-
Notifications
You must be signed in to change notification settings - Fork 553
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thunderbird accesses ~/.mozilla even when blacklisted #995
Comments
You need to add the following two lines at the top of /etc/firejail/thunderbird.profile:
If you add them at the end, it will have no effect. Also, take a look at the whitelists in /etc/firejail/firefox.profile, you might want to blacklist some other directories. The default Firefox and Thunderbird profiles are quite generic, good for all kind of use cases, such as reading PDF files, playing audio files etc. |
Neither do I. I'm using a customized thunderbird.profile that doesn't include firefox.profile. And Firefox still opens when I click links in emails. However, I remember that I had problems until it worked as it should. After some trial and error I finally deleted |
Thanks a lot, I really wasn't aware of that. So my understanding would be that arguments in a profile will be processed in order, kinda like firewall rules?
Yes, I thought so : therefore I wrote my own (kinda restricted) profile for Thunderbird
After trying with the --audit option, I get this
which looks kinda OK for my needs, the only issue being that if clicking on a link, it will still be opened in the predefined browser, although in a private temporary sandbox : is there any way to avoid this completely? |
You are right, in some cases you can later undo what you did before.
For various reasons, both Firefox and Chromium keep only one instance of the program running. When you click on a link in Thunderbird, if another instance of the browser is running, it will open a new tab (or window) into the existing browser. The way I use it, I start Firefox in a separate sandbox before starting Thunderbird - the two sandboxes manage to communicate somehow! |
I'd like Thunderbird to leave alone the .mozilla directory (since I don't directly click on links in email), so I've added
blacklist ~/.mozilla
to my thunderbird profile, but it doesn't work :is there any workaround for this?
As I've said, I don't think Thunderbird absolutely needs to access the .mozilla directory, at least not in the way I use Thunderbird: since the purpose of sandboxing is to isolate processes as much as possible, I'd really like to cut access to .mozilla in this case.
The text was updated successfully, but these errors were encountered: