Hi Reiner, On 2022-12-10 18:48:39 +0100, Reiner Herrmann wrote: > Debugging tools that have dependencies (like in your example gdb -> python3) > need to be handled additionally (either by asking gdb to not use the > python3 extensions, or by adding parameters that whitelist it). > > With the following command line I was able to get a gdb shell: > > $ firejail --allow-debuggers --include=/etc/firejail/allow-python3.inc > > --profile=firefox gdb > > [...] > > (gdb)
However, this is not a good solution from a security point of view. There's a difference between allowing Python completely and just embedding in some given application. This could also be an issue in gdb. There should be a way to disable Python, or have Python automatically disabled when not available. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
