Firejail breaks Claws Mail Bsfilter Plugin

marek22k commented 1 year ago

Description

When I try to open Claws Mail with the bsfilter plugin and Firejail, a message is displayed that bsfilter cannot be called.

$claws-mail 
Reading profile /etc/firejail/claws-mail.profile
Reading profile /etc/firejail/email-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 9164, child pid 9165
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Blacklist violations are logged to syslog
Child process initialized in 143.68 ms
/home/marek/Mail/inbox: stat: No such file or directory
Claws-Mail-Message: 09:16:43.144: Couldn't open current directory: Error opening directory “/home/marek/Mail/inbox”: No such file or directory (4).

/home/marek/Mail/draft: stat: No such file or directory
/home/marek/Mail/trash: stat: No such file or directory
/home/marek/Mail/Gemini mailling list/2019: stat: No such file or directory
/home/marek/Mail/Gemini mailling list/2020: stat: No such file or directory
/usr/bin/env: ‘ruby’: Permission denied

Steps to Reproduce

Steps to reproduce the behavior

1) Install Claws Mail with the bsfilter plugin and firejail. 2) Run Claws Mail.

Expected behavior

bsfilter can be loaded.

Actual behavior

bsfilter cannot be loaded.

Behavior without a profile

bsfilter can be loaded.

Additional context

Workaround: Add the file claws-mail.local in /etc/firejail with the following content:

noblacklist ${PATH}/ruby
noblacklist /usr/lib/ruby

Environment

Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")

$lsb_release -a
No LSB modules are available.
Distributor ID: Parrot
Description:    Parrot OS 5.2 (Electro Ara)
Release:    5.2
Codename:   ara

Firejail version (firejail --version).


$firejail --version
firejail version 0.9.64.4

Compile time support:

AppArmor support is enabled
AppImage support is enabled
chroot support is enabled
D-BUS proxy support is enabled
file and directory whitelisting support is enabled
file transfer support is enabled
firetunnel support is enabled
networking support is enabled
overlayfs support is disabled
private-home support is enabled
private-cache and tmpfs as user enabled
SELinux support is enabled
user namespace support is enabled

X11 sandboxing support is enabled


- If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`).

Checklist

[X] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
[X] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
[X] The profile (and redirect profile if exists) hasn't already been fixed upstream.
[X] I have performed a short search for similar issues (to avoid opening a duplicate).
- [ ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
[X] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

glitsj16 commented 1 year ago

Thank you for reporting. Not sure if our default claws-mail profile should support all possible plugins out-of-the-box. That would kind of defeat using disable-interpreters.inc. For overrides we have counterpart allow-foo.inc files though (which is very similar to what you have in your workaround):

https://github.com/netblue30/firejail/blob/27aaa07efe72cda0e47882f387bc2245b4216f1f/etc/inc/allow-ruby.inc#L1-L7

So an include allow-ruby.inc in theory should be more future-proof.

firejail version 0.9.64.4

I'm not very familiar with Parrot OS. Can you upgrade firejail to the latest release?

marek22k commented 1 year ago

Parrot OS is based on Debian. I have now pulled firejail out of the backports:

$firejail --version
firejail version 0.9.72

Compile time support:
    - always force nonewprivs support is disabled
    - AppArmor support is enabled
    - AppImage support is enabled
    - chroot support is enabled
    - D-BUS proxy support is enabled
    - file transfer support is enabled
    - firetunnel support is disabled
    - IDS support is enabled
    - networking support is enabled
    - output logging is enabled
    - overlayfs support is disabled
    - private-home support is enabled
    - private-cache and tmpfs as user enabled
    - SELinux support is enabled
    - user namespace support is enabled
    - X11 sandboxing support is enabled

marek22k commented 1 year ago

After upgrading firejail does not work anymore:

$claws-mail 
Reading profile /etc/firejail/claws-mail.profile
Reading profile /etc/firejail/claws-mail.local
Reading profile /etc/firejail/allow-ruby.inc
Reading profile /etc/firejail/email-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Error: cannot access profile file: disable-passwdmgr.inc

glitsj16 commented 1 year ago

Error: cannot access profile file: disable-passwdmgr.inc

Odd indeed. We don't have that file anymore, although I can't track right now when it got dropped in our git history. Can you locate any include disable-passwdmgr.inc lines in your /etc/firejail? I'm assuming it doesn't exist under ~/.config/firejail, as in that case firejail would have found it.

marek22k commented 1 year ago

grep of disable-passwdmgr.inc

```console $ grep -r "include disable-passwdmgr.inc" /etc/firejail /etc/firejail/0ad.profile:include disable-passwdmgr.inc /etc/firejail/2048-qt.profile:include disable-passwdmgr.inc /etc/firejail/Cryptocat.profile:include disable-passwdmgr.inc /etc/firejail/Fritzing.profile:include disable-passwdmgr.inc /etc/firejail/JDownloader.profile:include disable-passwdmgr.inc /etc/firejail/Maelstrom.profile:include disable-passwdmgr.inc /etc/firejail/Mathematica.profile:include disable-passwdmgr.inc /etc/firejail/QMediathekView.profile:include disable-passwdmgr.inc /etc/firejail/QOwnNotes.profile:include disable-passwdmgr.inc /etc/firejail/Viber.profile:include disable-passwdmgr.inc /etc/firejail/XMind.profile:include disable-passwdmgr.inc /etc/firejail/ZeGrapher.profile:include disable-passwdmgr.inc /etc/firejail/abiword.profile:include disable-passwdmgr.inc /etc/firejail/agetpkg.profile:include disable-passwdmgr.inc /etc/firejail/akonadi_control.profile:include disable-passwdmgr.inc /etc/firejail/akregator.profile:include disable-passwdmgr.inc /etc/firejail/alacarte.profile:include disable-passwdmgr.inc /etc/firejail/amarok.profile:include disable-passwdmgr.inc /etc/firejail/amule.profile:include disable-passwdmgr.inc /etc/firejail/android-studio.profile:include disable-passwdmgr.inc /etc/firejail/anki.profile:include disable-passwdmgr.inc /etc/firejail/anydesk.profile:include disable-passwdmgr.inc /etc/firejail/aosp.profile:include disable-passwdmgr.inc /etc/firejail/apktool.profile:include disable-passwdmgr.inc /etc/firejail/apostrophe.profile:include disable-passwdmgr.inc /etc/firejail/arch-audit.profile:include disable-passwdmgr.inc /etc/firejail/archaudit-report.profile:include disable-passwdmgr.inc /etc/firejail/ardour5.profile:include disable-passwdmgr.inc /etc/firejail/arduino.profile:include disable-passwdmgr.inc /etc/firejail/aria2c.profile:include disable-passwdmgr.inc /etc/firejail/ark.profile:include disable-passwdmgr.inc /etc/firejail/arm.profile:include disable-passwdmgr.inc /etc/firejail/artha.profile:include disable-passwdmgr.inc /etc/firejail/assogiate.profile:include disable-passwdmgr.inc /etc/firejail/asunder.profile:include disable-passwdmgr.inc /etc/firejail/atril.profile:include disable-passwdmgr.inc /etc/firejail/audacious.profile:include disable-passwdmgr.inc /etc/firejail/audacity.profile:include disable-passwdmgr.inc /etc/firejail/audio-recorder.profile:include disable-passwdmgr.inc /etc/firejail/authenticator-rs.profile:include disable-passwdmgr.inc /etc/firejail/authenticator.profile:include disable-passwdmgr.inc /etc/firejail/autokey-common.profile:include disable-passwdmgr.inc /etc/firejail/aweather.profile:include disable-passwdmgr.inc /etc/firejail/baloo_file.profile:include disable-passwdmgr.inc /etc/firejail/balsa.profile:include disable-passwdmgr.inc /etc/firejail/baobab.profile:include disable-passwdmgr.inc /etc/firejail/barrier.profile:include disable-passwdmgr.inc /etc/firejail/bibletime.profile:include disable-passwdmgr.inc /etc/firejail/bijiben.profile:include disable-passwdmgr.inc /etc/firejail/bitcoin-qt.profile:include disable-passwdmgr.inc /etc/firejail/bitlbee.profile:include disable-passwdmgr.inc /etc/firejail/bitwarden.profile:include disable-passwdmgr.inc /etc/firejail/bleachbit.profile:include disable-passwdmgr.inc /etc/firejail/blender.profile:include disable-passwdmgr.inc /etc/firejail/bless.profile:include disable-passwdmgr.inc /etc/firejail/blobwars.profile:include disable-passwdmgr.inc /etc/firejail/bluefish.profile:include disable-passwdmgr.inc /etc/firejail/brackets.profile:include disable-passwdmgr.inc /etc/firejail/brasero.profile:include disable-passwdmgr.inc /etc/firejail/bzflag.profile:include disable-passwdmgr.inc /etc/firejail/calibre.profile:include disable-passwdmgr.inc /etc/firejail/calligra.profile:include disable-passwdmgr.inc /etc/firejail/cameramonitor.profile:include disable-passwdmgr.inc /etc/firejail/cantata.profile:include disable-passwdmgr.inc /etc/firejail/catfish.profile:include disable-passwdmgr.inc /etc/firejail/cawbird.profile:include disable-passwdmgr.inc /etc/firejail/celluloid.profile:include disable-passwdmgr.inc /etc/firejail/checkbashisms.profile:include disable-passwdmgr.inc /etc/firejail/cheese.profile:include disable-passwdmgr.inc /etc/firejail/cherrytree.profile:include disable-passwdmgr.inc /etc/firejail/chromium-common.profile:# include disable-passwdmgr.inc /etc/firejail/cin.profile:include disable-passwdmgr.inc /etc/firejail/clawsker.profile:include disable-passwdmgr.inc /etc/firejail/clementine.profile:include disable-passwdmgr.inc /etc/firejail/clion.profile:include disable-passwdmgr.inc /etc/firejail/clipgrab.profile:include disable-passwdmgr.inc /etc/firejail/clipit.profile:include disable-passwdmgr.inc /etc/firejail/cmus.profile:include disable-passwdmgr.inc /etc/firejail/code.profile:include disable-passwdmgr.inc /etc/firejail/com.github.bleakgrey.tootle.profile:include disable-passwdmgr.inc /etc/firejail/com.github.dahenson.agenda.profile:include disable-passwdmgr.inc /etc/firejail/com.github.johnfactotum.Foliate.profile:include disable-passwdmgr.inc /etc/firejail/conky.profile:include disable-passwdmgr.inc /etc/firejail/corebird.profile:include disable-passwdmgr.inc /etc/firejail/cower.profile:include disable-passwdmgr.inc /etc/firejail/coyim.profile:include disable-passwdmgr.inc /etc/firejail/crawl.profile:include disable-passwdmgr.inc /etc/firejail/crow.profile:include disable-passwdmgr.inc /etc/firejail/curl.profile:include disable-passwdmgr.inc /etc/firejail/d-feet.profile:include disable-passwdmgr.inc /etc/firejail/darktable.profile:include disable-passwdmgr.inc /etc/firejail/dbus-send.profile:include disable-passwdmgr.inc /etc/firejail/dconf-editor.profile:include disable-passwdmgr.inc /etc/firejail/dconf.profile:include disable-passwdmgr.inc /etc/firejail/ddgtk.profile:include disable-passwdmgr.inc /etc/firejail/deadbeef.profile:include disable-passwdmgr.inc /etc/firejail/deluge.profile:include disable-passwdmgr.inc /etc/firejail/desktopeditors.profile:include disable-passwdmgr.inc /etc/firejail/devhelp.profile:include disable-passwdmgr.inc /etc/firejail/devilspie.profile:include disable-passwdmgr.inc /etc/firejail/dex2jar.profile:include disable-passwdmgr.inc /etc/firejail/dia.profile:include disable-passwdmgr.inc /etc/firejail/dig.profile:include disable-passwdmgr.inc /etc/firejail/digikam.profile:include disable-passwdmgr.inc /etc/firejail/dillo.profile:include disable-passwdmgr.inc /etc/firejail/dino.profile:include disable-passwdmgr.inc /etc/firejail/display.profile:include disable-passwdmgr.inc /etc/firejail/dnscrypt-proxy.profile:include disable-passwdmgr.inc /etc/firejail/dnsmasq.profile:include disable-passwdmgr.inc /etc/firejail/dolphin-emu.profile:include disable-passwdmgr.inc /etc/firejail/dooble.profile:include disable-passwdmgr.inc /etc/firejail/dosbox.profile:include disable-passwdmgr.inc /etc/firejail/dragon.profile:include disable-passwdmgr.inc /etc/firejail/drawio.profile:include disable-passwdmgr.inc /etc/firejail/drill.profile:include disable-passwdmgr.inc /etc/firejail/dropbox.profile:include disable-passwdmgr.inc /etc/firejail/easystroke.profile:include disable-passwdmgr.inc /etc/firejail/electron-mail.profile:include disable-passwdmgr.inc /etc/firejail/electron.profile:include disable-passwdmgr.inc /etc/firejail/electrum.profile:include disable-passwdmgr.inc /etc/firejail/elinks.profile:include disable-passwdmgr.inc /etc/firejail/emacs.profile:include disable-passwdmgr.inc /etc/firejail/enchant.profile:include disable-passwdmgr.inc /etc/firejail/engrampa.profile:include disable-passwdmgr.inc /etc/firejail/enpass.profile:include disable-passwdmgr.inc /etc/firejail/eo-common.profile:include disable-passwdmgr.inc /etc/firejail/equalx.profile:include disable-passwdmgr.inc /etc/firejail/etr.profile:include disable-passwdmgr.inc /etc/firejail/evince.profile:include disable-passwdmgr.inc /etc/firejail/evolution.profile:include disable-passwdmgr.inc /etc/firejail/exfalso.profile:include disable-passwdmgr.inc /etc/firejail/exiftool.profile:include disable-passwdmgr.inc /etc/firejail/falkon.profile:include disable-passwdmgr.inc /etc/firejail/fbreader.profile:include disable-passwdmgr.inc /etc/firejail/fdns.profile:include disable-passwdmgr.inc /etc/firejail/feedreader.profile:include disable-passwdmgr.inc /etc/firejail/feh.profile:include disable-passwdmgr.inc /etc/firejail/fetchmail.profile:include disable-passwdmgr.inc /etc/firejail/ffmpeg.profile:include disable-passwdmgr.inc /etc/firejail/file-manager-common.profile:include disable-passwdmgr.inc /etc/firejail/file-roller.profile:include disable-passwdmgr.inc /etc/firejail/file.profile:include disable-passwdmgr.inc /etc/firejail/flameshot.profile:include disable-passwdmgr.inc /etc/firejail/flowblade.profile:include disable-passwdmgr.inc /etc/firejail/font-manager.profile:include disable-passwdmgr.inc /etc/firejail/fontforge.profile:include disable-passwdmgr.inc /etc/firejail/fractal.profile:include disable-passwdmgr.inc /etc/firejail/freecad.profile:include disable-passwdmgr.inc /etc/firejail/freeciv.profile:include disable-passwdmgr.inc /etc/firejail/freecol.profile:include disable-passwdmgr.inc /etc/firejail/freemind.profile:include disable-passwdmgr.inc /etc/firejail/frogatto.profile:include disable-passwdmgr.inc /etc/firejail/frozen-bubble.profile:include disable-passwdmgr.inc /etc/firejail/gajim.profile:include disable-passwdmgr.inc /etc/firejail/galculator.profile:include disable-passwdmgr.inc /etc/firejail/gapplication.profile:include disable-passwdmgr.inc /etc/firejail/gconf.profile:include disable-passwdmgr.inc /etc/firejail/geany.profile:include disable-passwdmgr.inc /etc/firejail/gedit.profile:include disable-passwdmgr.inc /etc/firejail/geekbench.profile:include disable-passwdmgr.inc /etc/firejail/geeqie.profile:include disable-passwdmgr.inc /etc/firejail/gfeeds.profile:include