chromium: --private=<dir> not preserving cookies (browser config)

[c0d3z3r0]

Description

Chromium does not preserve cookies, sessions.

Steps to Reproduce

1. Run in bash LC_ALL=C firejail --private=/tmp/work --ignore=private-cache --profile=chromium chromium
2. Login to any service/website of your choice
3. Check cookies (F12 -> Application -> Cookie/Session storage)
4. Close browser
5. Run 1. again
6. Open website again
7. See that you're not logged in anymore (and you probably get cookie banners again)
8. Check previous session cookies are gone (F12 -> Application -> Cookie/Session storage)

Expected behavior

Cookies (and thus sesssions) should be preserved.

Actual behavior

Cookies (and thus sessions) get lost.

Behavior without a profile

Same.

Additional context

None.

Environment

• Linux distribution and version: Arch Linux
• Firejail version (firejail --version): 0.9.72

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail --private=/tmp/work --ignore=private-cache --profile=chromium chromium

Reading profile /etc/firejail/chromium.profile
Reading profile /etc/firejail/chromium.local
Reading profile /etc/firejail/chromium-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 4191504, child pid 4191505
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 167.62 ms
cat: /home/c0d3/.config/chromium-flags.conf: No such file or directory
[6:20:0307/114850.742181:ERROR:bus.cc(406)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied

(chromium:6): Gtk-WARNING **: 11:48:50.806: Theme parsing error: gtk.css:9228:21: Not using units is deprecated. Assuming 'px'.
[6:27:0307/114850.868273:ERROR:bus.cc(406)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:27:0307/114850.868302:ERROR:bus.cc(406)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:6:0307/114850.926580:ERROR:policy_logger.cc(154)] :components/enterprise/browser/controller/chrome_browser_cloud_management_controller.cc(163) Cloud management controller initialization aborted as CBCM is not enabled.
[6:6:0307/114851.072363:ERROR:object_proxy.cc(576)] Failed to call method: org.freedesktop.portal.Settings.Read: object_path= /org/freedesktop/portal/desktop: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.portal.Desktop was not provided by any .service files

Output of LC_ALL=C firejail --debug --private=/tmp/work --ignore=private-cache --profile=chromium chromium

https://gist.github.com/c0d3z3r0/504e70955bd848027538d9bbf8d8e426

[rusty-snake]

So permanent cookies get lost when restarting with --private=<dir> but other stuff like bookmarks are preserved, right?

[c0d3z3r0]

So permanent cookies get lost when restarting with --private=<dir> but other stuff like bookmarks are preserved, right?

Yes, correct. Bookmarks, settings, history are all fine. Even the cache gets preserved (with --ignore=private-cache).

[c0d3z3r0]

Oof, I had Clear cookies on close turned on per default... classic PEBCAK. Sorry for the noise!