firefox: file picker is not sandboxed #6927
Description
Description
When using XDG file picker instead of the built-in file picker for Firefox, it is not sandboxed. It has access to files on the host filesystem. Consequently, selecting any file with it results in Firefox producing the error "no read permissions".
Expected behavior
I'm using xdg-desktop-portal-termfilechooser as the XDG file picker and it should be restricted to the same sandboxed filesystem that FIrefox sees and selecting files for Firefox should be possible. I've also tried GTK file picker and same issue.
Actual behavior
The file picker is not running in/on the sandbox filesystem. If I go to the address bar and type /home/rieje, I can confirm Firefox instance is sandboxed. If I Ctrl-o to launch the terminal file picker, it has access to my host filesystem, i.e. it's not sandboxed.
Behavior without a profile
Same behavior as above.
Additional context
To set up the terminal XDG file picker for Firefox, I'm using xdg-desktop-portal-termfilechooser) and running Alacritty terminal on Yazi file manager and followed its configuration, which involves. editing the following configs/scripts. I haven't done anything additional on firejail's side of things, not sure if they need to be whitelisted or how to best go about that.
~/.config/xdg-desktop-portal-termfilechooser/config~/.config/xdg-desktop-portal-termfilechooser/yazi-wrapper.sh~/.config/xdg-desktop-portal/portals.conf- executables under
/usr/share/xdg-desktop-portal-termfilechooser/
Changes to the config above requires restarting the services:
systemctl --user restart xdg-desktop-portal-termfilechooser.service
systemctl --user restart xdg-desktop-portal.service
With Firefox this about:config setting needs to be set: widget.use-xdg-desktop-portal.file-picker to 1 to use the XDG file picker.
If I run Firefox unsandboxed, the file picker works fine--it can pick files for Firefox because they both see the same filesystem. If Firefox is sandboxed and I don't use the XDG file picker and instead rely on the default file picker for Firefox, it can also pick files and sees only files in the sandbox as expected. I'm not sure if the issue is the XDG file picker escaping the sandbox or if it's somehow started outside the sandbox which would be surprising to me because my intuition is that anything started by sandboxed Firefox is a subprocess.
Environment
- Name/version/arch of the Linux kernel (
uname -srm): Linux 6.16.10-arch1-1 x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Arch Linux
- Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1,
mesa 1:24.3.3-2"): firefox 143.0.4-1 - Version of Firejail (
firejail --version): 0.9.76-1
Checklist
- The issues is caused by firejail (i.e. running the program by path (e.g.
/usr/bin/vlc) "fixes" it). - I can reproduce the issue without custom modifications (e.g. globals.local).
- The program has a profile. (If not, request one in
https://github.com/netblue30/firejail/issues/1139) - The profile (and redirect profile if exists) hasn't already been fixed upstream.
- I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of
browser-allow-drm yes/browser-disable-u2f noinfirejail.configto allow DRM/U2F in browsers.
- I'm aware of
- I used
--profile=PROFILENAMEto set the right profile. (Only relevant for AppImages)
Log
Output of LC_ALL=C firejail /path/to/program
Reading profile /etc/firejail/firefox.profile
Reading profile /home/rieje/.config/firejail/firefox.local
Reading profile /etc/firejail/allow-bin-sh.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-proc.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
firejail version 0.9.76
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 118750, child pid 118754
6 programs installed in 31.25 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning fcopy: cannot create symbolic link /etc/X11/xorg.conf.d/99-monitor-dpms.conf
Private /etc installed in 26.78 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Base filesystem installed in 22.29 ms
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Warning: Replacing profile instead of stacking it. It is a legacy behavior that can result in relaxation of the protection. It is here as a temporary measure to unbreak the software that has been broken by switching to the stacking behavior.
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 147.34 ms
[Parent 48, Main Thread] WARNING: Could not load a pixbuf from icon theme.
This may indicate that pixbuf loaders or the mime database could not be found.: 'glib warning', file /usr/src/debug/firefox/firefox-143.0.4/toolkit/xre/nsSigHandlers.cpp:201
(firefox:48): Gtk-WARNING **: 21:48:55.444: Could not load a pixbuf from icon theme.
This may indicate that pixbuf loaders or the mime database could not be found.
[GFX1-]: GFX: CanvasTranslator failed creating WebGL shared context
Relates to: