I've used firejail for years (mainly for my web browser).
I always knew that when firejail was working for web browsing, that I'd only be able to save links and files to my Downloads folder. However, today (using LMDE3), I noticed that I can also save to any network locations setup in fstab. I'm not sure if this is new to LMDE3, or if I just finally noticed it after all this time.
Either way, I'd like to prohibit the web browser(s) from seeing the network locations.
I'd appreciate any advice pertaining to this topic, or a referral to documentation which covers this topic.
Thanks!
Fuzzy
[SOLVED] firejail, firefox, and network fstab mounts
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
[SOLVED] firejail, firefox, and network fstab mounts
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
axisofevil
- Level 4
- Posts: 388
- Joined: Mon Nov 14, 2011 12:22 pm
Re: firejail, firefox, and network fstab mounts
You could run Firefox in a LMDE3 VM (running inside LMDE3), configured with a single shareable location of ~/Downloads.
This would give you a virtual test machine - but it seems excessive!
Personally, I always configure the default Firefox download directory to be ~/Desktop - so at least I know what I've downloaded.
This would give you a virtual test machine - but it seems excessive!
Personally, I always configure the default Firefox download directory to be ~/Desktop - so at least I know what I've downloaded.
Re: firejail, firefox, and network fstab mounts
Well, I never did find documentation to fully explain this portion of firejail, but I have it "fixed" to the best of my abilities.
In case it helps anyone else...here's what I did. In reading the manual again, I arrived at the "firefox.profile" file. In my default installation of firejail on LMDE3, the file was located at
I couldn't find detailed instructions on what commands/syntax to use to edit the profile, but I took a guess, opened firefox.profile and inserted the following line (where "/NetworkMountLocation" was the actual mount point...for instance, if I had mounted the shares under /mnt - I would have just entered a line into firefox.profile of):
At any rate, this worked perfectly, and now firefox only has access to my Downloads folder.
Thanks to those who reviewed this post. I'll mark it as "solved." (In case anyone reads this, I'd still appreciate any additional info on where I might be able to find commands/syntax for firejail custom profiles.)
Thanks!
Fuzzy
In case it helps anyone else...here's what I did. In reading the manual again, I arrived at the "firefox.profile" file. In my default installation of firejail on LMDE3, the file was located at
Code: Select all
/etc/firejail/firefox.profileI couldn't find detailed instructions on what commands/syntax to use to edit the profile, but I took a guess, opened firefox.profile and inserted the following line
Code: Select all
blacklist /NetworkMountLocationCode: Select all
blacklist /mntAt any rate, this worked perfectly, and now firefox only has access to my Downloads folder.
Thanks to those who reviewed this post. I'll mark it as "solved." (In case anyone reads this, I'd still appreciate any additional info on where I might be able to find commands/syntax for firejail custom profiles.)
Thanks!
Fuzzy