如果我运行以下命令:
firejail brave-browser
然后尝试在浏览器中访问文件(例如上传文件时),Brave 仍然可以访问我的整个主文件夹。
通常 Firejail 不会发生这种情况。我用 Firefox 尝试过,它只允许访问该~/Downloads文件夹。
我已经验证 Firejail 正在运行firejail --list:
18974:daniel::firejail /usr/bin/brave-browser-stable
所以我不确定问题是什么。完全相同的命令适用于 Firefox,那么为什么它不使用 Brave 隐藏文件呢?
环境
- 操作系统:Pop!_OS 21.04
- GNOME 版本:3.38.5
- Brave浏览器:v1.29.81(安装
apt)
环境
/etc/firejail/brave.profile
# Firejail profile for brave
# Description: Web browser that blocks ads and trackers by default.
# This file is overwritten after every install/update
# Persistent local customizations
include brave.local
# Persistent global definitions
include globals.local
# noexec /tmp is included in chromium-common.profile and breaks Brave
ignore noexec /tmp
# TOR is installed in ${HOME}
ignore noexec ${HOME}
noblacklist ${HOME}/.cache/BraveSoftware
noblacklist ${HOME}/.config/BraveSoftware
noblacklist ${HOME}/.config/brave
noblacklist ${HOME}/.config/brave-flags.conf
# brave uses gpg for built-in password manager
noblacklist ${HOME}/.gnupg
mkdir ${HOME}/.cache/BraveSoftware
mkdir ${HOME}/.config/BraveSoftware
mkdir ${HOME}/.config/brave
whitelist ${HOME}/.cache/BraveSoftware
whitelist ${HOME}/.config/BraveSoftware
whitelist ${HOME}/.config/brave
whitelist ${HOME}/.config/brave-flags.conf
whitelist ${HOME}/.gnupg
# Brave sandbox needs read access to /proc/config.gz
noblacklist /proc/config.gz
# Redirect
include chromium-common.profile
/etc/firejail/brave-browser.profile
# Firejail profile alias for brave
# This file is overwritten after every install/update
# Persistent local customizations
include brave-browser.local
# Redirect
include brave.profile
答案1
检查/etc/firejail- 所有配置文件都在那里。 Firefox 很可能使用自己的特定配置文件,同时brave-browser使用允许完全访问的通用配置文件$HOME。
使用firefox勇敢的配置文件可能不起作用,因为它们的配置目录不同。您可能应该从以下开始,chromium.profile因为这些浏览器使用相同的源。
其实已经有一个简介了。
请尝试以这种方式运行浏览器:
firejail --profile=/etc/firejail/brave.profile brave-browser-stable