Firejail: HOME environment variable not adjusted when using --user

Created on 16 Aug 2016  路  6Comments  路  Source: netblue30/firejail 
$ sudo firejail --user=$USER sh
$ echo $HOME
/root
information
Source
picture lheckemann

Most helpful comment

I believe this from the README.md might help:
--user option was deprecated, please use "sudo -u username firejail application" instead.
:smile_cat:

picture Fred-Barclay on 16 Aug 2016
👍2

All 6 comments

I believe this from the README.md might help:
--user option was deprecated, please use "sudo -u username firejail application" instead.
:smile_cat:

Fred-Barclay picture Fred-Barclay on 16 Aug 2016
👍2

Oops. But I guess there's no way to give an unprivileged jail capabilities then?

lheckemann picture lheckemann on 16 Aug 2016

I don't know about that; maybe @netblue30 or someone else with more experience could answer that better than I could. It will probably also depend on _which_ capabilities you want to give the jail. :wink:
But my guess would be sudo -u root firejail <application>.

Fred-Barclay picture Fred-Barclay on 16 Aug 2016

But I don't want to run it as root, I want to run it as an unprivileged user gaining just certain capabilities like net_bind_service.

lheckemann picture lheckemann on 17 Aug 2016

I had to remove --user because it was equivalent with "sudo -u username firejail application".

If you need a program to keep certain capabilities, the standard way is to use "setcap" command. Here is an example of how they do it for ping: https://linux-audit.com/linux-capabilities-hardening-linux-binaries-by-removing-setuid/

netblue30 picture netblue30 on 17 Aug 2016
👍1

Ah right, thanks!

lheckemann picture lheckemann on 17 Aug 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  路  3Comments
HulaHoopWhonix picture HulaHoopWhonix  路  4Comments
kmotoko picture kmotoko  路  3Comments
Vincent43 picture Vincent43  路  3Comments
yourcelf picture yourcelf  路  4Comments