On Tue, Jan 29, 2019 at 01:05:45AM +0100, Vincent Lefevre wrote: > > It creates a firefox-1, if a sandbox called firefox was already existing > > at the time it is created. > > This is not what is documented: > > --name=name > Set sandbox name. Several options, such as --join > and --shutdown, can use this name to identify a > sandbox. > > Example: > $ firejail --name=mybrowser firefox > > If it creates a sandbox under the wrong name, this would at least be > a security issue, as --put would send files to the wrong sandbox!
Right, it's missing the bit that it can't use the same name multiple
times and will chose another one, if it's already existing.
I will fix the documentation upstream.
> > For some reason there seems to be a short-lived sandbox called firefox
> > created, and at the same time another one.
>
> This occurred when I restarted Firefox. If the old sandbox takes time
> to terminate, then this could explain the problem. But in this case,
> I would expect firejail to fail, not to create a sandbox with a wrong
> name.
This could indeed be an explanation, if it happens during restart.
The old sandbox is not yet fully terminated and cleaned up while the new
one already is starting up (and sees that the name is already in use, so
it selects a different one).
Can you maybe change your startup script to check that no firejail with
your intended name ("firefox") is already running (or wait until it's
terminated)?
Kind regards,
Reiner
signature.asc
Description: PGP signature
