github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #787] Whitelisted directory belongs to uid 65534 within jail #532

New issue

Closed

opened 2026-05-05 06:04:05 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 06:04:05 -06:00

Owner

Originally created by @lheckemann on GitHub (Sep 16, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/787

$ ls -ld ~/.config/gajim
drwx------ 8 linus linus 4096 Sep 16 22:30 /home/linus/.config/gajim
$ firejail --whitelist=~/.config/gajim
jail$ ls -l ~/.config
total 0
dr-x------ 2 65534 65534 40 Sep 14 10:10 gajim
drwx------ 2 linus linus 60 Sep 16 22:57 pulse

I expected the directory to belong to linus:linus within the jail and be writable as well as readable.

I haven't been able to reproduce this with any other directories for some reason... What can I do to find out more?

Originally created by @lheckemann on GitHub (Sep 16, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/787 ``` $ ls -ld ~/.config/gajim drwx------ 8 linus linus 4096 Sep 16 22:30 /home/linus/.config/gajim $ firejail --whitelist=~/.config/gajim jail$ ls -l ~/.config total 0 dr-x------ 2 65534 65534 40 Sep 14 10:10 gajim drwx------ 2 linus linus 60 Sep 16 22:57 pulse ``` I expected the directory to belong to linus:linus within the jail and be writable as well as readable. I haven't been able to reproduce this with any other directories for some reason... What can I do to find out more?

gitea-mirror

2026-05-05 06:04:05 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 06:04:12 -06:00

Author

Owner

@manevich commented on GitHub (Sep 17, 2016):

This is result of strange interaction between blacklist (in profile) and --whitelist options.
Check firejail --noprofile --whitelist=~/.config/gajim and firejail --noprofile --blacklist=~/.config/gajim --whitelist=~/.config/gajim.
Will investigate it further latter.

@manevich commented on GitHub (Sep 17, 2016): This is result of strange interaction between `blacklist` (in profile) and `--whitelist` options. Check `firejail --noprofile --whitelist=~/.config/gajim` and `firejail --noprofile --blacklist=~/.config/gajim --whitelist=~/.config/gajim`. Will investigate it further latter.

gitea-mirror commented

2026-05-05 06:04:15 -06:00

Author

Owner

@lheckemann commented on GitHub (Sep 17, 2016):

Yep, that works, as does firejail --noblacklist=~/.config/gajim --whitelist=~/.config/gajim. Thanks!

@lheckemann commented on GitHub (Sep 17, 2016): Yep, that works, as does `firejail --noblacklist=~/.config/gajim --whitelist=~/.config/gajim`. Thanks!

gitea-mirror commented

2026-05-05 06:04:19 -06:00

Author

Owner

@manevich commented on GitHub (Sep 17, 2016):

I was wrong, fooled by permissions of ~/.config/gajim and fell in conclusion that only owner was changed.
This is normal and intended behavior. --whitelist does not remove blacklisting from file, you need --noblacklist for that.

@manevich commented on GitHub (Sep 17, 2016): I was wrong, fooled by permissions of `~/.config/gajim` and fell in conclusion that only owner was changed. This is normal and intended behavior. `--whitelist` does not remove blacklisting from file, you need `--noblacklist` for that.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#532

No description provided.

Rows
Columns