Version 0.9.34 released, Saturday, November 7, 2015 added –ignore option added –protocol option support dual i386/amd64 seccomp filters added Google Chrome profile added Steam, Skype, Wine and Conkeror profiles Bugfixes
You're welcome. It looks like the problem is just "masked" since v0.9.32 until PulseAudio developers fix the issue. Details here.
So, supposedly firejail should support skype out of the box now. It doesn't work for me though. I'm using the GUI (firetools) and there's no skype icon. If I do "firejail skype" in terminal, I get the following: Reading profile /etc/firejail/skype.profile Reading profile /etc/firejail/disable-mgmt.inc Reading profile /etc/firejail/disable-secret.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Parent pid 9215, child pid 9216 Child process initialized parent is shutting down, bye... How do I go about fixing this? I'm a complete noob, so step-by-step would be much appreciated EDIT: Nevermind. I managed to do it. Doing "firejail skype" works just fine. I had Skype opened already, might be why that didn't work before. Is there an easy way that I can see that this is actually doing what's it's supposed to do?
Sorry for asking this, but I've been away from Linux for the last couple of months. Do you guys know how to fix a firefox annoyance? Everytime I open it, it asks me if I want to make it default, even though it is my default browser (iceweasel). I think I must whitelist some file/directory, but I don't know which.
@amarildojr type about:config in browser urlbar then search for preference name "browser.shell.checkDefaultBrowser" set the value for this preference to false, and the prompt at each startup should cease
Actually, my problem is related to firejail. Firejail loads my profile fine, but it blocks some system file that tells Iceweasel that it is my default browser.
that doesn't work for me using chromium nor any other variations I've tried. The syntax I'm using that works fine, except that I get the same nuisance issue ("chromium isn't your default..." as amarildojr is: Code: firejail --private-home=.config/chromium/ chromium This is my preferred option for running chromium as it discards any and all changes made within the browsing session under firejail. BTW, I'm running the .36 RC1 with no noticeable issues yet.
Did you apply the pref I cited? You applied that pref and it failed to suppress the undesired behavior? If so, the only thing I can suggest is that your changed pref is being discarded with the sandbox. Need to apply the pref during an unsandboxed session or the saved pref will not persist, right?
Yes, I couldn't get that to work either. But I can live with it. Not in my case. If I start Iceweasel un-sandboxed no warning will appear, because I already configured it unsandboxed. But if I start it with Firejail, all the configurations will still be in place, however it won't recognize that it is the default browser. I have no idea what file I need to white-list in order to have that working, but I'm not going to move a finger to find it
Thanks! But how do you manage extension updates, changes in your bookmarks, etc.? They are all lost once the sandbox is closed, aren't they?
What's interesting is the --whitelist switch in recent versions of Firejail. netblue30 has modified several included profiles accordingly, e.g. the Firefox profile. If you input Code: file:///home/your_user in the address line you'll see that only a very limited number of directories in your home are visible/accessible. Very cool! netblue30 once explained how it works: Explanation: A bind mount takes an existing directory tree and replicates it under a different point. The directories and files in the bind mount are the same as the original. Any modification on one side is immediately reflected on the other side, since the two views show the same data. I've seen that the coming version will bring further improvements.
Well, in those cases I have to open the browser non-firejailed for all updates and changes I want to make. Maybe that --whitelist switch can make this more convenient? I'll look into it. *EDIT* hmmm..maybe it won't help. I think any and all changes in whitelisted directories will still be flushed away when the sandbox closes.
No, they aren't! EDIT: Just try the Firefox profile that comes with Firejail, and you will see. The advantage of the --whitelist approach is that you don't have to blacklist one (sub)directory after the other in your home.
Well, not here: Code: 739:root:/usr/bin/firejail --profile=/home/heat/.config/firejail/dnsmasq.profile /usr/bin/dnscrypt-proxy --ephemeral-keys --resolver-name=dnscrypt.eu-nl --local-address=127.0.0.1:40 --user= 760:nobody:/usr/bin/dnscrypt-proxy --ephemeral-keys --resolver-name=dnscrypt.eu-nl --local-address=127.0.0.1:40 --user=nobody 742:root:/usr/bin/firejail --profile=/home/heat/.config/firejail/dnsmasq.profile /usr/bin/dnscrypt-proxy --ephemeral-keys --resolver-name=dnscrypt.eu-dk --local-address=127.0.0.1:41 --user= 1351:nobody:/usr/bin/dnscrypt-proxy --ephemeral-keys --resolver-name=dnscrypt.eu-dk --local-address=127.0.0.1:41 --user=nobody 1191:root:/usr/bin/firejail --profile=/home/heat/.config/firejail/dnsmasq.profile /usr/bin/unbound -d 1192:unbound:/usr/bin/unbound -d 24607:heat:/usr/bin/firejail firefox 24608:heat:/bin/bash /usr/local/bin/firefox 24609:heat:firejail --profile=/home/heat/.config/firejail/firefox.profile /usr/lib/firefox/firefox 24610:heat:/usr/lib/firefox/firefox 24633:heat:/usr/lib/mozilla/kmozillahelper 25873:heat:/usr/bin/firejail thunderbird 25874:heat:thunderbird Only unbound and dnscrypt-proxy run as root, of course, Firefox and Thunderbird as normal user.
Huh. Code: 1462 root 20 0 7.4m 1.7m 0.0 0.0 0:00.00 S `- firejail 1464 amarildo 20 0 977.0m 306.4m 3.3 3.8 0:27.33 S `- iceweasel On the titlebar it says (superuser)
[amarildo@amarildo ~]$ firejail --tree 1811:amarildo:firejail iceweasel 1814:amarildo:iceweasel What I don't get is why it says (superuser) on the Title Bar. Look: https://i.imgur.com/wCBD5xj.png
That's strange, indeed. I've never seen this on my system. How does it look if you start Firefox un-firejailed?
It looks normal. I think this is an Iceweasel thing. Remember, it's way locked down on security and privacy, I wouldn't be surprised if the Parabola developers would make it so that the program shows when it -or it's parent- is running as root. I'll ask them and I'll ask NetBlue as well.