Firejail: Firefox Private Window allowing access to home entire folder in Kubuntu 18.04
I just noticed that when Firefox is in a private window it allows access to the entire home folder. But this doesn't happen in a new/standard window, I'm using Firejail version 0.9.56. Using standard Firejail profile firejail firefox. But this doesn't happen with the Private Home profile.
Running Kubuntu 18.04.1
SuperSentient
All 11 comments
I cannot reproduce. Exact command used to run along with some output? and also how are you determining that Firefox can access everything?
SkewedZeppelin
on 31 Dec 2018
I cannot reproduce. Exact command used to run along with some output? and also how are you determining that Firefox can access everything?
When I try uploading a file to a website for example I can see the whole home folder. But I figured it out it happens when I right click over the panel icon for Firefox and chose either open in a new window or open in a new private window. But when I left click over the icon Firejail works normally. So right clicking either open in a new window or open in a new private window for some reason doesn't open Firefox in Firejail even though I have the icon configured to open Firefox in Firejail.
SuperSentient
on 31 Dec 2018
@SuperSentient which distro? which Desktop?
rusty-snake
on 31 Dec 2018
Please try this:
sudo ln -s /usr/bin/firejail /usr/local/bin/firefox
then close out of all firefox instances
then start firefox through your launcher
then try to reproduce this issue
SkewedZeppelin
on 31 Dec 2018
Please try this:
sudo ln -s /usr/bin/firejail /usr/local/bin/firefoxthen close out of all firefox instances
then start firefox through your launcherthen try to reproduce this issue
Good thing I tried that command in Virtualbox because now I cant open Firefox outside of Firejail which is a problem for example if I want to export my Noscript's whitelist I cant export it to the desktop. :(
@ rusty-snake Its Kubuntu 18.04.1 KDE Plasma version 5.12.7 KDE Frameworks version 5.44.0 Qt version 5.9.5 Kernel version 4.15.0-43 generic.
SuperSentient
on 31 Dec 2018
Good thing I tried that command in Virtualbox because now I cant open Firefox outside of Firejail which is a problem for example if I want to export my Noscript's whitelist I cant export it to the desktop. :(
But can you reproduce the issue after you've run this? :wink: Basically we're trying to figure out if the problem is really with firejail or if it's just that KDE doesn't launch your customised firejail firefox command when you right-click the icon to launch. I suspect the latter option. If that's the case, the only way that I know of to make sure firefox always launches inside firejail is to first run the command @SkewedZeppelin provided. From then on, firefox will be configured to always launch inside firejail.
To revert the command, just remove the symlink and you'll be good to go:
sudo rm /usr/local/bin/firefox
(It's the same principle as firecfg).
Fred-Barclay
on 31 Dec 2018
[Desktop Entry]
…
Name=Firefox Web Browser
…
Exec=firefox %u
…
Actions=new-window;new-private-window;
[Desktop Action new-window]
Name=Open a New Window
…
Exec=firefox -new-window
[Desktop Action new-private-window]
Name=Open a New Private Window
…
Exec=firefox -private-window
@SuperSentient this is a shortened version of firefox.dektop, have you changed all three Exec lines or only the first one?
rusty-snake
on 1 Jan 2019
[Desktop Entry] … Name=Firefox Web Browser … Exec=firefox %u … Actions=new-window;new-private-window; [Desktop Action new-window] Name=Open a New Window … Exec=firefox -new-window [Desktop Action new-private-window] Name=Open a New Private Window … Exec=firefox -private-window@SuperSentient this is a shortened version of
firefox.dektop, have you changed all threeExeclines or only the first one?
I didn't make any changes to Firejail I simply installed it and configured the icons to either firejail firefox or firejail --private-home=.mozilla firefox
SuperSentient
on 2 Jan 2019
The recommended way to enable firejail for a program is through the symlink invocation feature. This is done by manually creating the symlink like shown above or by running firecfg --fix && sudo firecfg.
It is much more reliable and persistent compared to manually editing .desktop files/launchers/scripts.
If you really want to instead just edit the .desktop file:
cd ~/.local/share/applications;
mv firefox.desktop firefox.desktop.bak; #if you have an existing one
cp /usr/share/applications/firefox.desktop .;
sed -i 's/Exec=/Exec=firejail /' firefox.desktop; #include --private-home if you want
#optionally restart your DE
The recommended way to enable firejail for a program is through the symlink invocation feature. This is done by manually creating the symlink like shown above or by running
firecfg --fix && sudo firecfg.
It is much more reliable and persistent compared to manually editing .desktop files/launchers/scripts.If you really want to instead just edit the .desktop file:
cd ~/.local/share/applications; mv firefox.desktop firefox.desktop.bak; #if you have an existing one cp /usr/share/applications/firefox.desktop .; sed -i 's/Exec=/Exec=firejail /' firefox.desktop; #include --private-home if you want #optionally restart your DE
No thanks I'll just launch Firefox by left clicking it, its not really a major issue for me.
SuperSentient
on 9 Jan 2019
Ok, closing then. Thanks! :smile:
Fred-Barclay
on 9 Jan 2019
Related issues
ghost
·
3Comments
polyzen
·
4Comments
bryce-lynch
·
4Comments
ghost
·
3Comments
crass
·
3Comments
Most helpful comment
The recommended way to enable firejail for a program is through the symlink invocation feature. This is done by manually creating the symlink like shown above or by running
firecfg --fix && sudo firecfg.It is much more reliable and persistent compared to manually editing .desktop files/launchers/scripts.
If you really want to instead just edit the .desktop file: