Lately, I’ve taken to the use of Firejail to secure my system, in conjunction with the Grsecurity kernel as documented in the wiki. I think it’s a great way to keep Linux secure without large amounts of antivirus software and such.
For the most part, it has worked excellently for securing Firefox, Chromium, Thunderbird, Dropbox, Pidgin, and Transmission GTK. (all except dropbox I’ve set to run alongside firejail by default due to dropbox starting on login) I’ve noticed something of an irregularity however that I wonder if anyone has encounter before. In order to monitor my email, I have the Mail Watcher panel item on my XFCE panel with the command

[code]firejail thunderbird[/code]

set to execute upon clicking on it. When I do this, however, Thunderbird acts as if it is it’s first time being opened, wanting to run the “System Integration” check on startup, asking me what I want Thunderbird to be the default for. When run from the terminal, it produces this:

[code][[email protected] ~]$ firejail thunderbird
Reading profile /etc/firejail/thunderbird.profile
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 4267, child pid 4268
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Child process initialized
[calBackendLoader] Using libical backend at /home/chas/.thunderbird/pj74pyg8.default/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/libical-manifest
Warning: Use of getPrefSafe() is deprecated and will be removed with the next release. Use Preferences.get() instead.
1: [chrome://calendar/content/calUtils.js:471] getPrefSafe
2: [chrome://lightningcalendartabs/content/multiweek_tabs.js:39] LightningCalendarTabs.multiWeekTabs
3: [chrome://lightningcalendartabs/content/tabs.js:100] LightningCalendarTabs.tabsController.prototype.initializeTabControllers
4: [chrome://lightningcalendartabs/content/tabs.js:77] LightningCalendarTabs.tabsController.prototype.startup
5: [chrome://lightningcalendartabs/content/tabs.js:243] null[/code]

Now suppose I set Email, Newsgroups, and Feeds as defaults for Thunderbird, then click “Set Default.” The following occurs:

[code] ** (thunderbird:2): WARNING **: Cannot set application as default for URI scheme (mailto): Failed to rename file ‘/home/chas/.config/mimeapps.list.WXR9QY’ to ‘/home/chas/.config/mimeapps.list’: g_rename() failed: Device or resource busy

** (thunderbird:2): WARNING **: Cannot set application as default for URI scheme (news): Failed to rename file ‘/home/chas/.config/mimeapps.list.J6H8QY’ to ‘/home/chas/.config/mimeapps.list’: g_rename() failed: Device or resource busy

** (thunderbird:2): WARNING **: Cannot set application as default for URI scheme (feed): Failed to rename file ‘/home/chas/.config/mimeapps.list.IKQ7QY’ to ‘/home/chas/.config/mimeapps.list’: g_rename() failed: Device or resource busy[/code]

and the popup will remain having failed to set anything as the default. Clicking cancel allows the program to run as it normally would.

The only time this does not occur is when I open XFCE’s “Mail Reader” app to launch Thunderbird as opposed to the actual application. However, I suspect that is because I do not know how to use Firejail in conjunction with that or the “Web Browser” XFCE app (which I hope I can figure out soon, as it means that hyperlinks in Thunderbird open in unsecured Firefox browsers).

I have not found anything within the wiki or Firejail’s main page that gives some insight into this, nor did opening the existing profiles for the apps in question reveal anything that jumped out at me as a solution. I’m wondering if anyone else has encountered this before - a minor annoyance more than anything else, but I like it when things run properly.

Thanks!