Just installed firejail on Ubuntu 16.04 (version 0.9.38) and according to this linux-magazine article, by default it should make R/O the entire filesystem:
The programs in the sandbox have only read access to all directories and are thus unable to manipulate any important files.
Now, I tried the following on my computer:
touch /disk5/test.txtfirejail gvim /disk5/test.txt- modify the file and save it (
wq!) cat /disk5/test.txt- does display changes done by gvim during firejail session!
Is this expected behaviour? Wasn't firejail supposed to protect me from overwriting the original file? What have I done wrong? Please note that /disk5 is mounted in the root filesystem, outside of my /home.
Raised a bug on github
No comments:
Post a Comment