I have tried to sandbox my Falkon browser (formerly called Qupzilla) with Firejail. I have used the following profile:
Code: Select all
# Firejail profile for falkon
# This file is overwritten after every install/update
# Persistent local customizations
#include /etc/firejail/falkon.local
# Persistent global definitions
include /etc/firejail/globals.local
#noblacklist ${HOME}/.cache/falkon
#noblacklist ${HOME}/.config/falkon
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
whitelist ${DOWNLOADS}
whitelist ~/.cache/falkon
whitelist ~/.config/falkon
include /etc/firejail/whitelist-common.inc
include /etc/firejail/whitelist-var-common.inc
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
seccomp
tracelog
private-dev
private-temp
noexec ${HOME}
noexec /temp
firejail falkon
in a terminal results in:
Code: Select all
Reading profile /etc/firejail/falkon.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Error: line 34 in /etc/firejail/falkon.profile is invalid
firejail falkon
again, I get:
Code: Select all
Reading profile /etc/firejail/falkon.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 12207, child pid 12208
Blacklist violations are logged to syslog
Child process initialized in 213.60 ms
Qt: Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
[7:7:0615/114050.922151:FATAL:zygote_host_impl_linux.cc(196)] Check failed: ReceiveFixedMessage(fds[0], kZygoteHelloMessage, sizeof(kZygoteHelloMessage), &real_pid).
#0 0x7f0d15e1baee <unknown>
#1 0x7f0d15e2e0e2 <unknown>
#2 0x7f0d15a38a9b <unknown>
#3 0x7f0d15a37b56 <unknown>
#4 0x7f0d15a380fe <unknown>
#5 0x7f0d156e3d55 <unknown>
#6 0x7f0d156e7262 <unknown>
#7 0x7f0d154d5a9b <unknown>
#8 0x7f0d154d6bd5 <unknown>
#9 0x7f0d1546b4f1 QtWebEngineCore::BrowserContextAdapter::defaultContext()
#10 0x7f0d1c4a36b5 QWebEngineProfile::defaultProfile()
#11 0x7f0d1e0d872d MainApplication::MainApplication()
#12 0x55a26a6d8495 <unknown>
#13 0x7f0d1c8e2b97 __libc_start_main
#14 0x55a26a6d87da <unknown>
Parent is shutting down, bye...
Code: Select all
firejail version 0.9.52
falkon version 3.0.0
Thanks in advance!