Apps unable to load config/profile of $USER #85
Description
Hey,
I'm packaging orjail for NixOS NixOS/nixpkgs#138293 and it's already working :)
One issue is that if I run, for example firefox with orjail, firefox will use a new and empty profile instead of my own located in /home/onny/.mozilla/firefox:
sudo orjail -v -f firefox
orjail (id: 0)
orjail network namespace already exists!
Switching to pid 47966, the first child process inside the sandbox
Child process initialized in 7.46 ms
If I run firefox with firejail directly, I have the firejail sandbox but also my Firefox profile loaded:
firejail firefox
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox.profile
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox.local
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/globals.local
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-usr-share-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox-common.profile
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/firefox-common.local
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-devel.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-exec.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-interpreters.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/disable-programs.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-runuser-common.inc
Reading profile /nix/store/znfcq16mv3jbf6f8h9wpbwzlx2ixbirh-firejail-0.9.64.4/etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 50036, child pid 50039
Error: dumpable process
Remove read permission on fseccomp executable
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Error: dumpable process
Remove read permission on fseccomp executable
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Error: dumpable process
Remove read permission on fsec-optimize executable
Child process initialized in 126.97 ms
(firefox:8): libnotify-WARNING **: 10:40:48.912: Failed to connect to proxy
Maybe this behavior is related to NixOS or is this intended?
Regards
Jonas