Chromium with --private=<dir> not preserving cookies, sessions

Question

Chromium with --private=<dir> not preserving cookies, sessions

c0d3z3r0 opened this issue 3 months ago · comments

Michael Niewöhner commented 3 months ago

Description

Chromium does not preserve cookies, sessions.

Steps to Reproduce

Run in bash LC_ALL=C firejail --private=/tmp/work --ignore=private-cache --profile=chromium chromium
Login to any service/website of your choice
Check cookies (F12 -> Application -> Cookie/Session storage)
Close browser
Run 1. again
Open website again
See that you're not logged in anymore (and you probably get cookie banners again)
Check previous session cookies are gone (F12 -> Application -> Cookie/Session storage)

Expected behavior

Cookies (and thus sesssions) should be preserved.

Actual behavior

Cookies (and thus sessions) get lost.

Behavior without a profile

Same.

Additional context

None.

Environment

Linux distribution and version: Arch Linux
Firejail version (firejail --version): 0.9.72

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail --private=/tmp/work --ignore=private-cache --profile=chromium chromium

Reading profile /etc/firejail/chromium.profile
Reading profile /etc/firejail/chromium.local
Reading profile /etc/firejail/chromium-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 4191504, child pid 4191505
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 167.62 ms
cat: /home/c0d3/.config/chromium-flags.conf: No such file or directory
[6:20:0307/114850.742181:ERROR:bus.cc(406)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied

(chromium:6): Gtk-WARNING **: 11:48:50.806: Theme parsing error: gtk.css:9228:21: Not using units is deprecated. Assuming 'px'.
[6:27:0307/114850.868273:ERROR:bus.cc(406)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:27:0307/114850.868302:ERROR:bus.cc(406)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:6:0307/114850.926580:ERROR:policy_logger.cc(154)] :components/enterprise/browser/controller/chrome_browser_cloud_management_controller.cc(163) Cloud management controller initialization aborted as CBCM is not enabled.
[6:6:0307/114851.072363:ERROR:object_proxy.cc(576)] Failed to call method: org.freedesktop.portal.Settings.Read: object_path= /org/freedesktop/portal/desktop: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.portal.Desktop was not provided by any .service files

Output of LC_ALL=C firejail --debug --private=/tmp/work --ignore=private-cache --profile=chromium chromium

https://gist.github.com/c0d3z3r0/504e70955bd848027538d9bbf8d8e426

rusty-snake · Answer 1 · Thu Mar 07 2024 19:17:52 GMT+0800 (China Standard Time)

So permanent cookies get lost when restarting with --private=<dir> but other stuff like bookmarks are preserved, right?

Michael Niewöhner · Answer 2 · Thu Mar 07 2024 19:21:11 GMT+0800 (China Standard Time)

So permanent cookies get lost when restarting with --private=<dir> but other stuff like bookmarks are preserved, right?

Yes, correct. Bookmarks, settings, history are all fine. Even the cache gets preserved (with --ignore=private-cache).

Michael Niewöhner · Answer 3 · Thu Mar 07 2024 19:31:11 GMT+0800 (China Standard Time)

Oof, I had Clear cookies on close turned on per default... classic PEBCAK. Sorry for the noise!