You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey,
I'm packaging orjail for NixOS NixOS/nixpkgs#138293 and it's already working :)
One issue is that if I run, for example firefox with orjail, firefox will use a new and empty profile instead of my own located in /home/onny/.mozilla/firefox:
sudo orjail -v -f firefox
orjail (id: 0)
orjail network namespace already exists!
Switching to pid 47966, the first child process inside the sandbox
Child process initialized in 7.46 ms
If I run firefox with firejail directly, I have the firejail sandbox but also my Firefox profile loaded:
firejail firefox
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox.profile
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox.local
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/globals.local
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-usr-share-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox-common.profile
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox-common.local
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-devel.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-exec.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-interpreters.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-programs.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-runuser-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 50036, child pid 50039
Error: dumpable process
Remove read permission on fseccomp executable
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Error: dumpable process
Remove read permission on fseccomp executable
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Error: dumpable process
Remove read permission on fsec-optimize executable
Child process initialized in 126.97 ms
(firefox:8): libnotify-WARNING **: 10:40:48.912: Failed to connect to proxy
Maybe this behavior is related to NixOS or is this intended?
Regards
Jonas
The text was updated successfully, but these errors were encountered:
Hey,
I'm packaging
orjailfor NixOS NixOS/nixpkgs#138293 and it's already working :)One issue is that if I run, for example
firefoxwithorjail, firefox will use a new and empty profile instead of my own located in/home/onny/.mozilla/firefox:If I run
firefoxwithfirejaildirectly, I have the firejail sandbox but also my Firefox profile loaded:Maybe this behavior is related to NixOS or is this intended?
Regards
Jonas
The text was updated successfully, but these errors were encountered: