-
Notifications
You must be signed in to change notification settings - Fork 556
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow symlinked /opt #1871
Comments
Create EDIT: Above won't work when whitelist is used inside profile (and it is used). You have to move |
Thanks for the suggestion, but it still reports the same. There seems to be something Chrome Profile specific as in (apparmor is not installed) |
Chrome Profile profile uses |
@Vincent43 Thanks for the support. I now understand that the whitelistable directories are fixed and not configurable in firejail. Also Although I solved my problem for now, I'd like to keep this issue open for the devs to consider to implement such a configurability and/or the symlinking. I think it would be good for admins and developers of Linux distributions to have this freedom of choice instead of being restricted to a fixed structure. |
Generally whitelistable directories aren't fixed and are configurable but those directly under |
Then let's assume an admin introduces a new directory |
|
Sounds like making those (supposedly hard-coded) directories you mentioned configurable would give much flexibility at (probably) a low cost. The defaults are arguably very sane for any standard Linux, but this would allow adaptability and also easy portability to other file structures (e.g. BSD flavors). But as stated I solved my problem without it and just leave it as an idea. |
So this is basically yet another vote for being able to whitelist arbitrary directories 👍 |
Let's move discussion over to #2041 |
Firejail 0.9.52 (Debian Stretch / Backports repository)
First install of Firejail. It works well for me with the default profiles, though I run into a problem with google-chrome, which is caused by the fact that on that system
/opt
is symlinked to/home/opt
for disk space reasons (/
is on a fast but small SSD, while/home
is on a larger HD). Sofirejail google-chrome
results inError: no suitable /usr/bin/google-chrome executable found
because that path is actually a symlink itself to/opt/google/chrome/google-chrome
(installed from official Google Debian package), which maps to/home/opt/google/chrome/google-chrome
in this setup.I'd like to ask for either:
/home/opt
is a valid path for executables. If that's already possible I didn't find it in the documentation or the configuration files./opt
is a symlink and automatically allow the target path.The text was updated successfully, but these errors were encountered: