Support

 

If you run into problems, leave your questions anywhere on this site, or on our GitHub bug tracker. Also check our Frequently Asked Questions and Known Problems pages.

 

Get involved

Firejail is a project developed by volunteers from all around the world. You are welcome to join us on GitHub. All contributions are welcome: ideas, feature requests, patches, documentation, bug reports, complaints.

 

Bug reports

Bug reports are vital for making Firejail a robust and capable application. Please use the comment section on any page on this site, or the facilities provided by GitHub.

All security bugs in Firejail are taken seriously and should be reported by emailing netblue30@yahoo.com

Advertisements

115 thoughts on “Support

  1. Jules

    Following the update to Firejail 0.9.46, I can’t use Quiterss with Firejail. I’m on Arch and using Quiterss 0.18.4. Quiterss runs fine when not under Firejail – and before the update, it ran successfully under Firejail.

    Here’s the error message I now get:
    ====
    Reading profile /etc/firejail/quiterss.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-programs.inc
    Reading profile /etc/firejail/disable-passwdmgr.inc
    Reading profile /etc/firejail/disable-devel.inc
    Warning: noroot option is not available
    Reading profile /etc/firejail/whitelist-common.inc
    Parent pid 8087, child pid 8088
    Warning: /sbin directory link was not blacklisted
    Warning: /usr/sbin directory link was not blacklisted
    Blacklist violations are logged to syslog
    Child process initialized in 250.57 ms
    terminate called after throwing an instance of ‘std::bad_alloc’
    what(): std::bad_alloc

    Parent is shutting down, bye…
    ====
    Any thoughts, assistance, advice would be most appreciated.

    Cheers,
    Jules

    Like

    Reply
  2. totalizator

    I have been using firejail just for the sake of –interface=tun0 –defaultgw=10.1.1.2 –dns=8.8.8.8 (badvpn/tuntap) and after the last update (0.9.46-1 I believe) my app stopped working, complaining about access permissions. When I launch it with –noprofile it works as expected – I have my app using separate, socks based network interface. Can I know what has changed regarding this “issue”?

    Like

    Reply
    1. netblue30 Post author

      Could be something in the profile for your application. The best way to debug it is to go in /etc/firejail/app.profile (the specific application profile file there) and comment out the lines one by one. I assume one of the m is creating the problem, probably “protocol” line.

      Liked by 1 person

      Reply
  3. Jens

    Hi!

    I want to supply a solution to a strange problem with sound not working in Firefox. I have been searching for days on this problem which I get in Apparmor when using Firejail and Apparmor at the same time (no problem if I only use Firejail or only use Apparmor):

    apparmor=”DENIED” operation=”connect” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/lib/firefox/firefox{,*[^s][^h]}” name=”run/user/1000/pulse/native” pid=4636 comm=4D65646961506C7E6261636B202333 requested_mask=”wr” denied_mask=”wr” fsuid=1000 ouid=1000

    I have followed the modifications on this site and tried both older and newer versions of Firejail without any luck. The solution was to change the Firefox Apparmor profile from:

    /usr/lib/firefox/firefox{,*[^s][^h]} {

    to:

    /usr/lib/firefox/firefox{,*[^s][^h]} flags=(attach_disconnected) {

    I don’t understand what this is doing but I found it from a similar problem here:

    https://github.com/netblue30/firejail/issues/1015

    I hope this can help someone.

    /Jens

    Like

    Reply
  4. Mario

    Hi,

    I am using firejail for sandboxing dolphin and found an interresting problem with that, because it works the first time dolphin is started, but not anymore if I try to start dolphin again (while the first instance of the program is still running; if the first process ends, it’s possible to again start a new dolphin). That’s the messages printed to Konsole when dolphin fails to start:
    ————————-
    firejail /usr/bin/dolphin
    Reading profile /etc/firejail/dolphin.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-programs.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/disable-passwdmgr.inc
    Warning: noroot option is not available
    Parent pid 4745, child pid 4746
    Warning: /sbin directory link was not blacklisted
    Warning: /usr/sbin directory link was not blacklisted
    Child process initialized in 66.40 ms
    “Couldn’t register name ‘org.kde.dolphin-3’ with DBUS – another process owns it already!”

    Parent is shutting down, bye…
    ————————-
    What does work is to navigate dolphin to /usr/bin and to click the dolphin executable.

    I tried to change dolphin.profile but without success. Is there away to make firejail reuse the sandbox if an instance of a program is already running?

    Thank you for your work

    Regards

    Like

    Reply
    1. netblue30 Post author

      > Couldn’t register name ‘org.kde.dolphin-3’ with DBUS – another process owns it already!

      First time you start Dolphin, even if you close the window, Dolphin remains running in the background. The second time you start it, the new instance detects the first instance and it sends a message to it, after that the second instance shuts down, and the first instance should open the file manager window.

      Like

      Reply
  5. Mario

    Excuse me, I just discovered that my reply has not been published.

    However I had a second look into the problem. Dolphin is not a single process application her and it always creates a new name ord.kde.dolphin-, e.g. org.kde.dolphin-17554

    Inside firejail PIDs seem to have another namespace starting again with 3. Thats the problem… My solution for now is to not firejail dolphin.

    Any ideas?

    Like

    Reply
    1. netblue30 Post author

      Indeed, you seem to be right. I just installed a Kubuntu 17.04 and put Firejail on it. Then I integrate Firejail into the desktop by running “sudo firecfg”. I go to KDE menu and click on Dolphin. It is sandboxed automatically, however it seems to start some other processes in the background. These processes are running outside the sandbox and are not closed when you close Dolophin. I believe they are started by systemd or a similar mechanism.

      In Kubuntu 17.04 I don’t get the error you mentioned (Couldn’t register name ‘org.kde.dolphin-3’ with DBUS). What distribution are you using?

      Like

      Reply
      1. Mario

        Oh, many thanks for your effort… I didn’t expect you to install a new distribution for this problem…

        May I ask you to try to run 2 instances of dolphin at the same time using Konsole? When you try to start the first instance everything should work. When trying the second instance (while the first is still running!), no new window should appear (at least that’s the problem here on my systems), and the error message above should be printed to stdout (or stderr, I don’t know) on Konsole…

        To answer your questions: I am using Manjaro Linux (arch-based, rolling release) with all patches applied.

        What I have here as well, is a process file.so which seems to implement the KIO file protocol for local file access and is started by kdeinit5, which itself is started by systemd. None of these processes is firejailed. I consider this another problem, I think the only solution would be to also firejail kdeinit5…?

        Like

  6. Mario

    Corrections: 2nd paragraph, 2nd sentence should be:

    Dolphin is not a single process application here and it always creates a new name ord.kde.dolphin-PID, e.g. org.kde.dolphin-17554

    Regards

    Like

    Reply
  7. Guido Gonzato

    Hello, I’d like to report that firejail somehow interferes with LXD (https://linuxcontainers.org/lxd/) initial configuration. I ran “lxd init”, entered default values, and LXD initialization failed when it tried to create the default network bridge.
    I fiddled around to try and fix the problem; no results. Eventually, I uninstalled firejail, re-ran “lxd init”, and voila: it worked. I then reinstalled firejail and everything works fine.
    I suggest that you document and/or fix this strange problem. Thanks a lot for firejail!

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s