemd unit. This way I can run restic unprivileged but with CAP_DAC_READ_SEARCH and with limited system (write filesystem, network, ...) access.

<!-- gh-comment-id:4238804962 --> @rusty-snake commented on GitHub (Apr 13, 2026): > My point is more that firejail shouldn't have any policies compiled in, that can't be disabled. Some very basic policies are required to have a privileged escape vulnerability. Some of the built-in policies can be overriden, see https://github.com/netblue30/firejail/blob/master/etc/profile-m-z/noprofile.profile. Which is also the best "documentation" of these built-in policies. > noblacklist ~/.config/firejail read-only ~/.config/firejail Beside the problem that you can create `~/.config/firejail` if it does not exist, changing the built-in to read-only makes sense to me. `/etc/firejail` isn't blacklisted either. > but sandboxing it will substantially reduce the available attack surface I'm unsure how to interpret this. If it means reduced attack surface for a malicious process to take over control of you backup program, then no, sandboxing can even increase this risk. If it is the attack surface from the backup program to your system, then is a sandbox that can be escaped only a sandbox that provides save-my-ass-security ("if its malicious behavior is implemented assuming no sandboxing"). > The workaround is to use another sandboxing tool like [bubblewrap](https://github.com/containers/bubblewrap) or [nsjail](https://github.com/google/nsjail). I would even go a step further and say that firejail might not be the best tool if you want fine control over your sandboxing policy. Firejail has more focus on convenience for GUI programs. bubblejail and nsjail where already named, then there is minijail, plain `unshare`, `setpriv` and `systemd-run`. FWIW: My current backup setup (with `restic`) uses a systemd unit. This way I can run restic unprivileged but with `CAP_DAC_READ_SEARCH` and with limited system (write filesystem, network, ...) access.
gitea-mirror commented 2026-05-05 10:02:06 -06:00
Author
Owner
Copy link

@carlsampurna commented on GitHub (Apr 13, 2026):

Some of the built-in policies can be overridden, see https://github.com/netblue30/firejail/blob/master/etc/profile-m-z/noprofile.profile. Which is also the best "documentation" of these built-in policies.

the page at that link made me realize that "--noprofile" and "--profile=noprofile" are not the same, ugh.

noblacklist ~/.config/firejail
read-only ~/.config/firejail

Beside the problem that you can create ~/.config/firejail if it does not exist

that points to another, more serious, bug; if ~/.config/firejail doesn't exist the compiled-in blacklist of it apparently fails, and a sandboxed program can then create it.

I would even go a step further and say that firejail might not be the best tool if you want fine control over your sandboxing policy. Firejail has more focus on convenience for GUI programs.

bubblejail and nsjail where already named, then there is minijail, plain unshare, setpriv and systemd-run.

thanks for the pointers, that's probably good advice; I wish I'd heard it before spending as much time with firejail as I have...

<!-- gh-comment-id:4238941125 --> @carlsampurna commented on GitHub (Apr 13, 2026): > Some of the built-in policies can be overridden, see https://github.com/netblue30/firejail/blob/master/etc/profile-m-z/noprofile.profile. Which is also the best "documentation" of these built-in policies. the page at that link made me realize that "--noprofile" and "--profile=noprofile" are not the same, ugh. > > noblacklist ~/.config/firejail > > read-only ~/.config/firejail > > Beside the problem that you can create `~/.config/firejail` if it does not exist that points to another, more serious, bug; if ~/.config/firejail doesn't exist the compiled-in blacklist of it apparently fails, and a sandboxed program can then create it. > I would even go a step further and say that firejail might not be the best tool if you want fine control over your sandboxing policy. Firejail has more focus on convenience for GUI programs. > > bubblejail and nsjail where already named, then there is minijail, plain `unshare`, `setpriv` and `systemd-run`. thanks for the pointers, that's probably good advice; I wish I'd heard it before spending as much time with firejail as I have...
gitea-mirror commented 2026-05-05 10:02:06 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Apr 13, 2026):

that points to another, more serious, bug; if ~/.config/firejail doesn't exist the compiled-in blacklist of it apparently fails, and a sandboxed program can then create it.

Yeah, I know. If its doesn't exist a sandboxed program (that does not use whitelisting) can create .bashrc, .bash_profile, .bash_login, .bashrc.d, .config/alacritty, .config/systemd, .local/bin, .config/nvim, .gnupg/gpg.conf, .ssh/config, .tmux.conf, ...

<!-- gh-comment-id:4239282977 --> @rusty-snake commented on GitHub (Apr 13, 2026): > that points to another, more serious, bug; if ~/.config/firejail doesn't exist the compiled-in blacklist of it apparently fails, and a sandboxed program can then create it. Yeah, I know. If its doesn't exist a sandboxed program (that does not use whitelisting) can create `.bashrc`, `.bash_profile`, `.bash_login`, `.bashrc.d`, `.config/alacritty`, `.config/systemd`, `.local/bin`, `.config/nvim`, `.gnupg/gpg.conf`, `.ssh/config`, `.tmux.conf`, ...
gitea-mirror commented 2026-05-05 10:02:07 -06:00
Author
Owner
Copy link

@Changaco commented on GitHub (Apr 15, 2026):

Yeah, I know.

Is there a dedicated issue for this known firejail vulnerability that lets a program escape the sandbox on its second run?

<!-- gh-comment-id:4250935041 --> @Changaco commented on GitHub (Apr 15, 2026): > Yeah, I know. Is there a dedicated issue for this known firejail vulnerability that lets a program escape the sandbox on its second run?
gitea-mirror commented 2026-05-05 10:02:07 -06:00
Author
Owner
Copy link

@OndrejMalek commented on GitHub (Apr 17, 2026):

As workaround I am using for developing profiles with codding assistants:

sudo mount --bind $HOME/.config/firejail $HOME/.config/firejaileditable
latter
sudo umount $HOME

+1 vote for make it optional and add message about it to terminal. I see its noted in --debug output. There couldbe --verbose logging...

<!-- gh-comment-id:4267259854 --> @OndrejMalek commented on GitHub (Apr 17, 2026): As workaround I am using for developing profiles with codding assistants: ```bash sudo mount --bind $HOME/.config/firejail $HOME/.config/firejaileditable latter sudo umount $HOME ``` +1 vote for make it optional and add message about it to terminal. I see its noted in --debug output. There couldbe --verbose logging...
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3497
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?