Control: forward -1 https://github.com/netblue30/firejail/issues/4026
Control: severity -1 normal

Hi Vincent,

On Tue, Mar 02, 2021 at 12:22:09AM +0100, Vincent Lefevre wrote:
> This is misused in the case of a private home directory. This rule
> should apply against the original home directory, not the private
> home directory.
> 
> The same should apply to all the other "read-only ${HOME}/..." rules
> as well.

I've raised the question upstream what the intended behaviour of ${HOME}
is, whether is should apply to the private home as well or not.
I can imagine that one would also be interested in having ${HOME} rules
apply to the private directory. You could still have sensitive files
inside a private home directory that you want to protect from
processes running in there.

Kind regards,
  Reiner

Attachment: signature.asc
Description: PGP signature

Reply via email to