Hi Vincent, On Mon, Mar 01, 2021 at 02:49:32AM +0100, Vincent Lefevre wrote: > When using --private=<DIR>, an existing "bin" directory in <DIR> > is read-only. This is silly: this means that one cannot restart > a firejail session: > [...] > > I don't see the point to have "bin" read-only in this case, as the > purpose of "--private=" is that this "bin" directory is specific to > the firejail session.
The reason why the bin directory is mounted read-only is the
disable-common.inc file that is included in the default and many other
profiles:
read-only ${HOME}/bin
It's writable the first time, because it does not exist yet when the
jail is created.
If you want to allow writing in this directory, you can add a local
override in the file /etc/firejail/disable-common.local with this line:
ignore read-only ${HOME}/bin
Alternatively you can create your own profile that does not include
disable-common.inc.
Kind regards,
Reiner
signature.asc
Description: PGP signature
