Please add an Profile for Skype

[Micha-Btz]

Hi There,

please add an Profile for Skype. I tried on my own, but i cant get it to work.

Micha

[reinerh]

This could be the same problem as #86, as skype is also only available as 32-bit package.

[netblue30]

It has the same 32bit/64bit seccomp problem as wine and steam. Can you please try:

$ firejail --noprofile skype

This should disable seccomp for now.

[Micha-Btz]

is working.
firejail --noprofile skype

But if it makes sence?

As far is i am understand, i can secure some dirs and files to denied the access to it.

[netblue30]

This is great news! It means we are 90% done. This is how the sandbox works:

First, it configures a new home directory (blacklists, whitelists etc.) It is basically a chroot created on the fly.

Second, a seccomp filter will prevent the intruder to escape the chroot.

Third, just in case he managed to remove the chroot, a Linux capabilites (man 7 capabilities) filter is installed. This disables kernel module loading, filesystem mounts, changing networking system etc. Basically all sysadmin actions are disabled.

The only thing we are missing is the seccomp filter. It will come in the next few days. By the end of the week we should be all done. Until then, run it like this:

$ firejail --noprofile --caps.drop=all skype

I'll comment here on this thread when seccomp is in. Thanks.

[netblue30]

Sorry, something else you can try. Build a skype profile in your home directory:

cd ~
mkdir -p .config/firejail
cd .config/firejail
cp /etc/firejail/generic.profile skype.profile

Then, open skype.profile file in a text editor and comment out seccomp line (add a # in front of the line). Somebody just submitted a patch with a similar profile for steam.

[Micha-Btz]

works, so it protect my files. thats enough for me

[netblue30]

Fixed, skype profile included.