[SOLVED] Does Firejail sudo command effective in this special case ??
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    932

    Does Firejail sudo command effective in this special case ??

    Hi.

    Currently I'm using WineHQ according to this super secure installation guide:
    https://forums.fedoraforum.org/showt...tion-amp-Usage

    Please notice the following about this method:

    1) WineHQ binaries ownership & permissions all are changed so that WineHQ are owned by a special user account (WineHQ are isolated totally in special new user account)

    2) the special new user account is completely rootless (have no su nor sudo nor PolcyKit power).

    My question case is: I like to add additional layer of security by using Firejail. Firejail certainly can never ever be installed from Wine special account because it need sudo to be installed. So, I'm only able to install Firejail from within my 1st user account which I created during fresh installation & have all root powers including su.

    But to make Firejail's profile of WineHQ I need the following command:

    sudo firecfg --clean && sudo ln -s /usr/bin/firejail /usr/local/bin/wine

    the above command is to make WineHQ only sanbox WineHQ not other application.

    So, does the above command (or "sudo firecfg" which make WineHQ sandbox all supported application not only Wine) will take effect on WineHQ ? When I run "sudo dnf remove wine" or sudo dnf upgrade wine" from my 1st user account they working. But the Firejail commands that I asking about them deal with sandbox for a package binaries owned by only special user account & not by all accounts on system (Windows application inside my 1st user account can not make use of Wine to run at all).

    Frankly specking I did not installed Firejail till now because I'm not sure about the answer of this question & due to the fact that Firejail should installed by downloading external package (not available in repositories I'm hesitated to install it before being sure about answer of this question.

    Best.
    Fedora 28 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  2. #2
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    932
    Linux (Fedora) Firefox 61.0

    Re: Does Firejail sudo command effective in this special case ??

    Hi. Issue solved as following:

    you can supper-add power of Firejail to the power of this approach by:
    - install Firejail:
    sudo dnf install firejail
    - then you can either (a) activate all Firejail’s profiles:
    sudo firecfg
    sudo firecfg --add-usrs wineuser
    or (b) activate only Firejail’s profile of WineHQ:
    sudo firecfg --clean
    sudo ln -s /usr/bin/firejail /usr/local/bin/wine
    sudo firecfg --add-users wineuser
    Fedora 28 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

Similar Threads

  1. Permissions - Special Case
    By leojau in forum Security and Privacy
    Replies: 8
    Last Post: 19th July 2012, 07:39 AM
  2. Help needed configuring special case of xorg.conf
    By Mathijs in forum Hardware & Laptops
    Replies: 1
    Last Post: 24th July 2008, 12:45 PM
  3. How to run command with sudo
    By fw12 in forum Using Fedora
    Replies: 12
    Last Post: 16th April 2008, 05:09 PM
  4. sudo command failed
    By pengyou12345 in forum Using Fedora
    Replies: 1
    Last Post: 24th March 2006, 10:20 PM
  5. Special case of routing module needed!
    By woosting in forum Servers & Networking
    Replies: 8
    Last Post: 3rd June 2005, 12:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •