Package: firejail
Version: 0.9.64.4-2
Severity: important
X-Debbugs-Cc: debbug.firej...@sideload.33mail.com
Control: affects 1014374 + tootle
The command tootle was first executed outside firejail to establish a
working config file. This was motivated to work around bug
1015816. After tootle proved to function outside of firejail, it was
relaunched within firejail as follows:
$ firejail --net=vnet0 --dns="$(ip address show dev vnet0 | awk
'/inet\>/{gsub(/[/].*/,""); print $2 }')"\
--env=XDG_CONFIG_HOME="$HOME"/my_config_files\
--whitelist="$(readlink
$HOME/.config)"com.github.bleakgrey.tootle/accounts.json\
--noblacklist="$(readlink
$HOME/.config)"com.github.bleakgrey.tootle/accounts.json\
--read-write="$(readlink
$HOME/.config)"com.github.bleakgrey.tootle/accounts.json\
tootle
$HOME/.config is a symblic link to "$HOME"/my_config_files, and the
above configuration is crafted to ensure that firejail receives no
references to a symbolic file or directory.
Tootle was able to read the config file and make use of it within
firejail. Tootle was also able to update the config file during that
session, proven by its ability to add new accounts and interact with
them. But when the session ended, the config file updates were not
persistent and new accounts were lost.
Note that “tootle” and “toot” (mentioned in bug 1015816) are two
completely different applications, though they both serve the same
purpose. Also note that bug 1015816 is very similar. The difference
is that in bug 1015816 the config file cannot be created, while the
bug herein reports that modifications to an existing config file do
not persist across sessions. The bug herein may boil down to the same
bug affecting the same code as 1015816 (investigation needed).
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990,
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-16-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firejail depends on:
ii libapparmor1 2.13.6-10
ii libc6 2.31-13+deb11u3
ii libselinux1 3.1-3
Versions of packages firejail recommends:
ii firejail-profiles 0.9.64.4-2+deb11u1
ii iproute2 5.10.0-4
ii iptables 1.8.7-1
ii xauth 1:1.1-1
ii xdg-dbus-proxy 0.1.2-2
ii xpra 3.0.13+dfsg1-1
ii xvfb 2:1.20.11-1+deb11u1
firejail suggests no packages.
-- Configuration Files:
/etc/firejail/firejail.config changed [not included]
-- no debconf information
