As far as the sandbox "firejail" is concerned I´ve encountered a phenomenon which isn´t completely clear to me.
My understanding has always been that whenever I start a programm/process in firejail that process is sandboxed. Fine, that´s clear.
I was also of the opinion that whenever that sandboxed process triggers another process that one is by default sandboxed, too.
This is the case e.g. when doing this:
"firejail thunderbird" and then clicking on a link within a mail.
So (in my case) firefox, which is my default browser, opens up and displays the website the link is referring to. Plus: firefox is sandboxed, too. I think this is what it should be like.
But:
whenever I statrt calibre with "firejail calibre", that one is sandboxed. O.K. That´s fine too.
Now for the tricky part: When trying to open a pdf-file within the sandoxed calibre my default pdf-reader (evince) fires up but isn´t sandboxed.
"firejail --tree" doesn´t list it, nor does firetools.
I also can shutdown calibre and evince (displaying) the pdf-file remains open.
Can you tell me anything about that phenomenon?
Tnx a lot in advance.
Rosika
