search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.82k stars 567 forks source link

Host file managers cannot find files in sandbox /proc with --private #6487

Open bingmatv opened 1 month ago

bingmatv commented 1 month ago

While using --private --noprofile parameters, any downloaded files in sandbox are invisible for Host file managers

find /proc|grep filename

can't find the file.

rusty-snake commented 1 month ago

Your post lists a few facts, but no question or request. So what do you want?

While using --private --noprofile parameters, any downloaded files in sandbox are invisible for Host file managers

Expected.

can't find the file.

procfs and magic symlinks are a crazy, confusing thing. If you think find / grep has a bug, report it to them.

Also where do you expect the file to be found in proc? In /proc/<pid>/fd? In /proc/<pid>/fdinfo?

kmk3 commented 1 month ago

Basic debugging information is missing; please follow the bug report template:

kmk3 commented 1 month ago

While using --private --noprofile parameters, any downloaded files in sandbox are invisible for Host file managers

This is the expected behavior of --private.

To transfer files from the sandbox, see --get= and FILE TRANSFER in man firejail.

Alternatively, use --private=foo or whitelist the paths that you need instead of using --private.

See also: