Open Rosika2 opened 4 months ago
OS: Linux Lite 6.2
The yelp.profile assumes man pages are located under /usr/share/man
and whitelists that path accordingly. Does Linux Lite
store these in the same location? If not you will need to whitelist the path it uses.
HTH
Hi @glitsj16, :wave:
thanks for your reply.
/usr/share/man and whitelists that path accordingly. Does Linux Lite store these in the same location?
In fact it does. I looked it up. Nothing unusual here, it seems.
Seems curious. I don´t know why yelp.profile
wouldn´t work then. :thinking:
Still: thanks a lot and many greetings from Rosika :slightly_smiling_face:
In fact it does. I looked it up. Nothing unusual here, it seems.
Ah well, that would have been too easy. So that leaves the manual trial and error routine. Try commenting all the include disable-foo.inc
lines, private-bin
and private-tmp
and hopefully that can identify the culprit(s). Work your way up from there and post your observations so we can assist. There's also our IRC channel.
Enjoy your weekend.
Hi @glitsj16, :wave:
thanks for your reply.
O.K., I´ll try to follow the path you suggested. As soon as I come up with anything substantial (perhaps even a soultion) I´ll post it here.
In the meantime: goodybe and have a nice weekend as well.
Cheers from Rosika :slightly_smiling_face:
P.S.:
Thanks also for the hint regarding the IRC channel.
Hi again @glitsj16, :wave:
I tried what you suggested but those ones weren´t the culprit. I tried some options more and found out that it´s line 58 which has to be commented out:
# private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,groff,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,man_db.conf,openal,os-release,pulse,sgml,xml
I left everything else unchanged.
Now yelp
can access the man pages within firejail
. :smiley:
I´m just wondering: Isn´t it a bit much that gets commented out this way? It´s just one line but affects a lot of of options... :thinking:
Many greetings from Rosika :slightly_smiling_face:
Nice find.
I'm just wondering: Isn't it a bit much that gets commented out this way?
That's correct. Ideally, now that you've determined something is missing
from private-etc
, the best option would be to track down what that is and add that.
With the newly introduced @groups syntax for private-etc (only in git for now) this issue could go away. But while you're on 0.9.72
, try adding (some of) the below 'usual suspects' and check if that kicks yelp into working mode while maintaining a restrictive sandbox:
$ cat ~/.config/firejail/yelp.local
private-etc group,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,login.defs,pango,passwd,xdg
HTH
Hi @glitsj16, :wave:
I followed your suggestion and I did it this way:
In yelp.local
I erased one entry at a time, e.g. group
, ld.so.conf
etc.
But yelp didn´t work, no matter which of the entries I kicked out.
While commenting out the complete line with all of it´s entries works it must be a combination of 2 or more entries then. :thinking:
Seems hard to find out the culprits. For the time being it seems commenting out the line completely is mandatory.
Thanks again and many greetings from Rosika :slightly_smiling_face:
Seems hard to find out the culprits.
Agreed, that can become a rabbit-hole. And it's not 'insecure' without private-etc. Your OS and yourself are still there to protect sensitive things under /etc too. As I've mentioned, for me on firejail-git (with the refactored private-etc etcetera) yelp works fine. So let's hope it's only a matter of time before 0.9.74 reaches you and things sort themselves out :)
Thanks for your response. We'll keep this open for now.
@glitsj16, :wave:
thanks so much for your feedback.
And it's not 'insecure' without private-etc.
That´s good to know.
I might still follow some kind of "gradual reintroduction" approach:
Instead of removing one entry at a time, I could try gradually reintroducing entries back into yelp.local
and testing yelp after each addition. This might help identify which specific combination of entries causes the problem.
Just an idea. Not sure if it will lead to anything. :wink:
In the meantime: thanks again and have nice Sunday. Cheers from Rosika :slightly_smiling_face:
Info:
OS: Linux Lite 6.2 firejail version: 0.9.72
Hi all, :wave:
I just noticed there´s a
yelp.profile
available for firejail.yelp
provides an interesting alternative for viewing man pages. However the command (example):firejail yelp man:ls
didn´t provide the results as expected.The yelp GUI opened up but couldn´t access the respective file. It said: "Document not found. The URI ´man:ls´ does not point to a valid page." :disappointed:
However: the command
firejail --noprofile yelp man:ls
worked well. The man pages forls
were flawlessly displayed in the yelp GUI. That was just for experimental reasons, of course.I already copied the the
yelp.profile
to~/.config/firejail
in order to change (some of) the options stored therein but frankly I don´t know where to start. Surely the profile needs some modification.Thanks a lot for your help in advance.
Many greetings from Rosika :slightly_smiling_face:
P.S.:
the terminal´s output was: