Firejail: Adding a global modifier (net=eth0) to all firejails
How can I add a global parameter to all launched firejails?
In my case I want everything to open with --net=eth0.
I tried adding a line net=eth0 to /etc/firejail/default.profile, /etc/firejail/default.local and /etc/firejail/globals.local. No luck. Do I need to sudo firecfg to rebuild symlinks?
Futureknows
All 14 comments
Try net eth0 in /etc/firejail/globals.local (the same thing as what you did without the =).
Fred-Barclay
on 14 Jun 2018
I did that but it didn't take, I don't see /etc/firejail/globals.local being parsed during Firefox launch.
Below is list of profiles that get read by default.
[user@localhost ~]$ firejail firefox
Reading profile /usr/local/etc/firejail/firefox.profile
Reading profile /usr/local/etc/firejail/firefox-common.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Oh -- firejial is in /usr/local/ for you. So instead, put net none in /usr/local/etc/firejail/globals.local.
Also are there files in /etc/firejail? You maybe should remove them if so. Firejail in your case will be reading from /usr/local/etc/firejail/, not /etc/firejail/.
Fred-Barclay
on 14 Jun 2018
@Fred-Barclay Probably a bad idea to remove them manually, since those are probably installed by a package manager. It's better to uninstall the package or just leave the files alone - leaving the package installed has the benefit that you'll know when a new version of firejail is released (and can uninstall the local version then should you want to do so).
chiraag-nataraj
on 15 Jun 2018
Thanks, I had installed from a package manager then updated several versions manually leaving traces everywhere. I removed firejail then deleted every firejail* trace from the system. Compiled and installed latest and now I have one odd problem: firecfg works fine as user but sudo firecfg says firecfg not found.
Futureknows
on 15 Jun 2018
What do where firecfg and firecfg --version say?
Fred-Barclay
on 15 Jun 2018
Both Firejail and Firecfg report 0.9.55.
[user@localhost ~]$ sudo firecfg
[sudo] password for user:
sudo: firecfg: command not found
[user@localhost ~]$ firecfg
Error: cannot set the symbolic links in /usr/local/bin
The proper way to run this command is "sudo firecfg".
Futureknows
on 15 Jun 2018
@Futureknows What is the output of where firecfg?
Fred-Barclay
on 15 Jun 2018
[user@localhost ~]$ where firecfg
bash: where: command not found
[user@localhost ~]$ sudo where firecfg
[sudo] password for user:
sudo: where: command not found
I see firecfg in /usr/local/bin
Futureknows
on 15 Jun 2018
Sorry -- whereis firefox. Looks like I've been using Windows a bit too much! :smile:
Fred-Barclay
on 15 Jun 2018
[user@localhost ~]$ whereis firefox
firefox: /usr/bin/firefox /usr/lib64/firefox /etc/firefox /usr/local/bin/firefox /usr/share/man/man1/firefox.1.gz
Futureknows
on 16 Jun 2018
And... I messed up again. What does whereis firecfg say?
Fred-Barclay
on 16 Jun 2018
user@Mint ~ $ whereis firecfg
firecfg: /usr/local/bin/firecfg
Futureknows
on 17 Jun 2018
Ok, you fixed it! After I ran sudo /usr/local/bin/firecfg, it fixed the symlink.
Now it works as expected without the full path (`sudo firecfg')
Futureknows
on 17 Jun 2018
Related issues
reinerh
路
3Comments
SkewedZeppelin
路
3Comments
semente
路
4Comments
kmotoko
路
3Comments
francoism90
路
4Comments
Most helpful comment
And... I messed up again. What does
whereis firecfgsay?