Re-attach to an overlay after the sandbox is closed #239
Comments
|
I have experimented with the overlayfs mount and if I manually remount over a previous sandbox, the merge appears to work properly. If an option is added --reoverlay and then that creates the /home/$USER/.firejail/persist dir and that dir is used instead of /home/$USER/.firejail/$PID for the overlay then I think this enhancement would work. But does this reuse of a previous sandbox somewhat defeat the purpose of using firejail? I'll get some code for this change to you at some point. |
|
I'm really interested in this feature, so if you send me some code I'll merge it in. The reason I've been sleeping on it is remounting the overlay is a huge security problem. For example, in the overlay you modify /etc/shadow, then start firejail and become root. I'll have to restrict --reoverlay to root user. |
|
@netblue30 would the issue exist if user namespaces were in place? |
|
Overlayfs and user namespace should be two different subsystems. |
|
Implemented in 0.9.42~rc2 |
From wordpress:
Hi,
Is it possible to re-attach to an overlay after the sandbox is closed? Now, a new overlay is always created, but I would like to continue where I left of.
Thanks,
eli
The text was updated successfully, but these errors were encountered: