Firejail: unexpected behavior when jails have the same name ?
Hi,
I think I just found an issue : you can create several jails with the same name without seeing any warning.
Here's how to replicate it :
1 - firejail --name=test --private this creates a jail inside the terminal.
2 - then in another terminal firejail --name=test --private this creates another jail in another terminal but with the same name, without any warning that I'm aware of.
3 - I also noticed that doing firejail --join=test joined without warning or error the first jail.
I think a better behavior would be to issue a warning and automatically append a "-n" to the jail name (here it would be test-2) or at least to output a warning when trying to join an ambiguously named jail.
This problem could be a real issue for users that frequently generate jails with a keyboard shortcut (I use private jail all the time to generate unaltered firefox profile for "regular browsing" with firejail --private firefox -no-remote -private for instance).
thiswillbeyourgithub
All 7 comments
This is a bug, I'll fix it. Thanks!
startx2017
on 17 Mar 2018
I don't understand. This does not actually fix the issue but is just a workaround.
You can't know which jail's PID is the one you want to use short of joining the jail and looking inside. This makes scripting with jails really hard too.
Am I missing something ?
thiswillbeyourgithub
on 23 Mar 2018
Try to use the PID number instead of the name of the sandbox - @netblue30 put some fixes, also I found some bugs with the name resolution. You don't need to update to the latest version in git, it doesn't affect you.
$ firejail --list
7906:startx:test:firejail --name=test
7915:startx:test:firejail --name=test
7924:startx:test:firejail --name=test
$ firejail --shutdown=7915 # shutdonw second instance
startx2017
on 23 Mar 2018
It is a workaround until the real fix comes in. However, the numbers go up and you can tell what the order is.
startx2017
on 23 Mar 2018
Oh okay I thought this was the actual fix or something. I'll use the workaround in the mean time. Thanks for taking the time :) !
thiswillbeyourgithub
on 23 Mar 2018
No problem.
startx2017
on 23 Mar 2018
All set in git. You''ll get a name,name-1,name-2 up to name-9. After that it will just add the sandbox pid (name-PID). All of them reported properly in "firejail --list". Let us know if you run into problems, quite a number of fixes went into this one. Thanks!
netblue30
on 24 Mar 2018
Related issues
ericschdt
路
3Comments
Vincent43
路
3Comments
yourcelf
路
4Comments
semente
路
4Comments
thiswillbeyourgithub
路
3Comments
Most helpful comment
All set in git. You''ll get a name,name-1,name-2 up to name-9. After that it will just add the sandbox pid (name-PID). All of them reported properly in "firejail --list". Let us know if you run into problems, quite a number of fixes went into this one. Thanks!