Permissions curious behaviour with private home

[esp13]

Hi,

Description

I think I have some permissions issues when I use private home folder.

Steps to Reproduce

In my firejail profile file:
private /home/myusername/fakehome/

When I run this profile for the first time:

ls -al
ls -al#twice to get file created with any command
-rw------- 1 myusername myusername         19 janv. 17 09:51  .bash_history
exit

When I exit it and run it again:

ls -al
-r-------- 1 nobody nogroup         0 janv. 17 09:03  .bash_history

And something strange, the minutes changed too.

Expected behavior

file permissions shouldn't change between separate run.

Actual behavior

file permission changed

Behavior without a profile

didn't try without profile as it is related to private home folder

Additional context

Environment

• Linux Mint 20.3
• Firejail version 0.9.62

Checklist

• [x ] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• [? ] I can reproduce the issue without custom modifications (e.g. globals.local).
• [NR ] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [NR ] The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [x ] I have performed a short search for similar issues (to avoid opening a duplicate).
  • [NR ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• [NR ] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

[glitsj16]

Linux Mint 20.3
Firejail version 0.9.62

https://github.com/netblue30/firejail#ubuntu
Please upgrade your firejail installation and re-check if you're still see this behaviour on 0.9.72.

[rusty-snake]

didn't try without profile as it is related to private home folder

This is relevant, as it reduces the possible error sources.

Is only .bash_history affected or other files as well?

How does your (manjaro default) bash config look like. Because my (Fedora) bash does not create .bash_history after every command.

[esp13]

Please upgrade your firejail installation and re-check if you're still see this behaviour on 0.9.72.

Tried 0.9.72, same result

Something strange, since I upgraded, the tab key doesn't complete command anymore, it only write a tab space

[esp13]

This is relevant, as it reduces the possible error sources.

Tried:
firejail --private=/home/myusername/fakehome/
Same result.

It does not do this on your side?

Is only .bash_history affected or other files as well?

If I create a test file the permissions doesn't change when I exit and came back

How does your (manjaro default) bash config look like. Because my (Fedora) bash does not create .bash_history after every command.

# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# If not running interactively, don't do anything
case $- in
    *i*) ;;
      *) return;;
esac

# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
#HISTSIZE=1000
#HISTFILESIZE=2000

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
    xterm-color|*-256color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
	# We have color support; assume it's compliant with Ecma-48
	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
	# a case would tend to support setf rather than setaf.)
	color_prompt=yes
    else
	color_prompt=
    fi
fi

if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
*)
    ;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    #alias dir='dir --color=auto'
    #alias vdir='vdir --color=auto'

    alias grep='grep --color=auto'
    alias fgrep='fgrep --color=auto'
    alias egrep='egrep --color=auto'
fi

# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'

# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'

# Add an "alert" alias for long running commands.  Use like so:
#   sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
fi

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
fi


#Personnalisation
export HISTFILESIZE=
export HISTSIZE=
export HISTTIMEFORMAT="[%F %T] "
PROMPT_COMMAND="history -a; $PROMPT_COMMAND"

[rusty-snake]

Something strange, since I upgraded, the tab key doesn't complete command anymore, it only write a tab space

That's a feature. See --tab.

[esp13]

didn't try without profile as it is related to private home folder

This is relevant, as it reduces the possible error sources.

Is only .bash_history affected or other files as well?

How does your (manjaro default) bash config look like. Because my (Fedora) bash does not create .bash_history after every command.

Hello,

Any feedback for the bash config I provided?