Discussion in 'all things UNIX' started by Gitmo East, Oct 16, 2014.
Firejail 0.9.54~rc2 is available , 0.9.54 final should be offered here before long. It contains a bunch of improvements like a lot of new profiles and profile unification for Chromium- and Firefox-based browsers repectively.
An important change is the introduction of the Firejail user access database. This tries to mitigate the concerns about Firejail being an SUID application. After updating to the new version you should execute sudo firecfg which not only applies the newly introduced profiles but also adds the current user to the newly created file /etc/firejail/firejail.users which contains the users who are allowed to execute Firejail. This adresses a concern expressed here that (possibly hijacked) unprivileged running daemons might exploit the setuid nature of Firejail and was discussed here.
For every Firejail user definitely worth reading is this newly written site which contains a very good overview about its usage and the technologies used by it. Note that the chapter about SUID contains a section "3. Create a special firejail group". This is actually obsolete and is taken care by the change mentioned above.
There's a problem with Firefox 60 and Firejail 0.9.52_1, you cant surf the web when using Firejail.
Yes, this is caused by improvements in the Linux sandbox of Firefox 60. You should make 2 changes in /etc/firejail/firefox-common.profile:
1. Remove or comment tracelog.
2. Remove chroot from the seccomp.drop line. It should look like this now:
This should fix the problem. Those changes will be available in Firejail 0.9.54.
EDIT: Sorry, this post contains an error. firefox-common.profile doesn't exist yet in Firejail 0.9.52 (and earlier). So above changes should be done in firefox.profile instead.
Thanks but I think I found solution by using the most recent version of Firejail version 0.9.54~rc1_1, it seems to solve the problem so far I haven't noticed any major issues although there are two minor issues I've noticed namely when opening a new tab it doesn't always load or sometimes Firefox crashes but these might be Firefox 60 problems (how ever these problems only seem to be an issue with Private-Home the standard Firejail profile seem to work just fine).
I'm not sure where you've got 0.9.54~rc1_1 from but the newest version is 0.9.54~rc2. It contains further fixes compared to rc1 which may solve your other problems.
EDIT: See also this post and the one below.
A new firefox.profile to be used in Firejail 0.9.38 is available here and new profiles for Firefox, gedit and LibreOffice to be used in Firejail 0.9.52 are available here. There has been a discussion if updates for Firejail 0.9.38, 0.9.48 and 0.9.52 should be published but the problem is that distros like Debian and Ubuntu don't have the newest version of Firejail in their repositories - hence it would be unsure if such updates would land therein.
I got version 0.9.54~rc1_1 from here: https://sourceforge.net/projects/firejail/files/firejail/
BTW I see that version 0.9.54~rc2 is available as .deb.
Quote: Firejail 0.9.38, 0.9.48 and 0.9.52 should be published but the problem is that distros like Debian and Ubuntu don't have the newest version of Firejail in their repositories - hence it would be unsure if such updates would land therein. I wonder if Linux Mint will have the latest update for the LTS version FJ?
I doubt that since Mint uses the Ubuntu repositories. You will probably get newer version if you add the Firejail ppa. However, this won't help in this case as a new stable version is not yet out so you have to modify the respective profile itself. Anyways, here's a good post by Fred Barclay, who is a contributor to the Firejail project, in the Mint forum.
Firejail 0.9.38. Similar modifications seem to be needed for the thunderbird profile.
Using latest Thunderbird email client, with Firefox 60 as a default browser, will stall when clicking on a web link in an email.
Commenting out tracelog and modifying the seccomp line in thunderbird.profile, solves the problem.
Once again thanks summerheat.
Same here TB just crashes on me whenever I try run it in Firejail. I'm hoping that theres a new stable release soon.
Firejail 0.9.54 final is out. It can be downloaded here.
Hi all, I'm very new to Firejail and have to say I love what it can provide however, since installing 0.9.54 on my host Kubuntu 18.04 LTS on my Lenovo laptop and of course still learning my way around, I can't access any of my files on my attached (to my Asus RT-AC86U router) WD Passport drive, .txt or otherwise, all comes up blank and zip files fail to open with Ark errors (fails to open.."
No suitable plugin found. Ark does not seem to support this file type.). Is this a default profile issue and how can I set Firejail so I and only me can access these files or any user I give authorization to? Thanks in advance.
I had read your post but, quite frankly, I couldn't really understand your problem.
How did you try to access those files? Since you mentioned Ark, I assume that you're using KDE. If you were using dolphin it should not cause any problems to access external drives and the files thereon. So I rather think that it's a permission problem. Can you open those files as root? What's the file system on that Passport drive - is it ext2/3/4 or is it NTFS? I haven't used an NTFS drive with Linux for years but AFAIR you need root permissions for it.
I've just tried it and there is, indeed, a problem in the ark.profile (which should be reported to upsttream). Comment the private-bin line and try again. That doesn't explain why you could not access other files, though. So I still think it's a permission problem.
Hi, thanks for responding and I'll apologize for being a bit vague. The drive is formatted NTFS and I can access all files, but with the exception of .pdf which are read only all others are blank.
Firejail 0.9.56 is available. It comes with many improvements and with nearly 30 new profiles (so don't forget to execute sudo firecfg again). Right now the Firejail wordpress site doesn't mention it yet but it's already available for download.
i have converted acer aspire 6930 32bit vista over to a linux mx-17(done 3 months ago). i really like mx-17 and was wondering if firejail would work on this system? i've used sandboxie free on my windows machines for several years and would like to firejail firefox on mx-17. thanks for your help.
Yes, it works well. You should use the version from the stretch-backports repo (0.9.56.2). Don't forget to also install firejail-profiles.
summerheat, thanks for your reply. i know little of the inner-workings of linux. where would i find this repo and install steps? is there a youtube video? thanks
Well, the easiest way is to use the Synaptic package manager. I can't remember if it's installed by default. If not - just execute sudo apt install synaptic. It's possible that the backports repo has to be enabled in the Synaptic settings first before you can install Firejail.
summerheat, yes Synaptic was installed. i downloaded firejail and profiles-are they applied automatically or is there something else i need to do? thanks
The second command makes sure that all applications for which Firejail profiles are available will be started sandboxed.
summerheat, thanks again for your help. when i checked Synaptic-settings-repo, i could not find backports. this item was enabled deb http://lso.mxrepo.com/ when i tyed in and checked off firejail and profiles and clicked apply, it downloaded/installed(?) firejail and profile version 0.9.50-0mx17+1. each had a green checkmark. i just can't find where it says they are installed. do i need to enter the 2 codes you posted? i'm a newb to linux and matters like this can be confusing, but i like the OS. thanks again
Separate names with a comma.