mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #581] Firejail and firefox-esr #411
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#411
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @cabonamigo on GitHub (Jun 19, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/581
Firefox-esr bypasses firejail restrictions and has access to entire home folder.
@netblue30 commented on GitHub (Jun 19, 2016):
It is working fine for me, I've just installed the 64 bit archive under /opt.
You need to make sure the first time you run firefox after you start the computer, you sandbox it with firejail. Firefox runs as a single process. When you start it, it checks if there is another instance already running, and it sends a message over a Unix socket to that instance. The browser window is will be opened by the first instance of firefox, and the instance you just started will shut down.
@reinerh commented on GitHub (Jun 19, 2016):
@netblue30 Iceweasel in Debian got renamed to Firefox again, and they also have a new package "firefox-esr" in stable, which is supported for a longer period.
The binary is named firefox-esr (as it can be installed in parallel with "normal" firefox).
I added a profile for firefox-esr in #584.
@netblue30 commented on GitHub (Jun 19, 2016):
OK, it is all merged in, thanks.
@cabonamigo commented on GitHub (Jun 19, 2016):
I had 2 instances of firefox-esr open, and I was about to save a file and and I could choose any folder in my home directory to save it. I tried to reproduce the problem, even with a clean start without firejail and another instance with firejail, but I was not able to reproduce it. Also I had the options --profile-manager and --no-remote for firefox-esr.
I use a batch script to start it, that goes like this:
---8x---
#! /bin/bash
fj=/usr/bin/firejail
ff=/usr/bin/firefox
dt=
date +%d.%m.%y-%I%M%Scl=$1
$fj
--profile-path=/etc/firejail/
--netfilter=/etc/firejail/nolocal.net
--seccomp
--caps.drop=all
--dns=8.8.8.8
--name=firefox
--profile=/etc/firejail/firefox.profile
--output=/home/cb/Logs/firefox.frjl.$dt.log
$ff --no-remote --ProfileManager $cl
---8x---
The batch script gets started from a launcher on a xfce panel, and I had 2 different browsers open at the time, with different profiles each.
That is all I can tell.
@netblue30 commented on GitHub (Jun 24, 2016):
I've managed to remove iceweasel and install firefox-esr on my Jessie box. All works fine. I start the first instance "firejail firefox-esr" and then I start the second instance "firejail firefox-esr -no-remote".
@cabonamigo - Try it first from a terminal and then you move to your scripts and xfce panel. In your scripts you don't need --profile-path, --seccomp, --caps.drop=all. These are done by default. If you move to the latest firejail version here on GitHub, you also don't need --profile=...