Adding a global modifier (net=eth0) to all firejails

[Futureknows]

How can I add a global parameter to all launched firejails?
In my case I want everything to open with --net=eth0.

I tried adding a line net=eth0 to /etc/firejail/default.profile, /etc/firejail/default.local and /etc/firejail/globals.local. No luck. Do I need to sudo firecfg to rebuild symlinks?

[Fred-Barclay]

Try net eth0 in /etc/firejail/globals.local (the same thing as what you did without the =).

[Futureknows]

I did that but it didn't take, I don't see /etc/firejail/globals.local being parsed during Firefox launch.
Below is list of profiles that get read by default.

[user@localhost ~]$ firejail firefox
Reading profile /usr/local/etc/firejail/firefox.profile
Reading profile /usr/local/etc/firejail/firefox-common.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc

[Fred-Barclay]

Oh -- firejial is in /usr/local/ for you. So instead, put net none in /usr/local/etc/firejail/globals.local.

Also are there files in /etc/firejail? You maybe should remove them if so. Firejail in your case will be reading from /usr/local/etc/firejail/, not /etc/firejail/.

[chiraag-nataraj]

@Fred-Barclay Probably a bad idea to remove them manually, since those are probably installed by a package manager. It's better to uninstall the package or just leave the files alone - leaving the package installed has the benefit that you'll know when a new version of firejail is released (and can uninstall the local version then should you want to do so).

[Futureknows]

Thanks, I had installed from a package manager then updated several versions manually leaving traces everywhere. I removed firejail then deleted every firejail* trace from the system. Compiled and installed latest and now I have one odd problem: firecfg works fine as user but sudo firecfg says firecfg not found.

[Fred-Barclay]

What do where firecfg and firecfg --version say?

[Futureknows]

Both Firejail and Firecfg report 0.9.55.

[user@localhost ~]$ sudo firecfg [sudo] password for user: sudo: firecfg: command not found [user@localhost ~]$ firecfg Error: cannot set the symbolic links in /usr/local/bin The proper way to run this command is "sudo firecfg".

[Fred-Barclay]

@Futureknows What is the output of where firecfg?

[Futureknows]

[user@localhost ~]$ where firecfg bash: where: command not found
[user@localhost ~]$ sudo where firecfg [sudo] password for user: sudo: where: command not found

I see firecfg in /usr/local/bin

[Fred-Barclay]

Sorry -- whereis firefox. Looks like I've been using Windows a bit too much! 😄

[Futureknows]

[user@localhost ~]$ whereis firefox firefox: /usr/bin/firefox /usr/lib64/firefox /etc/firefox /usr/local/bin/firefox /usr/share/man/man1/firefox.1.gz

[Fred-Barclay]

And... I messed up again. What does whereis firecfg say?

[Futureknows]

user@Mint ~ $ whereis firecfg firecfg: /usr/local/bin/firecfg

[Futureknows]

Ok, you fixed it! After I ran sudo /usr/local/bin/firecfg, it fixed the symlink.
Now it works as expected without the full path (`sudo firecfg')