Package: firejail Version: 0.9.72-2
-- System Information: Debian Release: 12.12 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 Dear maintainer, there seems to be a bug in the whitelisting code of firejail. Among other uses, I am running firefox-esr inside a firejail sandbox using a slightly adjusted profile. The adjustments are achieved mainly using settings in /etc/firejail/firefox-esr.local. One of the custom settings is private-home MyDir At first, this seemed to work as expected. However, after some time, firefox started to randomly complain about files being not accessible. These errors seemed to appear with increasing frequency, but the files affected appeared to be random at first. At some point, only about 10 % of the files in /home/myuser/MyDir were accessible. A more thorough investigation finally revealed that the accessible files are not a random subset, but the first n files of /home/myuser/MyDir that are listed using 'ls -aU'. Moreover, it turned out that the file n+1 in that 'ls -aU' listing is a rather large file (a 2.6 GB .iso). After removing that file, many more files were suddendly accessible in the sandbox - but still not all. Here, the next limitation at a rather small file. This suggests that the problem is not in how firejail whitelisting code handles large files as such, but rather some hidden limitation on the directory size, perhaps when copying the original contents into the overlay. Anyway, it likely is an issue for upstream. Should you need more debugging input, please ask. Best regards, Phil
