private-cwd not expanding macros (e.g. ${HOME})

[reinerh]

hyperrogue.profile currently contains the following line:

private-cwd ${HOME}

(it's currently the only profile using private-cwd.)

When trying to run firejail with this profile it fails with the following error:

$ firejail hyperrogue
Reading profile /etc/firejail/hyperrogue.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Error: invalid private working directory

Removing ${HOME} from the private-cwd line fixes it. According to the manpage the home directory is also the default directory when no other directory is specified.

Was the ${HOME} added by accident? Or should this be supported?

(Problem was found by Ubuntu CI btw: https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/arm64/f/firejail/20220207_124108_3cf17@/log.gz
This will currently prevent the package from entering 22.04 until it is fixed, if I understand their CI correctly.)

[rusty-snake]

hyperrogue saves it's game state at ./hyperrogue.ini. Which works badly with (no)blacklist/whitelist. That's why I added the private-cwd.

[rusty-snake]

• firejail --private-cwd="${HOME}" --noprofile ls: Works
• firejail --private-cwd='${HOME}' --noprofile ls: Broken

The fix for #4780 seems to check for relative/absolute path before expanding macros (${HOME}).

[reinerh]

hyperrogue saves it's game state at ./hyperrogue.ini. Which works badly with (no)blacklist/whitelist. That's why I added the private-cwd.

Ah, I remember that hyperrogue bug. If you use Debian, I fixed that in 12.0f-1 (#985797), otherwise just build with -DFHS, then it will store the config in ~/.hyperrogue.ini. (In my opinion building without -DFHS is a bug in the distribution package; so we could use a black/whitelist approach in the profile)

[netblue30]

Got the same on Debian stable, removed ${HOME} from the profile. This fixes it for the game.

"private-cwd" and "private-cwd ${HOME}" should be equivalent. I'll look to see what's going on in the code. Same problem with "firejail --private-cwd='${HOME}' --noprofile ls"

[netblue30]

5753400

[kmk3]

fix --private-cwd, issue #4910

Nice, it works for me with --private-cwd='${HOME}'.

Can this be closed then?

[netblue30]

Yes, closed! Will reopen again if necessary.