[GH-ISSUE #969] Unable to override PS1 (command prompt)

gitea-mirror commented

2026-05-05 06:22:55 -06:00

Owner

Originally created by @vn971 on GitHub (Dec 12, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/969

AFAI see, the problem consists of two parts:

firejail mounts its own .bashrc file inside user's home, which overrides any PS1 you try to set manually. It would be cool if that file would be configurable in a place like /etc/firejail/default.bashrc. (I would actually be glad if /etc/firejail would be split further and a directory /etc/firejail/profiles existed.) Currently it's taken from /etc/skel, which might not be versatile enough (is not enough for my usages).
firejail uses it's own hardcoded PS1 environment variable, and it currently has a higher priority than hand-written env PS1 directive. I would ask to make the profile directive priority higher. Other way you just can't override the hard-coded value.

Originally created by @vn971 on GitHub (Dec 12, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/969 AFAI see, the problem consists of two parts: * firejail mounts its own `.bashrc` file inside user's home, which overrides any PS1 you try to set manually. It would be cool if that file would be configurable in a place like `/etc/firejail/default.bashrc`. (I would actually be glad if /etc/firejail would be split further and a directory `/etc/firejail/profiles` existed.) Currently it's taken from /etc/skel, which might not be versatile enough (is not enough for my usages). * firejail uses it's own hardcoded PS1 environment variable, and it currently has a higher priority than hand-written `env PS1` directive. I would ask to make the profile directive priority higher. Other way you just can't override the hard-coded value.

gitea-mirror

2026-05-05 06:22:55 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 06:23:02 -06:00

Author

Owner

@vn971 commented on GitHub (Dec 12, 2016):

Slightly related to https://github.com/netblue30/firejail/issues/710.
BTW, I actually liked the colored prompt a lot. If we allow overriding the bashrc file, could we probably bring the colored prompt back?) It would not actually be against what people wrote on that issue, because it would be a standard rc file.

@vn971 commented on GitHub (Dec 12, 2016): Slightly related to https://github.com/netblue30/firejail/issues/710. BTW, I actually liked the colored prompt a lot. If we allow overriding the bashrc file, could we probably bring the colored prompt back?) It would not actually be against what people wrote on that issue, because it would be a standard `rc` file.

gitea-mirror commented

2026-05-05 06:23:06 -06:00

Author

Owner

@netblue30 commented on GitHub (Dec 13, 2016):

Set "firejail-prompt yes" in /etc/firejail/firejail.config - it came into git last week.

@netblue30 commented on GitHub (Dec 13, 2016): Set "firejail-prompt yes" in /etc/firejail/firejail.config - it came into git last week.

gitea-mirror commented

2026-05-05 06:23:09 -06:00

Author

Owner

@vn971 commented on GitHub (Dec 13, 2016):

@netblue30 thanks. Two questions though:

should we make profile PS1 priority higher than hardcoded PS1 anyway?
should we create something like /etc/firejail/skel.bashrc in addition to the system-wide setting anyway?

@vn971 commented on GitHub (Dec 13, 2016): @netblue30 thanks. Two questions though: * should we make profile PS1 priority higher than hardcoded PS1 anyway? * should we create something like `/etc/firejail/skel.bashrc` in addition to the system-wide setting anyway?

gitea-mirror commented

2026-05-05 06:23:12 -06:00

Author

Owner

@netblue30 commented on GitHub (Dec 13, 2016):

Maybe I can make the hardcoded profile editable, so you can change to color from green to whatever and add some other text there. I think skel.bashrc is different from distro to distro.

@netblue30 commented on GitHub (Dec 13, 2016): Maybe I can make the hardcoded profile editable, so you can change to color from green to whatever and add some other text there. I think skel.bashrc is different from distro to distro.

gitea-mirror commented

2026-05-05 06:23:15 -06:00

Author

Owner

@vn971 commented on GitHub (Dec 13, 2016):

@netblue30 well, yes. I propose to read the firejail-specific version first, and if it is absent, read the system-wide one. This way firejail doesn't break things but allows one to override the .bashrc file for firejailed applications.

Offtopic.
My personal desire would anyway be to somehow split jailing itself from the command line wrappers. So that the SUID binary would execute stuff based on some simplistic task list (checking it won't do harm), and a normal app would exist that would prepare the task list for SUID. For example, a feature I would personally love to see is injecting some directories from the original FS to specific places in the jail. For example, I'd love using --private= directories by default with injected Downloads and other such dirs. Also, this way I'd be able to inject a .bashrc file from a different place.
If SUID and wrappers would be split, and SUID would have basic tasks like mount, I'd think about creating a wrapper that would call mount with the right arguments. (With all directories inside my ~ so that SUID would accept that.)
Offtopic end.

