Package: firejail Version: 0.9.64.4-2 Severity: important When using --private=<DIR>, an existing "bin" directory in <DIR> is read-only. This is silly: this means that one cannot restart a firejail session:
zira:~> firejail --private=$HOME/fj-test zsh Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Warning: networking feature is disabled in Firejail configuration file ** Note: you can use --noprofile to disable default.profile ** Parent pid 685072, child pid 685073 Child process initialized in 47.87 ms zira% mkdir bin zira% touch bin/foo zira% ls -l bin total 0 -rw-r--r-- 1 vinc17 vinc17 0 2021-03-01 02:32:19 foo zira% Parent is shutting down, bye... zira:~> firejail --private=$HOME/fj-test zsh Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Warning: networking feature is disabled in Firejail configuration file ** Note: you can use --noprofile to disable default.profile ** Parent pid 685097, child pid 685098 Child process initialized in 51.94 ms zira% touch bin/blah touch: cannot touch 'bin/blah': Read-only file system I don't see the point to have "bin" read-only in this case, as the purpose of "--private=" is that this "bin" directory is specific to the firejail session. -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firejail depends on: ii libapparmor1 2.13.6-9 ii libc6 2.31-9 ii libselinux1 3.1-3 Versions of packages firejail recommends: ii firejail-profiles 0.9.64.4-2 ii iproute2 5.10.0-4 ii iptables 1.8.7-1 ii xauth 1:1.1-1 ii xdg-dbus-proxy 0.1.2-2 ii xpra 3.0.13+dfsg1-1 ii xvfb 2:1.20.10-3 firejail suggests no packages. -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
