Firefox profiles versus Firejail profiles #6916
Replies: 4 comments 2 replies
-
|
Can you elaborate more on the manual approach that you are using? I am trying to figure out how to use Firejail with the new Firefox profiles and by new Firefox profiles I mean: Currently I am using something like this to launch Firefox with a specific profile: When I want to use a different Firefox profile, the last argument differs. But as you mentioned this approach has one drawback: each Firefox instance has access to ~/.mozilla/firefox directory so it has access to other profiles files. Using something like: On the other hand, when I tried to copy the content of |
Beta Was this translation helpful? Give feedback.
-
|
I can give only some short feedback at this time.
1) Instead of using --private-home use a combination of 'blacklist',
'noblacklist' (and 'whitelist'). These firejail directives are confusing
(maybe badly worded) so test the results using a dummy script that tries
to access files you want to restrict.
2) The new Firefox profiles system that you mention creates a single new
folder common to *ALL* profiles with an sqlite database for each. Look
and see if you have folder "~/.mozilla/firefox/Profile Groups/". At
least for now, it uses that data to be able to switch profiles from
inside firefox. If it can't see a database, it isn't supposed to be able
to switch to that profile, but it might try to recreate that database.
…On 2026-02-03 00:19, ejjej15034-lab wrote:
Can you elaborate more on the manual approach that you are using?
I am trying to figure out how to use Firejail with the new Firefox
profiles and by new Firefox profiles I mean:
[1]https://support.mozilla.org/en-US/kb/profile-management
Currently I am using something like this to launch Firefox with a
specific profile:
firejail /usr/bin/firefox --profile ~/.mozilla/firefox/9RKeflOr.2.\
profil/
When I want to use a different Firefox profile, the last argument
differs. But as you mentioned this approach has one drawback: each
Firefox instance has access to ~/.mozilla/firefox directory so it has
access to other profiles files.
Using something like:
firejail --private-home=~/.mozilla/firefox/BkIxAM32.1.\ profil/
/usr/bin/firefox --profile ~/.mozilla/firefox/BkIxAM32.1.\ profil/'
gives and error:
Error: only top files and directories in user home are allowed
On the other hand, when I tried to copy the content of
~/.mozilla/firefox/BkIxAM32.1.\ profil/ to a different directory and
use the given directory as argument then it seems to be fine for
Firejail but Firefox will not launch at all with some generic error
that "the profile cannot be loaded".
—
Reply to this email directly, [2]view it on GitHub, or [3]unsubscribe.
You are receiving this because you authored the thread. Message ID:
***@***.***>
References
1. https://support.mozilla.org/en-US/kb/profile-management
2. #6916 (comment)
3. https://github.com/notifications/unsubscribe-auth/AAOE3KA75A4E3DPWB74TSVL4KBK25AVCNFSM6AAAAACH2EYFAWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKNRYGA3TEOI
--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks for quick reply! But it seems that another workaround is to create separate directories and use them as /home for each separate Firefox. In other words:
Please correct me if I'm wrong but probably having a separate Firefox with a separate /home probably even removes the necessity to create a different Firefox profiles as already everything is separated because of the separate directories. |
Beta Was this translation helpful? Give feedback.
-
|
Sounds good, but I haven't tried it. Let me know how it works.
…On 2026-02-03 02:56, ejjej15034-lab wrote:
Thanks for quick reply!
Indeed, I have '~/.mozilla/firefox/Profile Groups/'
But it seems that another workaround is to create separate directories
and use them as /home for each separate Firefox. In other words:
mkdir ~/firefox-banking
mkdir ~/firefox-default
firejail --private=~/firefox-banking /usr/bin/firefox --new-instance
firejail --private=~/firefox-default /usr/bin/firefox --new-instance
Please correct me if I'm wrong but probably having a separate Firefox
with a separate /home probably even removes the necessity to create a
different Firefox profiles as already everything is separated because
of the separate directories.
—
Reply to this email directly, [1]view it on GitHub, or [2]unsubscribe.
You are receiving this because you authored the thread. Message ID:
***@***.***>
References
1. #6916 (reply in thread)
2. https://github.com/notifications/unsubscribe-auth/AAOE3KGJ54Y7W76G3QUUML34KB5EPAVCNFSM6AAAAACH2EYFAWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKNRYGI2TOMQ
--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0
|
Beta Was this translation helpful? Give feedback.
