I have defined the following:
whitelist /home/user/.mozilla/firefox/
noblacklist /home/user/.mozilla/firefox/
blacklist /home
However I get: ls: cannot access '/home/user/.mozilla/firefox': Permission denied
If I try
blacklist /home
whitelist /home/user/.mozilla/firefox/
I get the same message: permission denied.
A similar issue occurs with the /etc folder. The entire /etc folder is accessible under the jail. And yes I am aware of the '--private-etc' option, but this is not what I am testing right now ...
If I try to whitelist just one folder, I get:
Error: invalid whitelist path /etc/subfolder
Error: cannot establish communication with the parent, exiting...
I can succesfully blacklist for example /etc/subfolder. If I try ls -lA /etc/subfolder, I get:
ls: cannot open directory '/etc/bind': Permission denied
However, when I try "ls -lA /etc/", /etc/bind is still listed in the output. Also, I don't seem to be able to blacklist the entire /etc folder and then whitelist some subfolders within /etc.
With firejail, how can I restrict access to a folder but allow access to selected subforders, i.e :
- restrict access to /home except the ~/.mozilla/firefox subfolder?
- restrict access to /etc except the /etc/abc subfolder?
By "restrict access", I mean all non-whitelisted folders and files being made "invisible" within the jail.