Bug#1015816: firejail: Unable to create a whitelisted config file

Thu, 21 Jul 2022 12:10:51 -0700 

Package: firejail
Version: 0.9.64.4-2
Severity: normal
X-Debbugs-Cc: debbug.firej...@sideload.33mail.com

The app “toot” generally needs to create and access this config file:

  ~/.config/toot/config.json

For organizational and backup reasons, I’ve taken these steps
(in effect):

  $ mv ~/.config ~/my_config_files
  $ ln -s ~/my_config_files ~/.config

So ~/.config is a symlink pointing to ~/my_config_files.  To avoid
supplying a symlink to Firejail, it’s launched as follows:

  $ firejail --env=XDG_CONFIG_HOME="$HOME"/my_config_files\
             --whitelist="$(readlink $HOME/.config)"toot/config.json\
             --noblacklist="$(readlink $HOME/.config)"toot/config.json\
             toot login

The readlink command substitution converts the symlink to a full
absolute pathname (not symbolic).  Passing the XDG_CONFIG_HOME
variable ensures that the app itself makes no reference to the
symbolic link, which is confirmed by the app’s output showing:

===8<------------------------------
  Creating config file at /home/user/my_config_files/toot/config.json
===8<------------------------------

The app runs without issue, but when the app terminates there is no
existing file /home/user/my_config_files/toot/config.json.

-- System Information:
Debian Release: 11.4
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-16-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firejail depends on:
ii  libapparmor1  2.13.6-10
ii  libc6         2.31-13+deb11u3
ii  libselinux1   3.1-3

Versions of packages firejail recommends:
ii  firejail-profiles  0.9.64.4-2+deb11u1
ii  iproute2           5.10.0-4
ii  iptables           1.8.7-1
ii  xauth              1:1.1-1
ii  xdg-dbus-proxy     0.1.2-2
ii  xpra               3.0.13+dfsg1-1
ii  xvfb               2:1.20.11-1+deb11u1

firejail suggests no packages.

-- Configuration Files:
/etc/firejail/firejail.config changed [not included]

-- no debconf information

Reply via email to