-
|
So far looks really good. You can of course create separate profiles inside this the given jail created with '--private' option, and then easily switch between them: I think this workaround is the true sandbox that we wanted > complete separation of profiles/instances, with no access to other profiles. The only downside that I see right now is that I need to create my new jails and profiles from scratch in newly created directories. Copying old profiles does not work. But this is not an issue. |
Beta Was this translation helpful? Give feedback.
-
|
Great to jnow. Thanks.
…On 2026-02-03 12:47, ejjej15034-lab wrote:
So far looks really good.
To be honest using separate /home directories with '--private' option
removes the necessity to create a different Firefox profiles as already
everything is separated because of the separate directories. From a
given Firefox instance you can access only the given /home which is
e.g. ~/firefox-banking. From inside this Firefox there is no access to
the default ~/.mozilla/firefox and profiles stored there.
You can of course create separate profiles inside this the given jail
created with '--private' option, and then easily switch between them:
firejail --private=~/.jails/firefox-default /usr/bin/firefox
--new-instance --profile
~/.config/mozilla/firefox/eqbS064q.default-release/
I think this workaround is the true sandbox that we wanted > complete
separation of profiles/instances, with no access to other profiles.
The only downside that I see right now is that I need to create my new
jails and profiles from scratch in newly created directories. Copying
old profiles does not work. But this is not an issue.
—
Reply to this email directly, [1]view it on GitHub, or [2]unsubscribe.
You are receiving this because you authored the thread. Message ID:
***@***.***>
References
1. #6916 (reply in thread)
2. https://github.com/notifications/unsubscribe-auth/AAOE3KED6IHUJBWFVLPZXJ34KECMJAVCNFSM6AAAAACH2EYFAWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTKNRYG43DGOA
--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi. This topic started as a question or feature request, but it needs to be preceded by a terminology observation.
Firejail refers to collections of rules as 'profiles'.
Firefox refer to isolated environments as 'profiles'.
So, when I did my due-diligence and attempted to search github issues and discussions regarding how to use firejail rules to control access to firefox profiles, the search engines all conflated the two meanings of 'profile' and gave me useless search results.
So, with that in mind, here's my discussion opener / issue / question / feature request:
Firefox users who care about their privacy (even if they are not using firejail at all) are apt to be using firefox (not firejail) profiles to isolate the access certain categories of websites have to the cookies and other browser information of other categories of websites. All the data for each profile is stored in a dedicated directory (for linux it ~/.mozilla/firefox/profiles/foo).
In order for firefox to function within a firejail sandbox, it needs access to the firefox profile directory being used, but has no legitimate reason to access the other firefox profile directories. In fact, if it is possible for a malicious web page or extension to read the contents of the .mozilla/firefox tree, it could snarf up any data from any other firefox profile.
While I don't have a proof-of-concept of a remote exploit for this, you can easily see this for yourself locally: 1) create a second firefox profile, if you don't already have one; 2) From within firefox, type Ctrl-o (open file); 3) Type Ctrl-h to reveal hidden folders; 4) Navigate to $HOME/.mozilla/firefox/profiles; 5) Enter the directory for the not-currently-being-used profile; 5) See, open, examine any file you like in that other firefox profile.
The way users typically select a firefox profile, AFAIK, is to run 'firefox -P' and select from the list. That's how I have been using it in conjunction with firejail. In such a case, there is no way for firejail to know in advance which firefox profile the user is going to select, so is there a way for firejail to get information during run-time of the sandbox to apply a new rule to that sandbox? In other words, somehow detect the users choice, and blacklist access to other firefox profiles.
It might be possible if firejail has a mechanism to observe the files being accessed by a process. Firejail could note the access to some contents of one of the firefox profile directories. That would definitely indicate the profile chosen by the user. Then the issue would be could firejail blacklist access to the sister directories during run time.
I'm not familiar with other browsers to know whether the issue is relevant beyond firefox, but even so, firefox and its forks are popular choices among privacy conscious people, so I thought it would be worth exploring this.
An alternative method
I can think of a work-around that seems to me ought to work but involves manual work for each and every firefox profile that any particular user has.
Create a separate .desktop file for each firefox profile
$ cd ~/.local/share/applications
$ cp firefox.desktop firefox-profile-{foo,bar}.desktop
Modify each desktop file to:
One disadvantage with this approach is that user lose the ability to launch firefox with a single keybinding. This could be avoided by associating the keybinding with a shell script that selects which .desktop file to run.
Beta Was this translation helpful? Give feedback.
All reactions