mdns resolution with avahi

[reinerh]

Forwarded from #1008137:

I find that I cannot access a web server running in my local lan with its mDNS domain name with firefox-esr running inside firejail while I can with firefox-esr running without firejail. This problem also applies to falkon, chromium, when running inside firejail, but epiphany (gnome web) is not affected.

I manage to run bash in firejail with profiles of these affected browsers, and find that /run/avahi-daemon/ does not present in their jailed file system, so it seems that some rules blacklist, or fail to whitelist this path in these profiles or included rulesets.

Currently I walk around this issue by adding "whitelist /run/avahi-daemon/" to my ~/.config/firejail/whitelist-run-common.local, but I doubt whether it is appropriate to fix this issue by adding a similar rule to /etc/firejail/whitelist-run-common.inc

[glitsj16]

Currently I walk around this issue by adding "whitelist /run/avahi-daemon/" to my ~/.config/firejail/whitelist-run-common.local, but I doubt whether it is appropriate to fix this issue by adding a similar rule to /etc/firejail/whitelist-run-common.inc

In case we decide to add it to wrc it would be wise to double-check if we also need to add avahi to private-etc in relevant profiles. Alternatively we could add it to chromium & co, falkon and firefox & co only. Not sure what the best location would be to add it though, I don't use mDNS personally.

[rusty-snake]

Related: #5088