Furthermore, with --private=/foo/bar, how can I access the encrypted directories under the real ${HOME}, which is even not introduced into jail anymore with --private=/foo/bar ?
在 2020/1/31 下午2:08, Mad Horse 写道: > With --private=/foo/bar, configurations store under real ${HOME} becomes > inaccessible, > > e.g. > >> $ firejail --allusers --private=/tmp/home/ >> --profile=/etc/firejail/firefox.profile /bin/bash > so it is impractical (Please consider I am running profiled > applications, rather than shell > > with default profile). > > Besides, although /home/.fscrypt appears inside jail, a tmpfs is mounted > > atop it, and --whitelist cannot be used to mount the real /home/.fscrypt > there, for /home is > > not permitted top directory. > > > 在 2020/1/31 上午7:55, Reiner Herrmann 写道: >> On Sat, Jan 25, 2020 at 10:45:08PM +0800, Mad Horse wrote: >>> I have not remembered that because --private is used so widely in >>> officially shipped profiles, so I have to inspect them with command like >>> >>>> $ firejail --profile=/etc/firejail/firefox.profile /bin/bash >> Hm, I couldn't find "private" in the firefox(-common) profile. >> Does it work if you start it by giving it a location where it can store >> the private home directory? >> Like: firejail --allusers --private=/foo/bar >> (see also: >> https://github.com/netblue30/firejail/issues/3185#issuecomment-578413651 ) >> >> Regards, >> Reiner >