Firejail and other apps?

[thesmileyone]

Hi

Trying to use firejail to sandbox all apps not just firefox. According to terminal this works but when I run the apps, it doesn't sandbox them. Any ideas?

Here you can see me doing it again and getting messages saying it was already working and is working now, but according to --list or --tree (not shown) it only works for firefox.

The only applications I currently use for the internet are Firefox, Deluge (to use as a thin client for my server in the NL), and Filezilla to sometimes transfer a file from said server if Plex is not working. Note I use plex web through firefox, not the application. I currently also use webmail instead of Thunderbird.

I also use Discord but it is so occasional that I just use the Discord web app through Firefox.

Please help? Thank you

Code: Select all

john@gaming-pc:~$ sudo firecfg
[sudo] password for john: 
Removing all firejail symlinks:
   dnsmasq removed
   pdftotext removed
   thunderbird removed
   hexchat removed
   xcalc removed
   enchant removed
   xreader removed
   mate-color-select removed
   lomath removed
   xreader-thumbnailer removed
   xplayer-audio-preview removed
   ssh removed
   gimp removed
   file-roller removed
   gnome-logs removed
   vlc removed
   wget removed
   libreoffice removed
   localc removed
   gnome-calculator removed
   lowriter removed
   xplayer-video-thumbnailer removed
   loimpress removed
   lodraw removed
   cvlc removed
   xplayer removed
   gnome-font-viewer removed
   xreader-previewer removed
   loweb removed
   rhythmbox removed
   lobase removed
   loffice removed
   enchant-lsmod removed
   filezilla removed
   gimp-2.8 removed
   simple-scan removed
   soffice removed
   deluge removed
   gucharmap removed
   pix removed
   firefox removed
   xed removed
   Xephyr removed
   baobab removed
   lofromtemplate removed
   transmission-gtk removed
   xviewer removed
   strings removed
   less removed

Configuring symlinks in /usr/local/bin based on firecfg.config
   Xephyr created
   baobab created
   cvlc created
   deluge created
   dnsmasq created
   enchant created
   enchant-lsmod created
   file-roller created
   filezilla created
   firefox created
   gimp created
   gimp-2.8 created
   gnome-calculator created
   gnome-font-viewer created
   gnome-logs created
   gucharmap created
   hexchat created
   less created
   libreoffice created
   lobase created
   localc created
   lodraw created
   loffice created
   lofromtemplate created
   loimpress created
   lomath created
   loweb created
   lowriter created
   mate-color-select created
   pdftotext created
   pix created
   rhythmbox created
   simple-scan created
   soffice created
   ssh created
   strings created
   thunderbird created
   transmission-gtk created
   vlc created
   wget created
   xcalc created
   xed created
   xplayer created
   xplayer-audio-preview created
   xplayer-video-thumbnailer created
   xreader created
   xreader-previewer created
   xreader-thumbnailer created
   xviewer created

Adding user john to Firejail access database in /etc/firejail/firejail.users
User john already in the database

Fixing desktop files in /home/john/.local/share/applications
   vlc.desktop skipped: file exists
   org.gnome.baobab.desktop skipped: file exists
john@gaming-pc:~$ firejail --list
2737:john::firejail firefox 
3977:john::/usr/bin/firejail /usr/bin/filezilla 
john@gaming-pc:~$ 

[Fred Barclay]

G'day @thesmileyone!

A few notes:
1. If you've run sudo firecfg, you shouldn't start programs with firejail -- it will happen automatically. For example, run firefox, not firejail firefox, or filezilla, not firejail filezilla.
I'm not sure if this is what you've done or not, but it can cause unexpected results.

2. The output you provided,

Code: Select all

$ firejail --list
2737:john::firejail firefox 
3977:john::/usr/bin/firejail /usr/bin/filezilla

looks mostly correct. Can you give me a bit more details on why you think it's not correct? (The only thing I noticed is that the second line uses full paths, which isn't what I expect).
Compare, for instance, the output of mine:

Code: Select all

firejail --list
1423:fred::firejail firefox 
1725:fred::firejail google-chrome-stable
2313:fred::firejail thunderbird 

Firefox, Chrome, and Thunderbird are all correctly sandboxed in firejail.

Cheers!
Fred

[thesmileyone]

Because when I run them, they don't show up in --list.

If I launch deluge for example in firejail launcher it works correctly but launching Deluge natively launches it outside of the sandbox.

If i pre-append firejail infront of it as I did for firefox on the application it does not run at all.

[Fred Barclay]

Do you run sudo firecfg frequently, or only once after installing firejail? You should only have to run it the one time.

Please run deluge in your terminal and post the output here.

Now run firejail deluge and post the output.

Thanks!
Fred