disable-passwdmgr.inc /etc/firejail/ghostwriter.profile:include disable-passwdmgr.inc /etc/firejail/gimp.profile:include disable-passwdmgr.inc /etc/firejail/gist.profile:include disable-passwdmgr.inc /etc/firejail/git-cola.profile:include disable-passwdmgr.inc /etc/firejail/git.profile:include disable-passwdmgr.inc /etc/firejail/gitg.profile:include disable-passwdmgr.inc /etc/firejail/gitter.profile:include disable-passwdmgr.inc /etc/firejail/gjs.profile:include disable-passwdmgr.inc /etc/firejail/globaltime.profile:include disable-passwdmgr.inc /etc/firejail/gmpc.profile:include disable-passwdmgr.inc /etc/firejail/gnome-books.profile:include disable-passwdmgr.inc /etc/firejail/gnome-builder.profile:include disable-passwdmgr.inc /etc/firejail/gnome-calculator.profile:include disable-passwdmgr.inc /etc/firejail/gnome-calendar.profile:include disable-passwdmgr.inc /etc/firejail/gnome-characters.profile:include disable-passwdmgr.inc /etc/firejail/gnome-chess.profile:include disable-passwdmgr.inc /etc/firejail/gnome-clocks.profile:include disable-passwdmgr.inc /etc/firejail/gnome-contacts.profile:include disable-passwdmgr.inc /etc/firejail/gnome-documents.profile:include disable-passwdmgr.inc /etc/firejail/gnome-font-viewer.profile:include disable-passwdmgr.inc /etc/firejail/gnome-hexgl.profile:include disable-passwdmgr.inc /etc/firejail/gnome-keyring.profile:include disable-passwdmgr.inc /etc/firejail/gnome-latex.profile:include disable-passwdmgr.inc /etc/firejail/gnome-logs.profile:include disable-passwdmgr.inc /etc/firejail/gnome-maps.profile:include disable-passwdmgr.inc /etc/firejail/gnome-mplayer.profile:include disable-passwdmgr.inc /etc/firejail/gnome-music.profile:include disable-passwdmgr.inc /etc/firejail/gnome-nettool.profile:include disable-passwdmgr.inc /etc/firejail/gnome-passwordsafe.profile:include disable-passwdmgr.inc /etc/firejail/gnome-photos.profile:include disable-passwdmgr.inc /etc/firejail/gnome-pie.profile:include disable-passwdmgr.inc /etc/firejail/gnome-pomodoro.profile:include disable-passwdmgr.inc /etc/firejail/gnome-recipes.profile:include disable-passwdmgr.inc /etc/firejail/gnome-ring.profile:include disable-passwdmgr.inc /etc/firejail/gnome-schedule.profile:include disable-passwdmgr.inc /etc/firejail/gnome-screenshot.profile:include disable-passwdmgr.inc /etc/firejail/gnome-sound-recorder.profile:include disable-passwdmgr.inc /etc/firejail/gnome-system-log.profile:include disable-passwdmgr.inc /etc/firejail/gnome-todo.profile:include disable-passwdmgr.inc /etc/firejail/gnome-twitch.profile:include disable-passwdmgr.inc /etc/firejail/gnome-weather.profile:include disable-passwdmgr.inc /etc/firejail/gnome_games-common.profile:include disable-passwdmgr.inc /etc/firejail/gnote.profile:include disable-passwdmgr.inc /etc/firejail/gnubik.profile:include disable-passwdmgr.inc /etc/firejail/godot.profile:include disable-passwdmgr.inc /etc/firejail/goobox.profile:include disable-passwdmgr.inc /etc/firejail/google-earth.profile:include disable-passwdmgr.inc /etc/firejail/google-play-music-desktop-player.profile:include disable-passwdmgr.inc /etc/firejail/gpa.profile:include disable-passwdmgr.inc /etc/firejail/gpg-agent.profile:include disable-passwdmgr.inc /etc/firejail/gpg.profile:include disable-passwdmgr.inc /etc/firejail/gpicview.profile:include disable-passwdmgr.inc /etc/firejail/gpredict.profile:include disable-passwdmgr.inc /etc/firejail/gradio.profile:include disable-passwdmgr.inc /etc/firejail/gramps.profile:include disable-passwdmgr.inc /etc/firejail/gravity-beams-and-evaporating-stars.profile:include disable-passwdmgr.inc /etc/firejail/gthumb.profile:include disable-passwdmgr.inc /etc/firejail/gtk-update-icon-cache.profile:include disable-passwdmgr.inc /etc/firejail/guayadeque.profile:include disable-passwdmgr.inc /etc/firejail/gucharmap.profile:include disable-passwdmgr.inc /etc/firejail/guvcview.profile:include disable-passwdmgr.inc /etc/firejail/gwenview.profile:include disable-passwdmgr.inc /etc/firejail/handbrake.profile:include disable-passwdmgr.inc /etc/firejail/hashcat.profile:include disable-passwdmgr.inc /etc/firejail/hedgewars.profile:include disable-passwdmgr.inc /etc/firejail/hexchat.profile:include disable-passwdmgr.inc /etc/firejail/highlight.profile:include disable-passwdmgr.inc /etc/firejail/homebank.profile:include disable-passwdmgr.inc /etc/firejail/host.profile:include disable-passwdmgr.inc /etc/firejail/hugin.profile:include disable-passwdmgr.inc /etc/firejail/hyperrogue.profile:include disable-passwdmgr.inc /etc/firejail/i2prouter.profile:include disable-passwdmgr.inc /etc/firejail/iagno.profile:include disable-passwdmgr.inc /etc/firejail/idea.sh.profile:include disable-passwdmgr.inc /etc/firejail/imagej.profile:include disable-passwdmgr.inc /etc/firejail/img2txt.profile:include disable-passwdmgr.inc /etc/firejail/impressive.profile:include disable-passwdmgr.inc /etc/firejail/inkscape.profile:include disable-passwdmgr.inc /etc/firejail/itch.profile:include disable-passwdmgr.inc /etc/firejail/jd-gui.profile:include disable-passwdmgr.inc /etc/firejail/jerry.profile:include disable-passwdmgr.inc /etc/firejail/jitsi.profile:include disable-passwdmgr.inc /etc/firejail/jumpnbump.profile:include disable-passwdmgr.inc /etc/firejail/k3b.profile:include disable-passwdmgr.inc /etc/firejail/kaffeine.profile:include disable-passwdmgr.inc /etc/firejail/kalgebra.profile:include disable-passwdmgr.inc /etc/firejail/kate.profile:include disable-passwdmgr.inc /etc/firejail/kazam.profile:include disable-passwdmgr.inc /etc/firejail/kcalc.profile:include disable-passwdmgr.inc /etc/firejail/kdeinit4.profile:include disable-passwdmgr.inc /etc/firejail/kdenlive.profile:include disable-passwdmgr.inc /etc/firejail/kdiff3.profile:include disable-passwdmgr.inc /etc/firejail/keepass.profile:include disable-passwdmgr.inc /etc/firejail/keepassx.profile:include disable-passwdmgr.inc /etc/firejail/keepassxc.profile:include disable-passwdmgr.inc /etc/firejail/kfind.profile:include disable-passwdmgr.inc /etc/firejail/kget.profile:include disable-passwdmgr.inc /etc/firejail/kid3.profile:include disable-passwdmgr.inc /etc/firejail/kino.profile:include disable-passwdmgr.inc /etc/firejail/kiwix-desktop.profile:include disable-passwdmgr.inc /etc/firejail/klatexformula.profile:include disable-passwdmgr.inc /etc/firejail/klavaro.profile:include disable-passwdmgr.inc /etc/firejail/kmail.profile:include disable-passwdmgr.inc /etc/firejail/kmplayer.profile:include disable-passwdmgr.inc /etc/firejail/kodi.profile:include disable-passwdmgr.inc /etc/firejail/konversation.profile:include disable-passwdmgr.inc /etc/firejail/kopete.profile:include disable-passwdmgr.inc /etc/firejail/krita.profile:include disable-passwdmgr.inc /etc/firejail/krunner.profile:# include disable-passwdmgr.inc /etc/firejail/ktorrent.profile:include disable-passwdmgr.inc /etc/firejail/ktouch.profile:include disable-passwdmgr.inc /etc/firejail/kube.profile:include disable-passwdmgr.inc /etc/firejail/kwin_x11.profile:include disable-passwdmgr.inc /etc/firejail/kwrite.profile:include disable-passwdmgr.inc /etc/firejail/latex-common.profile:include disable-passwdmgr.inc /etc/firejail/leafpad.profile:include disable-passwdmgr.inc /etc/firejail/less.profile:include disable-passwdmgr.inc /etc/firejail/libreoffice.profile:include disable-passwdmgr.inc /etc/firejail/liferea.profile:include disable-passwdmgr.inc /etc/firejail/lincity-ng.profile:include disable-passwdmgr.inc /etc/firejail/links.profile:include disable-passwdmgr.inc /etc/firejail/linphone.profile:include disable-passwdmgr.inc /etc/firejail/lmms.profile:include disable-passwdmgr.inc /etc/firejail/lollypop.profile:include disable-passwdmgr.inc /etc/firejail/lugaru.profile:include disable-passwdmgr.inc /etc/firejail/luminance-hdr.profile:include disable-passwdmgr.inc /etc/firejail/lutris.profile:include disable-passwdmgr.inc /etc/firejail/lximage-qt.profile:include disable-passwdmgr.inc /etc/firejail/lxmusic.profile:include disable-passwdmgr.inc /etc/firejail/lynx.profile:include disable-passwdmgr.inc /etc/firejail/macrofusion.profile:include disable-passwdmgr.inc /etc/firejail/magicor.profile:include disable-passwdmgr.inc /etc/firejail/makepkg.profile:include disable-passwdmgr.inc /etc/firejail/man.profile:include disable-passwdmgr.inc /etc/firejail/manaplus.profile:include disable-passwdmgr.inc /etc/firejail/marker.profile:include disable-passwdmgr.inc /etc/firejail/masterpdfeditor.profile:include disable-passwdmgr.inc /etc/firejail/mate-calc.profile:include disable-passwdmgr.inc /etc/firejail/mate-color-select.profile:include disable-passwdmgr.inc /etc/firejail/mate-dictionary.profile:include disable-passwdmgr.inc /etc/firejail/mcabber.profile:include disable-passwdmgr.inc /etc/firejail/mdr.profile:include disable-passwdmgr.inc /etc/firejail/mediainfo.profile:include disable-passwdmgr.inc /etc/firejail/mediathekview.profile:include disable-passwdmgr.inc /etc/firejail/megaglest.profile:include disable-passwdmgr.inc /etc/firejail/meld.profile:include disable-passwdmgr.inc /etc/firejail/mencoder.profile:#include disable-passwdmgr.inc /etc/firejail/mendeleydesktop.profile:include disable-passwdmgr.inc /etc/firejail/menulibre.profile:include disable-passwdmgr.inc /etc/firejail/meteo-qt.profile:include disable-passwdmgr.inc /etc/firejail/midori.profile:#include disable-passwdmgr.inc /etc/firejail/mindless.profile:include disable-passwdmgr.inc /etc/firejail/minecraft-launcher.profile:include disable-passwdmgr.inc /etc/firejail/minetest.profile:include disable-passwdmgr.inc /etc/firejail/minitube.profile:include disable-passwdmgr.inc /etc/firejail/mirage.profile:include disable-passwdmgr.inc /etc/firejail/mirrormagic.profile:include disable-passwdmgr.inc /etc/firejail/mocp.profile:include disable-passwdmgr.inc /etc/firejail/mousepad.profile:include disable-passwdmgr.inc /etc/firejail/mp3splt-gtk.profile:include disable-passwdmgr.inc /etc/firejail/mp3splt.profile:include disable-passwdmgr.inc /etc/firejail/mpDris2.profile:include