Bug #1821
iceweasel-hardened-preferences and icedove-hardened-preferences need a small fix
Status:
fixed
Priority:
bug
Assignee:
-
% Done:
100%
Description
Both packages currently fail to lauch:
[Discharging, 19%, 00:18:11:freemor@freelap ~]$ iceweasel-hardened Closing any other instances of Iceweasel to avoid crashes... Copying Hardened Prefs... Waking the Iceweasel... Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 23949, child pid 23950 Private /etc installed in 3.91 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Child process initialized in 60.20 ms Parent is shutting down, bye... Removing hardened preferences... ------ [Discharging, 19%, 00:18:11:freemor@freelap ~]$ icedove-hardened Closing any other instances of Icedove to avoid crashes... Copying Hardened Prefs... Waking the Icedove... Reading profile /etc/firejail/icedove.profile Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 25749, child pid 25750 Private /etc installed in 13.16 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Child process initialized in 184.22 ms Parent is shutting down, bye... Removing hardened preferences... [Discharging, 19%, 00:18:11:freemor@freelap ~]$
I did some digging and the issue in both resides in the:
--private-bin=...
Section of each.
Simply adding "sh," to the list of allowed programs fixes the issue for both.
Files
History
Updated by freemor almost 6 years ago
For clarity the "--private-bin=" resides in:
iceweasel-hardened.sh
and
icedove-hardened.sh
respectively.
Updated by freemor almost 6 years ago
- File iceweasel-hardened.sh iceweasel-hardened.sh added
- File icedove-hardened.sh icedove-hardened.sh added
Here are the files with the needed changes
Updated by freemor almost 6 years ago
- % Done changed from 0 to 100
- Status changed from open to fixed
Checked. Looks like this has been applied/fixed so closing this bug.