Furthermore, with --private=/foo/bar, how can I access the encrypted directories
under the real ${HOME}, which is even not introduced into jail anymore with
--private=/foo/bar ?
在 2020/1/31 下午2:08, Mad Horse 写道:
> With --private=/foo/bar, configurations store under real ${HOME} becomes
> inaccessible,
>
> e.g.
>
>> $ firejail --allusers --private=/tmp/home/
>> --profile=/etc/firejail/firefox.profile /bin/bash
> so it is impractical (Please consider I am running profiled
> applications, rather than shell
>
> with default profile).
>
> Besides, although /home/.fscrypt appears inside jail, a tmpfs is mounted
>
> atop it, and --whitelist cannot be used to mount the real /home/.fscrypt
> there, for /home is
>
> not permitted top directory.
>
>
> 在 2020/1/31 上午7:55, Reiner Herrmann 写道:
>> On Sat, Jan 25, 2020 at 10:45:08PM +0800, Mad Horse wrote:
>>> I have not remembered that because --private is used so widely in
>>> officially shipped profiles, so I have to inspect them with command like
>>>
>>>> $ firejail --profile=/etc/firejail/firefox.profile /bin/bash
>> Hm, I couldn't find "private" in the firefox(-common) profile.
>> Does it work if you start it by giving it a location where it can store
>> the private home directory?
>> Like: firejail --allusers --private=/foo/bar
>> (see also:
>> https://github.com/netblue30/firejail/issues/3185#issuecomment-578413651 )
>>
>> Regards,
>> Reiner
>
