-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firejail sandboxing broke in version 3.3.0 upon introduction of chrome-sandbox executable #168
Comments
I don't think so. Can you try other versions in the 3.1.1-3.5.0 range so we know more precisely with which version it stopped to work? Also set |
This 3.5.0 output looks relevant:
OTOH, it seems the file already has the recommended ownership and permissions:
update
The introduction of |
Thanks for the thoughtful report. It started to fail for you since v3.3.0 it's when the app got updated to Electron v5 which has OS-level sandbox enabled by default. This is, in general, a well-known issue which I was playing around with since early beta versions and I did a lot in order to make the app based on Electron v5 work stable and it normally does (the firejail case is the specific one). But firejail seems to ignore the SUID bit probably due to the security concerns. This is what you can try to do in order to tackle the issue:
Besides, consider using Snap package as it comes with built-in isolation features. Snap package, by the way, has |
Thanks for the suggestions. The I'll leave the issue open in case someone wants to document it. |
Closing as resolved. Comments are not blocked so one will be able to pop into in the case of a need. |
When I said someone might want to document it, I meant not here but in the user documents; so that other users could learn of the |
Referencing the issue with #146.
|
This is the command that successfully sandboxed EM ver. 3.1.1:
I jumped to version 3.5.0, and it no longer runs within firejail. It terminates immediately after launch with no output.
Is there a new directory that EM needs access to apart from
"$HOME"/.config/electron-mail
?The text was updated successfully, but these errors were encountered: