Looks like /crypto_keyfile.bin is accessible in all profiles - should it be blacklisted?

[netcarver]

Hello, I've just started using firejail and noticed that /crypto_keyfile.bin is not being removed from the view of the filesystem that firejailed applications get. For now, I've extended my local profiles to deny access to this file, and this works.

I would have thought this would be a candidate for adding to the blacklisted files in disable-common.inc but I really don't know enough about firejail or LUKS configuration yet to comment any more about this.

https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system

[glitsj16]

I would have thought this would be a candidate for adding to the blacklisted files in disable-common.inc but I really don't know enough about firejail or LUKS configuration yet to comment any more about this.

Welcome to the Firejail project. While there's always room for learning you seem to do fine! You're assumptions are correct and we should indeed blacklist that file. Can you open a PR to add it in disable-common.inc? At first glance you could create a new entree group dm-crypt / LUKS like we have for VeraCrypt for example. Or add it to top secret.

[netcarver]

@glitsj16 Thank you, PR opened.