With --private=/foo/bar, configurations store under real ${HOME} becomes
inaccessible,e.g. > $ firejail --allusers --private=/tmp/home/ > --profile=/etc/firejail/firefox.profile /bin/bash so it is impractical (Please consider I am running profiled applications, rather than shell with default profile). Besides, although /home/.fscrypt appears inside jail, a tmpfs is mounted atop it, and --whitelist cannot be used to mount the real /home/.fscrypt there, for /home is not permitted top directory. 在 2020/1/31 上午7:55, Reiner Herrmann 写道: > On Sat, Jan 25, 2020 at 10:45:08PM +0800, Mad Horse wrote: >> I have not remembered that because --private is used so widely in >> officially shipped profiles, so I have to inspect them with command like >> >>> $ firejail --profile=/etc/firejail/firefox.profile /bin/bash > Hm, I couldn't find "private" in the firefox(-common) profile. > Does it work if you start it by giving it a location where it can store > the private home directory? > Like: firejail --allusers --private=/foo/bar > (see also: > https://github.com/netblue30/firejail/issues/3185#issuecomment-578413651 ) > > Regards, > Reiner
