On Thu, Dec 22, 2022 at 07:20:07PM +0100, Vincent Lefevre wrote: > Hi Reiner, > > On 2022-12-10 18:48:39 +0100, Reiner Herrmann wrote: > > Debugging tools that have dependencies (like in your example gdb -> python3) > > need to be handled additionally (either by asking gdb to not use the > > python3 extensions, or by adding parameters that whitelist it). > > > > With the following command line I was able to get a gdb shell: > > > $ firejail --allow-debuggers --include=/etc/firejail/allow-python3.inc > > > --profile=firefox gdb > > > [...] > > > (gdb) > > However, this is not a good solution from a security point of view. > There's a difference between allowing Python completely and just > embedding in some given application.
This was just a suggestion to show that it is possible to run gdb. If the permissions are too broad for you, you can create your own include that is more narrow and only allows what is needed by gdb. > This could also be an issue in gdb. There should be a way to disable > Python, or have Python automatically disabled when not available. You can install gdb-minimal. It does not have Python-support and works with your original "firejail --allow-debuggers --profile=firefox gdb" command line. Kind regards, Reiner
