github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #513] the UID and GID change to root in the sandbox after firejail exit #362

New issue

Closed

opened 2026-05-05 05:41:30 -06:00 by gitea-mirror · 12 comments

gitea-mirror commented

2026-05-05 05:41:30 -06:00

Owner

Originally created by @requiredregistration on GitHub (May 12, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/513

i firejail --private=DIR to start a firejail shell, i run the application and it creates its dot configuration directory and .bash_history, and when i exit the shell, the configuration directory's and the history file's UID and GID change to root

Originally created by @requiredregistration on GitHub (May 12, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/513 i `firejail --private=DIR` to start a firejail shell, i run the application and it creates its dot configuration directory and .bash_history, and when i exit the shell, the configuration directory's and the history file's UID and GID change to root

gitea-mirror

2026-05-05 05:41:30 -06:00

closed this issue
added the
invalid
label

gitea-mirror commented

2026-05-05 05:41:35 -06:00

Author

Owner

@netblue30 commented on GitHub (May 13, 2016):

What kernel version are you using? Run a "uname -r"

@netblue30 commented on GitHub (May 13, 2016): What kernel version are you using? Run a "uname -r"

gitea-mirror commented

2026-05-05 05:41:37 -06:00

Author

Owner

@requiredregistration commented on GitHub (May 14, 2016):

4.5.4

@requiredregistration commented on GitHub (May 14, 2016): 4.5.4

gitea-mirror commented

2026-05-05 05:41:39 -06:00

Author

Owner

@netblue30 commented on GitHub (May 14, 2016):

Yes, I've seen it before on older kernels, I assumed there is a problem with the kernel. Does it happen all the time? Are you using 0.9.38 or the latest in git?

@netblue30 commented on GitHub (May 14, 2016): Yes, I've seen it before on older kernels, I assumed there is a problem with the kernel. Does it happen all the time? Are you using 0.9.38 or the latest in git?

gitea-mirror commented

2026-05-05 05:41:42 -06:00

Author

Owner

@requiredregistration commented on GitHub (May 15, 2016):

it happens always and i use git.

@requiredregistration commented on GitHub (May 15, 2016): it happens always and i use git.

gitea-mirror commented

2026-05-05 05:41:43 -06:00

Author

Owner

@netblue30 commented on GitHub (May 15, 2016):

Create a brand new directory and try it:

$ rm -fr ~/DIR
$ mkdir ~/DIR
$ firejail --private=~/DIR
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 11794, child pid 11795

Child process initialized
$ ls -al
total 48
drwxr-xr-x 3 netblue netblue  4096 May 15 08:11 .
drwxr-xr-x 3   65534   65534    60 May 15 08:11 ..
-rw-r--r-- 1 netblue netblue  3515 May 15 08:11 .bashrc
drwxr-xr-x 3 netblue netblue  4096 May 15 08:11 .config
-rw------- 1 netblue netblue 35351 May 15 08:11 .Xauthority
$

I am running on the regular 4.5 kernel from Debian backports:

$ uname -r
4.5.0-0.bpo.1-amd64

Is it a kernel you compiled? What distro are you running?

@netblue30 commented on GitHub (May 15, 2016): Create a brand new directory and try it: ``` $ rm -fr ~/DIR $ mkdir ~/DIR $ firejail --private=~/DIR Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-passwdmgr.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 11794, child pid 11795 Child process initialized $ ls -al total 48 drwxr-xr-x 3 netblue netblue 4096 May 15 08:11 . drwxr-xr-x 3 65534 65534 60 May 15 08:11 .. -rw-r--r-- 1 netblue netblue 3515 May 15 08:11 .bashrc drwxr-xr-x 3 netblue netblue 4096 May 15 08:11 .config -rw------- 1 netblue netblue 35351 May 15 08:11 .Xauthority $ ``` I am running on the regular 4.5 kernel from Debian backports: ``` $ uname -r 4.5.0-0.bpo.1-amd64 ``` Is it a kernel you compiled? What distro are you running?

gitea-mirror commented

2026-05-05 05:41:45 -06:00

Author

Owner

@requiredregistration commented on GitHub (May 16, 2016):

the directory was never a problem. something is wrong in firejail and/or the kernel.

this is the kernel config.

@requiredregistration commented on GitHub (May 16, 2016): the directory was never a problem. something is wrong in firejail and/or the kernel. this is the [kernel config](https://git.archlinux.org/svntogit/packages.git/tree/trunk/config.x86_64?h=packages/linux).

gitea-mirror commented

2026-05-05 05:41:47 -06:00

Author

Owner

@requiredregistration commented on GitHub (May 22, 2016):

also, the grsecurity kernel config.

you must first test with all the latest versions of everything, compiling your own builds where required, and using the arch linux distribution for that.

@requiredregistration commented on GitHub (May 22, 2016): also, the [grsecurity kernel config](https://git.archlinux.org/svntogit/community.git/tree/trunk/config.x86_64?h=packages/linux-grsec). you must first test with all the latest versions of everything, compiling your own builds where required, and using the arch linux distribution for that.

gitea-mirror commented

2026-05-05 05:41:49 -06:00

Author

Owner

@netblue30 commented on GitHub (May 23, 2016):

I have no idea what's going on, I cannot reproduce it on Debian/Ubuntu. I've seen something similar a long time ago on older kernels, it used to come and go.

@netblue30 commented on GitHub (May 23, 2016): I have no idea what's going on, I cannot reproduce it on Debian/Ubuntu. I've seen something similar a long time ago on older kernels, it used to come and go.

gitea-mirror commented

2026-05-05 05:41:51 -06:00

Author

Owner

@requiredregistration commented on GitHub (May 29, 2016):

test also with and without CONFIG_USER_NS.

@requiredregistration commented on GitHub (May 29, 2016): test also with and without CONFIG_USER_NS.

gitea-mirror commented

2026-05-05 05:41:54 -06:00

Author

Owner

@netblue30 commented on GitHub (May 31, 2016):

Try the new version I just released.

@netblue30 commented on GitHub (May 31, 2016): Try the new version I just released.

gitea-mirror commented

2026-05-05 05:41:56 -06:00

Author

Owner

@requiredregistration commented on GitHub (Jun 5, 2016):

i tested with 4.5.4 (# CONFIG_USER_NS is not set) and 4.5.5 (grsecurity 4.5.5.201605291201, CONFIG_USER_NS=y).

the problem was not solved with the new version of firejail, and with the grsecurity kernel the result is files and directories with this stat(1):

Access: (0400/-r--------) Uid: (65534/ UNKNOWN) Gid: (65534/ UNKNOWN)

@requiredregistration commented on GitHub (Jun 5, 2016): i tested with 4.5.4 (# CONFIG_USER_NS is not set) and 4.5.5 (grsecurity 4.5.5.201605291201, CONFIG_USER_NS=y). the problem was not solved with the new version of firejail, and with the grsecurity kernel the result is files and directories with this stat(1): `Access: (0400/-r--------) Uid: (65534/ UNKNOWN) Gid: (65534/ UNKNOWN)`

gitea-mirror commented

2026-05-05 05:41:58 -06:00

Author

Owner

@netblue30 commented on GitHub (Jun 28, 2016):

I've just installed Arch and it seems to be working fine.

@netblue30 commented on GitHub (Jun 28, 2016): I've just installed Arch and it seems to be working fine.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#362

No description provided.

Rows
Columns