search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.84k stars 569 forks source link

Backgrounding fetchmail in script #789

Closed chiraag-nataraj closed 8 years ago

chiraag-nataraj commented 8 years ago

I decided to use firejail to contain fetchmail to the files and directories it needs. I use it in daemon mode (as most people probably do). I also use gpg to encrypt the config file. So right now, the workflow is

  1. Decrypt the config file to a location on RAM (my /tmp is a tmpfs).
  2. Launch fetchmail with that config file.
  3. Delete the config file so that only the encrypted one ever exists on disk. Obviously, I can only delete the config file after fetchmail has launched. When it's just fetchmail, there's no problem - it launches daemon mode and then releases the foreground. When I launch it with firejail, though, firejail refuses to leave the foreground, which means the decrypted config file never gets deleted. Here's the script:
#!/bin/bash
gpg -o /tmp/.fetchmailrc ~/.fetchmailrc.gpg
chmod 600 /tmp/.fetchmailrc
firejail fetchmail -d 5 -f /tmp/.fetchmailrc
rm /tmp/.fetchmailrc

As you can tell, pretty simple. I tried putting & at the end (as I would normally do), but then fetchmail exited saying that no mail servers were specified. How would I go about fixing this? All I need is for firejail to background itself when fetchmail does.

netblue30 commented 8 years ago

Try daemon command (sudo apt-get install daemon):

$ daemon firejail sleep 100
$ firejail --list
620:netblue:firejail sleep 100 
$
chiraag-nataraj commented 8 years ago

I fixed it by just running the whole script inside firejail. I was having trouble because of the fetchmail and daemon options conflicting or something - it was weird. If I run the script inside firejail, then backgrounding works and firejail properly doesn't close.