Firejail: Why? Warning: networking feature is disabled in Firejail configuration file

Created on 6 Apr 2019  路  6Comments  路  Source: netblue30/firejail 
- firejail version: 0.9.58.2
 - Linux distribution: Linux Mint LMDE
 - Problem did no exist in December last year
 - firejail withthe `--noprofile` argument: Does not give a warning about networking

Why is networking now disabled by default and how to enable it?
For example, when running Firefox I get: 

Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file

I did enable the network with network yes in /etc/firejail/firejail.config

information
Source
picture julien-tmp

Most helpful comment

Putting it to no will allow to create new network interfaces which could bypass your network security settings.

picture Vincent43 on 13 Apr 2019
🎉1 👍1

All 6 comments

Hi @julien-tmp
Please also install firejail-profiles from stretch backports so you can get the correct firefox profile. Currently, the profile isn't on your system so firejail is trying to use the default profile for firefox instead of the correct one.

Cheers!
Fred

Fred-Barclay picture Fred-Barclay on 7 Apr 2019

Hi @Fred-Barclay, thank you! I am still encountering this issue after installing the profiles:

firejail --netfilter=/etc/firejail/onlylocal.net --private=/home/username/.firejail-profiles/lan-mgmt firefox -no-remote
Error: networking feature is disabled in Firejail configuration file

Cheers,
Julien

julien-tmp picture julien-tmp on 7 Apr 2019

You need to change restricted-network in the firejail.config. Or you disable the netfilter setting in the firefox profile.

reinerh picture reinerh on 7 Apr 2019
👍1

Thank you for the tip @reinerh, however, I am not sure if I understand everythin
I have it like this:

# networking features should also be enabled (network yes).
# Restricted networking grants access to --interface, --net=ethXXX and
# --netfilter only to root user. Regular users are only allowed --net=none.
restricted-network yes

What would be the consequence to put it to no?
Does it open any security hole?

julien-tmp picture julien-tmp on 13 Apr 2019

Putting it to no will allow to create new network interfaces which could bypass your network security settings.

Vincent43 picture Vincent43 on 13 Apr 2019
🎉1 👍1

It worked, thanks!

julien-tmp picture julien-tmp on 15 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kmotoko picture kmotoko  路  3Comments
semente picture semente  路  4Comments
polyzen picture polyzen  路  4Comments
fl-chris picture fl-chris  路  4Comments
dandelionred picture dandelionred  路  3Comments