search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.81k stars 567 forks source link

$HOME is wrong under some situations #1043

Closed aanderse closed 7 years ago

aanderse commented 7 years ago

I have a firejail session running kodi media center under the "htpc" user on my one computer. I log into the media center computer from my desktop computer via ssh and look for the kodi firejail environment:

aaron@moya ~ $ firejail --tree 3449:htpc:/usr/bin/firejail --noprofile --ignore=noroot kodi ...

I join the firejail environment with a shell over ssh:

aaron@moya ~ $ sudo --user=htpc firejail --join=3449 Switching to pid 3450, the first child process inside the sandbox

I wanted to query something from pulse audio:

[htpc@moya htpc]$ pactl info Failed to create secure directory (/home/aaron/.config/pulse): No such file or directory Connection failure: Connection refused pa_context_connect() failed: Connection refused

Uh oh. Why is it looking in /home/aaron instead of /home/htpc? Look at some basics:

[htpc@moya htpc]$ cd bash: cd: /home/aaron: No such file or directory [htpc@moya htpc]$ echo $HOME /home/aaron [htpc@moya htpc]$ echo $USER htpc

So seems to be an issue with the $HOME as it should be /home/htpc, not /home/aaron.

Thank you, Aaron

netblue30 commented 7 years ago

I think you are running on a very old version, --user was scrapped a long time ago. Can you please update and try again. There have been quite a loot of fixes to pulse-audio files lately (I mean last week).

aanderse commented 7 years ago

My OS is Ubuntu 16.10 and my sudo version is as follows:

aaron@moya ~ $ sudo --version Sudo version 1.8.16 Sudoers policy plugin version 1.8.16 Sudoers file grammar version 45 Sudoers I/O plugin version 1.8.16

Looking at the sudo project website I see that version 1.8.16 of sudo was release on 2016-03-17. As far as the latest man pages the --user flag is still valid for sudo.

Are you referring to a --user flag I could pass to firejail? I'm not passing a --user flag to firejail, I'm passing it to sudo. I'm using sudo to run a command (firejail) as the htpc user, instead of my own "aaron" user account.

As far as updating to a newer version of firejail - sounds great! I've seen some of the features you've added to the new version and they are exactly what I was hoping you would add. Do you have an ubuntu ppa or will I need to compile from source?

Thank you very much!

SYN-cook commented 7 years ago

For new firejail packages, you can go to the Ubuntu PPA or alternatively to Sourceforge. As far as I can see the pulseaudio changes are already in there.