On 2021-03-02 01:29:19 +0100, Reiner Herrmann wrote: > I've raised the question upstream what the intended behaviour of ${HOME} > is, whether is should apply to the private home as well or not. > I can imagine that one would also be interested in having ${HOME} rules > apply to the private directory. You could still have sensitive files > inside a private home directory that you want to protect from > processes running in there.
I would have thought that the typical use is to create a directory, copy a minimum number of (non-confidential) files in it, and do all the dirty work in it via "firejail --private=". I do that for testing actively developed 3rd party software, and this needs something like "make install" each time the software is updated. If bin is read-only, this doesn't work. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)