Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid whitelist path /local #4310

Closed
vbooka1 opened this issue May 27, 2021 · 3 comments
Closed

Invalid whitelist path /local #4310

vbooka1 opened this issue May 27, 2021 · 3 comments

Comments

@vbooka1
Copy link

vbooka1 commented May 27, 2021

Bug and expected behavior

  • Describe the bug.
  • What did you expect to happen?

I want to whitelist certain dirs in /local/ because a program needs a write access there.

Reproduce
Steps to reproduce the behavior:

  1. create a profile containing "whitelist /local/path/to/dir"
  2. See error Error: invalid whitelist path /local/path/to/dir

Environment

firejail version 0.9.64.4

Compile time support:
- AppArmor support is enabled
- AppImage support is enabled
- chroot support is enabled
- D-BUS proxy support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- firetunnel support is enabled
- networking support is enabled
- overlayfs support is disabled
- private-home support is enabled
- private-cache and tmpfs as user enabled
- SELinux support is disabled
- user namespace support is enabled
- X11 sandboxing support is enabled

Additional context
Other context about the problem like related errors to understand the problem.

on my system /local/ is not a separated partition nor a dedicated mount point but just a subdirectory of / (root partition)

Checklist

  • [v] I have performed a short search for similar issues (to avoid opening a duplicate).

after finding this: #739 I believe it is a limitation within firejail
@rusty-snake
Copy link
Collaborator

Manpage of 0.9.64.4:

--whitelist=dirname_or_filename
Whitelist directory or file. A temporary file system is mounted on the top directory, and the
whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
everything else is discarded when the sandbox is closed. The top directory could be
user home, /dev, /etc, /media, /mnt, /opt, /run/user/$UID, /srv, /sys/module, /tmp, /usr/share and /var.

@vbooka1
Copy link
Author

vbooka1 commented May 27, 2021

I'll try to move the program with all its bindings to /opt/, nevertheless please consider adding /local to the list of allowed top directories.

@rusty-snake
Copy link
Collaborator

Nope, /local will not be added ... #4229

@vbooka1 vbooka1 closed this as completed Jun 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vbooka1 @rusty-snake