disable-passwdmgr.inc /etc/firejail/mpd.profile:include disable-passwdmgr.inc /etc/firejail/mpg123.profile:include disable-passwdmgr.inc /etc/firejail/mplayer.profile:include disable-passwdmgr.inc /etc/firejail/mpsyt.profile:include disable-passwdmgr.inc /etc/firejail/mpv.profile:include disable-passwdmgr.inc /etc/firejail/mrrescue.profile:include disable-passwdmgr.inc /etc/firejail/ms-office.profile:include disable-passwdmgr.inc /etc/firejail/mtpaint.profile:include disable-passwdmgr.inc /etc/firejail/multimc5.profile:include disable-passwdmgr.inc /etc/firejail/mumble.profile:include disable-passwdmgr.inc /etc/firejail/mupdf.profile:include disable-passwdmgr.inc /etc/firejail/mupen64plus.profile:include disable-passwdmgr.inc /etc/firejail/mupen64plus.profile:include disable-passwdmgr.inc /etc/firejail/musescore.profile:include disable-passwdmgr.inc /etc/firejail/musictube.profile:include disable-passwdmgr.inc /etc/firejail/musixmatch.profile:include disable-passwdmgr.inc /etc/firejail/mutt.profile:include disable-passwdmgr.inc /etc/firejail/mypaint.profile:include disable-passwdmgr.inc /etc/firejail/nano.profile:include disable-passwdmgr.inc /etc/firejail/natron.profile:include disable-passwdmgr.inc /etc/firejail/netactview.profile:include disable-passwdmgr.inc /etc/firejail/nethack-vultures.profile:include disable-passwdmgr.inc /etc/firejail/nethack.profile:include disable-passwdmgr.inc /etc/firejail/neverball.profile:include disable-passwdmgr.inc /etc/firejail/newsboat.profile:include disable-passwdmgr.inc /etc/firejail/newsflash.profile:include disable-passwdmgr.inc /etc/firejail/nheko.profile:include disable-passwdmgr.inc /etc/firejail/nicotine.profile:include disable-passwdmgr.inc /etc/firejail/nitroshare.profile:include disable-passwdmgr.inc /etc/firejail/nodejs-common.profile:include disable-passwdmgr.inc /etc/firejail/nomacs.profile:include disable-passwdmgr.inc /etc/firejail/notify-send.profile:include disable-passwdmgr.inc /etc/firejail/nslookup.profile:include disable-passwdmgr.inc /etc/firejail/nylas.profile:include disable-passwdmgr.inc /etc/firejail/nyx.profile:include disable-passwdmgr.inc /etc/firejail/obs.profile:include disable-passwdmgr.inc /etc/firejail/ocenaudio.profile:include disable-passwdmgr.inc /etc/firejail/odt2txt.profile:include disable-passwdmgr.inc /etc/firejail/okular.profile:include disable-passwdmgr.inc /etc/firejail/onboard.profile:include disable-passwdmgr.inc /etc/firejail/onionshare-gui.profile:include disable-passwdmgr.inc /etc/firejail/open-invaders.profile:include disable-passwdmgr.inc /etc/firejail/openarena.profile:include disable-passwdmgr.inc /etc/firejail/opencity.profile:include disable-passwdmgr.inc /etc/firejail/openclonk.profile:include disable-passwdmgr.inc /etc/firejail/openshot.profile:include disable-passwdmgr.inc /etc/firejail/openttd.profile:include disable-passwdmgr.inc /etc/firejail/orage.profile:include disable-passwdmgr.inc /etc/firejail/ostrichriders.profile:include disable-passwdmgr.inc /etc/firejail/otter-browser.profile:include disable-passwdmgr.inc /etc/firejail/pandoc.profile:include disable-passwdmgr.inc /etc/firejail/parole.profile:include disable-passwdmgr.inc /etc/firejail/patch.profile:include disable-passwdmgr.inc /etc/firejail/pavucontrol.profile:include disable-passwdmgr.inc /etc/firejail/pdfchain.profile:include disable-passwdmgr.inc /etc/firejail/pdfmod.profile:include disable-passwdmgr.inc /etc/firejail/pdfsam.profile:include disable-passwdmgr.inc /etc/firejail/pdftotext.profile:include disable-passwdmgr.inc /etc/firejail/peek.profile:include disable-passwdmgr.inc /etc/firejail/penguin-command.profile:include disable-passwdmgr.inc /etc/firejail/photoflare.profile:include disable-passwdmgr.inc /etc/firejail/picard.profile:include disable-passwdmgr.inc /etc/firejail/pidgin.profile:include disable-passwdmgr.inc /etc/firejail/ping.profile:include disable-passwdmgr.inc /etc/firejail/pingus.profile:include disable-passwdmgr.inc /etc/firejail/pinta.profile:include disable-passwdmgr.inc /etc/firejail/pioneer.profile:include disable-passwdmgr.inc /etc/firejail/pithos.profile:include disable-passwdmgr.inc /etc/firejail/pitivi.profile:include disable-passwdmgr.inc /etc/firejail/pix.profile:include disable-passwdmgr.inc /etc/firejail/pkglog.profile:include disable-passwdmgr.inc /etc/firejail/pluma.profile:include disable-passwdmgr.inc /etc/firejail/plv.profile:include disable-passwdmgr.inc /etc/firejail/pngquant.profile:include disable-passwdmgr.inc /etc/firejail/ppsspp.profile:include disable-passwdmgr.inc /etc/firejail/pragha.profile:include disable-passwdmgr.inc /etc/firejail/profanity.profile:include disable-passwdmgr.inc /etc/firejail/psi-plus.profile:include disable-passwdmgr.inc /etc/firejail/psi.profile:include disable-passwdmgr.inc /etc/firejail/pybitmessage.profile:include disable-passwdmgr.inc /etc/firejail/pycharm-community.profile:include disable-passwdmgr.inc /etc/firejail/qbittorrent.profile:include disable-passwdmgr.inc /etc/firejail/qemu-launcher.profile:include disable-passwdmgr.inc /etc/firejail/qemu-system-x86_64.profile:include disable-passwdmgr.inc /etc/firejail/qgis.profile:include disable-passwdmgr.inc /etc/firejail/qlipper.profile:include disable-passwdmgr.inc /etc/firejail/qmmp.profile:include disable-passwdmgr.inc /etc/firejail/qnapi.profile:include disable-passwdmgr.inc /etc/firejail/qpdfview.profile:include disable-passwdmgr.inc /etc/firejail/qrencode.profile:include disable-passwdmgr.inc /etc/firejail/qtox.profile:include disable-passwdmgr.inc /etc/firejail/quaternion.profile:include disable-passwdmgr.inc /etc/firejail/quiterss.profile:include disable-passwdmgr.inc /etc/firejail/qupzilla.profile:include disable-passwdmgr.inc /etc/firejail/redeclipse.profile:include disable-passwdmgr.inc /etc/firejail/redshift.profile:include disable-passwdmgr.inc /etc/firejail/regextester.profile:include disable-passwdmgr.inc /etc/firejail/remmina.profile:include disable-passwdmgr.inc /etc/firejail/rhythmbox.profile:include disable-passwdmgr.inc /etc/firejail/ricochet.profile:include disable-passwdmgr.inc /etc/firejail/ripperx.profile:include disable-passwdmgr.inc /etc/firejail/ristretto.profile:include disable-passwdmgr.inc /etc/firejail/rsync-download_only.profile:include disable-passwdmgr.inc /etc/firejail/rtorrent.profile:include disable-passwdmgr.inc /etc/firejail/rtv.profile:include disable-passwdmgr.inc /etc/firejail/sayonara.profile:include disable-passwdmgr.inc /etc/firejail/scallion.profile:include disable-passwdmgr.inc /etc/firejail/scorched3d.profile:include disable-passwdmgr.inc /etc/firejail/scorchwentbonkers.profile:include disable-passwdmgr.inc /etc/firejail/scribus.profile:include disable-passwdmgr.inc /etc/firejail/sdat2img.profile:include disable-passwdmgr.inc /etc/firejail/seahorse-adventures.profile:include disable-passwdmgr.inc /etc/firejail/seahorse.profile:include disable-passwdmgr.inc /etc/firejail/servo.profile:include disable-passwdmgr.inc /etc/firejail/shellcheck.profile:include disable-passwdmgr.inc /etc/firejail/shortwave.profile:include disable-passwdmgr.inc /etc/firejail/shotcut.profile:include disable-passwdmgr.inc /etc/firejail/shotwell.profile:include disable-passwdmgr.inc /etc/firejail/signal-cli.profile:include disable-passwdmgr.inc /etc/firejail/silentarmy.profile:include disable-passwdmgr.inc /etc/firejail/simple-scan.profile:include disable-passwdmgr.inc /etc/firejail/simplescreenrecorder.profile:include disable-passwdmgr.inc /etc/firejail/simutrans.profile:include disable-passwdmgr.inc /etc/firejail/skanlite.profile:include disable-passwdmgr.inc /etc/firejail/slashem.profile:include disable-passwdmgr.inc /etc/firejail/smplayer.profile:include disable-passwdmgr.inc /etc/firejail/smtube.profile:include disable-passwdmgr.inc /etc/firejail/smuxi-frontend-gnome.profile:include disable-passwdmgr.inc /etc/firejail/softmaker-common.profile:include disable-passwdmgr.inc /etc/firejail/sol.profile:include disable-passwdmgr.inc /etc/firejail/sound-juicer.profile:include disable-passwdmgr.inc /etc/firejail/soundconverter.profile:include disable-passwdmgr.inc /etc/firejail/spectacle.profile:include disable-passwdmgr.inc /etc/firejail/spectral.profile:include disable-passwdmgr.inc /etc/firejail/spectre-meltdown-checker.profile:include disable-passwdmgr.inc /etc/firejail/spotify.profile:include disable-passwdmgr.inc /etc/firejail/sqlitebrowser.profile:include disable-passwdmgr.inc /etc/firejail/ssh-agent.profile:include disable-passwdmgr.inc /etc/firejail/standardnotes-desktop.profile:include disable-passwdmgr.inc /etc/firejail/start-tor-browser.profile:include disable-passwdmgr.inc /etc/firejail/steam.profile:include disable-passwdmgr.inc /etc/firejail/stellarium.profile:include disable-passwdmgr.inc /etc/firejail/straw-viewer.profile:include disable-passwdmgr.inc /etc/firejail/strawberry.profile:include disable-passwdmgr.inc /etc/firejail/strings.profile:include disable-passwdmgr.inc /etc/firejail/subdownloader.profile:include disable-passwdmgr.inc /etc/firejail/supertux2.profile:include disable-passwdmgr.inc /etc/firejail/supertuxkart.profile:include disable-passwdmgr.inc /etc/firejail/surf.profile:include disable-passwdmgr.inc /etc/firejail/sushi.profile:include disable-passwdmgr.inc /etc/firejail/synfigstudio.profile:include disable-passwdmgr.inc /etc/firejail/sysprof.profile:include disable-passwdmgr.inc /etc/firejail/tcpdump.profile:include disable-passwdmgr.inc /etc/firejail/teamspeak3.profile:include disable-passwdmgr.inc /etc/firejail/teeworlds.profile:include disable-passwdmgr.inc /etc/firejail/terasology.profile:include disable-passwdmgr.inc /etc/firejail/thunderbird.profile:include disable-passwdmgr.inc /etc/firejail/tilp.profile:include disable-passwdmgr.inc /etc/firejail/tor.profile:include disable-passwdmgr.inc /etc/firejail/torbrowser-launcher.profile:include disable-passwdmgr.inc /etc/firejail/torcs.profile:include disable-passwdmgr.inc /etc/firejail/totem.profile:include disable-passwdmgr.inc /etc/firejail/tracker.profile:include disable-passwdmgr.inc /etc/firejail/transgui.profile:include disable-passwdmgr.inc /etc/firejail/transmission-common.profile:include disable-passwdmgr.inc /etc/firejail/tremulous.profile:include disable-passwdmgr.inc /etc/firejail/trojita.profile:include disable-passwdmgr.inc /etc/firejail/truecraft.profile:include disable-passwdmgr.inc /etc/firejail/tuxguitar.profile:include disable-passwdmgr.inc /etc/firejail/tvbrowser.profile:include disable-passwdmgr.inc /etc/firejail/udiskie.profile:include disable-passwdmgr.inc /etc/firejail/uefitool.profile:include disable-passwdmgr.inc /etc/firejail/unbound.profile:include disable-passwdmgr.inc /etc/firejail/unf.profile:include disable-passwdmgr.inc /etc/firejail/unknown-horizons.profile:include disable-passwdmgr.inc /etc/firejail/utox.profile:include disable-passwdmgr.inc /etc/firejail/uudeview.profile:include disable-passwdmgr.inc /etc/firejail/viewnior.profile:include disable-passwdmgr.inc /etc/firejail/viking.profile:include disable-passwdmgr.inc /etc/firejail/vim.profile:include disable-passwdmgr.inc /etc/firejail/virtualbox.profile:include disable-passwdmgr.inc /etc/firejail/vlc.profile:include disable-passwdmgr.inc /etc/firejail/vmware.profile:include disable-passwdmgr.inc /etc/firejail/vym.profile:include disable-passwdmgr.inc /etc/firejail/w3m.profile:include disable-passwdmgr.inc /etc/firejail/warmux.profile:include disable-passwdmgr.inc /etc/firejail/warsow.profile:include disable-passwdmgr.inc /etc/firejail/warzone2100.profile:include disable-passwdmgr.inc /etc/firejail/webstorm.profile:include disable-passwdmgr.inc /etc/firejail/webui-aria2.profile:include disable-passwdmgr.inc /etc/firejail/wesnoth.profile:include disable-passwdmgr.inc /etc/firejail/wget.profile:include disable-passwdmgr.inc /etc/firejail/whois.profile:include disable-passwdmgr.inc /etc/firejail/widelands.profile:include disable-passwdmgr.inc /etc/firejail/wine.profile:include disable-passwdmgr.inc /etc/firejail/wireshark.profile:include disable-passwdmgr.inc /etc/firejail/wordwarvi.profile:include disable-passwdmgr.inc /etc/firejail/wps.profile:include disable-passwdmgr.inc /etc/firejail/x2goclient.profile:include disable-passwdmgr.inc /etc/firejail/xbill.profile:include disable-passwdmgr.inc /etc/firejail/xcalc.profile:include disable-passwdmgr.inc /etc/firejail/xed.profile:include disable-passwdmgr.inc /etc/firejail/xfburn.profile:include disable-passwdmgr.inc /etc/firejail/xfce4-dict.profile:include disable-passwdmgr.inc /etc/firejail/xfce4-mixer.profile:include disable-passwdmgr.inc /etc/firejail/xfce4-notes.profile:include disable-passwdmgr.inc /etc/firejail/xfce4-screenshooter.profile:include disable-passwdmgr.inc /etc/firejail/xiphos.profile:include disable-passwdmgr.inc /etc/firejail/xmms.profile:include disable-passwdmgr.inc /etc/firejail/xmr-stak.profile:include disable-passwdmgr.inc /etc/firejail/xonotic.profile:include disable-passwdmgr.inc /etc/firejail/xournal.profile:include disable-passwdmgr.inc /etc/firejail/xpdf.profile:include disable-passwdmgr.inc /etc/firejail/xplayer.profile:include disable-passwdmgr.inc /etc/firejail/xpra.profile:include disable-passwdmgr.inc /etc/firejail/xreader.profile:include disable-passwdmgr.inc /etc/firejail/xviewer.profile:include disable-passwdmgr.inc /etc/firejail/yelp.profile:include disable-passwdmgr.inc /etc/firejail/youtube-dl.profile:include disable-passwdmgr.inc /etc/firejail/youtube-viewer.profile:include disable-passwdmgr.inc /etc/firejail/zaproxy.profile:include disable-passwdmgr.inc /etc/firejail/zart.profile:include disable-passwdmgr.inc /etc/firejail/zathura.profile:include disable-passwdmgr.inc /etc/firejail/zeal.profile:include disable-passwdmgr.inc /etc/firejail/zulip.profile:include disable-passwdmgr.inc /etc/firejail/ssh.profile:include disable-passwdmgr.inc /etc/firejail/email-common.profile:include disable-passwdmgr.inc ```

$ ls ~/.config/firejail
ls: cannot access '/home/marek/.config/firejail': No such file or directory

marek22k commented 1 year ago

Ahh, I forget to get the package firejail-profiles from backports. Now the new version works for me.

marek22k commented 1 year ago

The problem still exists with the new version.

glitsj16 commented 1 year ago

The problem still exists with the new version.

Indeed it would. That's to be expected because of the include disable-interpreters.inc in the included email-common.profile. That blocks ruby (amongst others), which the bsfilter plugin apparently needs to function properly.

The point I'm trying to make is this: although we could easily add a line to allow ruby, I'm not quite sure that's the way to go (yet). Firejail's local override functionality can solve this, as you point out in your workaround. I'm looking at the claws-mail support details at the moment to check what set of interpreters the officially available plugins share so we can make an informed decision on what to allow by default (if anything).

netblue30 / firejail