[SOLVED] firejail, firefox, and network fstab mounts

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
Fuzzy
Level 3
Level 3
Posts: 146
Joined: Thu Jul 28, 2011 11:54 am

[SOLVED] firejail, firefox, and network fstab mounts

Post by Fuzzy » Tue Oct 09, 2018 11:09 am

I've used firejail for years (mainly for my web browser).

I always knew that when firejail was working for web browsing, that I'd only be able to save links and files to my Downloads folder. However, today (using LMDE3), I noticed that I can also save to any network locations setup in fstab. I'm not sure if this is new to LMDE3, or if I just finally noticed it after all this time.

Either way, I'd like to prohibit the web browser(s) from seeing the network locations.

I'd appreciate any advice pertaining to this topic, or a referral to documentation which covers this topic.

Thanks!
Fuzzy
Last edited by Fuzzy on Wed Oct 17, 2018 2:20 am, edited 1 time in total.

axisofevil
Level 2
Level 2
Posts: 84
Joined: Mon Nov 14, 2011 12:22 pm

Re: firejail, firefox, and network fstab mounts

Post by axisofevil » Wed Oct 10, 2018 9:23 am

You could run Firefox in a LMDE3 VM (running inside LMDE3), configured with a single shareable location of ~/Downloads.

This would give you a virtual test machine - but it seems excessive!
Personally, I always configure the default Firefox download directory to be ~/Desktop - so at least I know what I've downloaded.

Fuzzy
Level 3
Level 3
Posts: 146
Joined: Thu Jul 28, 2011 11:54 am

Re: firejail, firefox, and network fstab mounts

Post by Fuzzy » Wed Oct 17, 2018 2:20 am

Well, I never did find documentation to fully explain this portion of firejail, but I have it "fixed" to the best of my abilities.

In case it helps anyone else...here's what I did. In reading the manual again, I arrived at the "firefox.profile" file. In my default installation of firejail on LMDE3, the file was located at

Code: Select all

/etc/firejail/firefox.profile

I couldn't find detailed instructions on what commands/syntax to use to edit the profile, but I took a guess, opened firefox.profile and inserted the following line

Code: Select all

blacklist /NetworkMountLocation
(where "/NetworkMountLocation" was the actual mount point...for instance, if I had mounted the shares under /mnt - I would have just entered a line into firefox.profile of):

Code: Select all

blacklist /mnt

At any rate, this worked perfectly, and now firefox only has access to my Downloads folder.

Thanks to those who reviewed this post. I'll mark it as "solved." (In case anyone reads this, I'd still appreciate any additional info on where I might be able to find commands/syntax for firejail custom profiles.)

Thanks!
Fuzzy

Post Reply

Return to “Software & Applications”