Firejail seems uneffective

Hello all,
since few time I noticed that firejail, while appear to work well, it doesn’t.

From my config

programs.firejail.enable = true

In the past running

firejail firefox

give a sandboxed firefox, with an empty home directory etc now seems to give NO sandbox. I can see all my files in my home etc. No error seems to be reported. Adding --private does not change behavior.

Is something change in default policies? Any idea?

Thanks

– Ingmar

programs.firejail = {
enable = true;
wrappedBinaries = {
firefox = “${lib.getBin pkgs.firefox}/bin/firefox”;
};
};
security.wrappers = {
firejail = {
source = “${pkgs.firejail}/bin/firejail”;
owner = “root”;
group = “wheel”;
setuid = true;
setguid = true;
};
};

I think the security.wrappers = ... setting is not needed because it’s already set up by programs.firejail.enable.

Anyway the wrappedBinaries option could use an example which is added by this PR.

Hy,
thanks for reply I’ve discover in the end what happen, and it’s
still an issue, but of a different kind: I’ve change my home
path from /home/user to /user, and in that case firejail ignore
the proper home location. Both from $HOME and NixOS config
users.extraUsers.“user”.home options.

I think a firejail policy change is needed to correct that…

– Ingmar