Hi, On Tue, Jan 21, 2020 at 04:42:16PM +0800, Mad Horse wrote: > In order to access unlocked files and directories encrypted with > fscrypt, their > protectors. which lies under /.fscrypt of root and each FS with this feature > deployed, should also be accessible. > > Inside firejail, /.fscrypt could be made accessible with "noblacklist" > statement in profile, but there seems no way to introduce /home/.fscrypt > into firejail, which cause all file and directory in separate /home > encrypted > with fscrypt inaccessible inside it.
the fscrypt files are currently blocked via disable-common.inc:
blacklist ${HOME}/.fscrypt
blacklist /.fscrypt
blacklist /home/.fscrypt
(and also via the AppArmor firejail profile, if you use it)
Can you add to your local override disable-common.local that
these should be removed from the blacklist?
noblacklist ${HOME}/.fscrypt
noblacklist /.fscrypt
noblacklist /home/.fscrypt
Kind regards,
Reiner
signature.asc
Description: PGP signature
