Firejail: Expand the directories that are possible for whitelisting
Currently only $HOME, /dev, /media, /opt, /var, and /tmp can be used for whitelisting. It would be very helpful there could be an option to include other directories.
Or if that is too cumbersome, perhaps could you allow for /data/ to be whitelisted?? I noticed one other person wanting to use that particular directory.
pepa65
All 5 comments
Some other directories are covered by --private options:
--private-bin: handles /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /usr/local/sbin
--private-etc: /etc
What other directory do you have in mind?
netblue30
on 10 Jul 2016
/data
Sorry if it's not POSIX compliant... Otherwise I have to manually remove/modify a lot of whitelists in de default configs. But if you had a generic way of allowing people to choose, you wouldn't need to respond to every new request from erratic users. :-)
pepa65
on 10 Jul 2016
No problem, it can definitely be done in a generic way. I also have a similar request for /lib and /usr/lib and such.
So, I will bring in a generic whitelist for any directory under /, and private-lib support.
netblue30
on 10 Jul 2016
@netblue30,
I will bring in a generic whitelist for any directory under /
I'd VERY like to finally see that ASAP (and same for mkdir too)! 馃榾
Is it something that blocks you from doing that? Or, will you, at least, accept a PR with such modifications?
msva
on 5 Mar 2017
Let's move this to #2041, since private-lib has been added, but generic whitelist has not (yet) made it in.
chiraag-nataraj
on 26 Jul 2018
Related issues
bryce-lynch
路
4Comments
kmotoko
路
3Comments
polyzen
路
4Comments
crass
路
3Comments
SkewedZeppelin
路
3Comments
Most helpful comment
No problem, it can definitely be done in a generic way. I also have a similar request for /lib and /usr/lib and such.
So, I will bring in a generic whitelist for any directory under /, and private-lib support.