@vn971 commented on GitHub (Dec 13, 2016): @netblue30 well, yes. I propose to read the firejail-specific version first, and if it is absent, read the system-wide one. This way firejail doesn't break things but allows one to override the .bashrc file for firejailed applications. Offtopic. My personal desire would anyway be to somehow split jailing itself from the command line wrappers. So that the SUID binary would execute stuff based on some simplistic task list (checking it won't do harm), and a normal app would exist that would prepare the task list for SUID. For example, a feature I would personally love to see is injecting some directories from the original FS to specific places in the jail. For example, I'd love using `--private=` directories by default with injected `Downloads` and other such dirs. Also, this way I'd be able to inject a .bashrc file from a different place. If SUID and wrappers would be split, and SUID would have basic tasks like `mount`, I'd think about creating a wrapper that would call `mount` with the right arguments. (With all directories inside my ~ so that SUID would accept that.) Offtopic end.

gitea-mirror commented

2026-05-05 06:23:18 -06:00

Author

Owner

@netblue30 commented on GitHub (Dec 13, 2016):

I propose to read the firejail-specific version first, and if it is absent, read the system-wide one.

What if I allow you to bring your own .bashrc inside the sandbox instead of /etc/skel/.bashrc? Something like "firejail --bashrc=/path/to/custom/.bashrc"

SUID executable currently goes through a huge cleanup. Chunks of functionality such as networking and seccomp parsing and processing are moved out in separate processes and run most of the time with user privileges and separate seccomp filters applied to them. We'll see how it goes. So far I have about 25% of the functionality outside SUID binary.

@netblue30 commented on GitHub (Dec 13, 2016): > I propose to read the firejail-specific version first, and if it is absent, read the system-wide one. What if I allow you to bring your own .bashrc inside the sandbox instead of /etc/skel/.bashrc? Something like "firejail --bashrc=/path/to/custom/.bashrc" SUID executable currently goes through a huge cleanup. Chunks of functionality such as networking and seccomp parsing and processing are moved out in separate processes and run most of the time with user privileges and separate seccomp filters applied to them. We'll see how it goes. So far I have about 25% of the functionality outside SUID binary.

gitea-mirror commented

2026-05-05 06:23:21 -06:00

Author

Owner

@vn971 commented on GitHub (Dec 13, 2016):

I guess it doesn't sound very general, and my only personal pain point so far is PS1, so I'm not asking that, not yet. (Knowing there are other things to do.)

I heard & saw some of the work on reducing the SUID attack surface in firejail. Good work! I think it's a move in the right direction.

Is there a reason to keep the hardcoded PS1 with higher priority than profile-specified, anyway?

@vn971 commented on GitHub (Dec 13, 2016): I guess it doesn't sound very general, and my only personal pain point so far is PS1, so I'm not asking that, not yet. (Knowing there are other things to do.) I heard & saw some of the work on reducing the SUID attack surface in firejail. Good work! I think it's a move in the right direction. Is there a reason to keep the hardcoded PS1 with higher priority than profile-specified, anyway?

gitea-mirror commented

2026-05-05 06:23:24 -06:00

Author

Owner

@netblue30 commented on GitHub (Dec 13, 2016):

What do you mean by profile-specified? PS1 is only changed if a "FIREJAIL_PROMPT=yes" environment variable is set, or if "firejail-prompt yes" is added to /etc/firejail/firejail.config file. If you don't set any of these two, your PS1 should remain set to whatever it was before starting the sandbox.

@netblue30 commented on GitHub (Dec 13, 2016): What do you mean by profile-specified? PS1 is only changed if a "FIREJAIL_PROMPT=yes" environment variable is set, or if "firejail-prompt yes" is added to /etc/firejail/firejail.config file. If you don't set any of these two, your PS1 should remain set to whatever it was before starting the sandbox.

gitea-mirror commented

2026-05-05 06:23:27 -06:00

Author

Owner

@vn971 commented on GitHub (Dec 13, 2016):

Yes, but why not make --env=PS1=myString more important than any other stuff like "firejail_prompt" and such?

@vn971 commented on GitHub (Dec 13, 2016): Yes, but why not make `--env=PS1=myString` more important than any other stuff like "firejail_prompt" and such?

gitea-mirror commented

2026-05-05 06:23:30 -06:00

Author

Owner

@netblue30 commented on GitHub (Dec 13, 2016):

OK, I see your point, I'll fix it!

@netblue30 commented on GitHub (Dec 13, 2016): OK, I see your point, I'll fix it!

gitea-mirror commented

2026-05-05 06:23:33 -06:00

Author

Owner

@vn971 commented on GitHub (Dec 13, 2016):

Cool, thanks!

@vn971 commented on GitHub (Dec 13, 2016): Cool, thanks!

gitea-mirror commented

2026-05-05 06:23:36 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 6, 2018):

Hmm, this still doesn't seem to work - firejail --env=PS1="$" --private, for example, doesn't override the default prompt. I presume this requires special handling...?

@chiraag-nataraj commented on GitHub (Aug 6, 2018): Hmm, this still doesn't seem to work - `firejail --env=PS1="$" --private`, for example, doesn't override the default prompt. I presume this requires special handling...?

gitea-mirror commented

2026-05-05 06:23:38 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 21, 2019):

This is probably related to #1127. Moving discussion over there.

@chiraag-nataraj commented on GitHub (May 21, 2019): This is probably related to #1127. Moving discussion over there.

gitea-mirror referenced this issue

2026-05-05 10:06:22 -06:00

[PR #659] [MERGED] Improve profile list #3702

Rows
Columns

[GH-ISSUE #969] Unable to override PS1 (command prompt) #659