github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #1574] firecfg: Remove DBusActivatable from .desktop files #1045

New issue
Closed
opened 2026-05-05 07:21:35 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 07:21:35 -06:00
Owner
Copy link

Originally created by @SkewedZeppelin on GitHub (Sep 23, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1574

Currently certain programs when launched do not spawn under Firejail and are unsandboxed. This can be simply fixed by removing DBusActivatable=true from their corresponding desktop file. firecfg already rewrites hardcoded paths in .desktop files so this should take too much to do.

This would allow the following applications to always launch sandboxed

  • gedit
  • totem
  • pithos
  • peek
  • baobab
  • nemo (not that its useful)
  • nautilus (^)

and these programs if they ever got profiles

  • gnome-screenshot
  • gnome-disks
  • cheese

and probably many more.

In the mean time, users can run the following command as a workaround

sudo sed -i "s|DBusActivatable=true|DBusActivatable=false|" /usr/share/applications/*.desktop
Originally created by @SkewedZeppelin on GitHub (Sep 23, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1574 Currently certain programs when launched do not spawn under Firejail and are unsandboxed. This can be simply fixed by removing `DBusActivatable=true` from their corresponding desktop file. firecfg already rewrites hardcoded paths in .desktop files so this should take too much to do. This would allow the following applications to always launch sandboxed - gedit - totem - pithos - peek - baobab - nemo (not that its useful) - nautilus (^) and these programs if they ever got profiles - gnome-screenshot - gnome-disks - cheese and probably many more. In the mean time, users can run the following command as a workaround ``` sudo sed -i "s|DBusActivatable=true|DBusActivatable=false|" /usr/share/applications/*.desktop ```
gitea-mirror 2026-05-05 07:21:35 -06:00
gitea-mirror commented 2026-05-05 07:21:39 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Sep 25, 2017):

We have a fix in. Before you try it, remove all the files from ~/.local/share/applications directory.

<!-- gh-comment-id:331855417 --> @netblue30 commented on GitHub (Sep 25, 2017): We have a fix in. Before you try it, remove all the files from ~/.local/share/applications directory.
gitea-mirror commented 2026-05-05 07:21:41 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Sep 25, 2017):

Thanks! It seems a bit broken however...

  • It seems to have regressed in that there are a few programs with hardcoded paths that it didn't fix: remmina, xonotic*
  • And it also doesn't seem to detect DBusActivatable in all of them and only fixed 3 out of 6 of them: missing totem, pithos, peek
<!-- gh-comment-id:331872888 --> @SkewedZeppelin commented on GitHub (Sep 25, 2017): Thanks! It seems a bit broken however... - It seems to have regressed in that there are a few programs with hardcoded paths that it didn't fix: remmina, xonotic* - And it also doesn't seem to detect DBusActivatable in all of them and only fixed 3 out of 6 of them: missing totem, pithos, peek
gitea-mirror commented 2026-05-05 07:21:43 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Sep 25, 2017):

Print the exec and dbus lines creating problems here. I tried pithos on debian stable, it doesn't have the dbus line. What distro are you using?

<!-- gh-comment-id:331885269 --> @netblue30 commented on GitHub (Sep 25, 2017): Print the exec and dbus lines creating problems here. I tried pithos on debian stable, it doesn't have the dbus line. What distro are you using?
gitea-mirror commented 2026-05-05 07:21:44 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Sep 25, 2017):

Here are all the .desktops that are having issues
https://gist.github.com/SpotComms/e94c7c9275f7c30921c55f8cde9e9365

And Pithos only got DBusActivatable recently, abdadf9fae

<!-- gh-comment-id:331887664 --> @SkewedZeppelin commented on GitHub (Sep 25, 2017): Here are all the .desktops that are having issues https://gist.github.com/SpotComms/e94c7c9275f7c30921c55f8cde9e9365 And Pithos only got DBusActivatable recently, https://github.com/pithos/pithos/commit/abdadf9fae8afe40f4594154943596dc4017d1af
gitea-mirror commented 2026-05-05 07:21:47 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Sep 25, 2017):

I think I got all of them, thanks for the files. Try again and we'll do another round of fixes if necessary.

<!-- gh-comment-id:331916069 --> @netblue30 commented on GitHub (Sep 25, 2017): I think I got all of them, thanks for the files. Try again and we'll do another round of fixes if necessary.
gitea-mirror commented 2026-05-05 07:21:49 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Sep 25, 2017):

It works!

<!-- gh-comment-id:331922917 --> @SkewedZeppelin commented on GitHub (Sep 25, 2017): It works!
gitea-mirror commented 2026-05-05 07:21:49 -06:00
Author
Owner
Copy link

@reagentoo commented on GitHub (Sep 5, 2024):

$ grep -ri DBusActivatable /usr/share/applications/
/usr/share/applications/org.gnome.Terminal.Preferences.desktop:DBusActivatable=false
/usr/share/applications/org.gnome.Calendar.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Boxes.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Characters.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.DiskUtility.desktop:DBusActivatable=true
/usr/share/applications/ca.desrt.dconf-editor.desktop:DBusActivatable=true
/usr/share/applications/io.bassi.Amberol.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.TextEditor.desktop:DBusActivatable=false
/usr/share/applications/org.gnome.font-viewer.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Screenshot.desktop:DBusActivatable=true
/usr/share/applications/de.haeckerfelix.Fragments.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Ptyxis.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Extensions.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Maps.desktop:DBusActivatable=true
/usr/share/applications/io.github.celluloid_player.Celluloid.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Shell.PortalHelper.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Builder.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Weather.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.clocks.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Software.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Nautilus.desktop:DBusActivatable=true
/usr/share/applications/org.gnome.Console.desktop:DBusActivatable=true

Any new workarounds in 2k24?

<!-- gh-comment-id:2331786502 --> @reagentoo commented on GitHub (Sep 5, 2024): ``` $ grep -ri DBusActivatable /usr/share/applications/ /usr/share/applications/org.gnome.Terminal.Preferences.desktop:DBusActivatable=false /usr/share/applications/org.gnome.Calendar.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Boxes.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Characters.desktop:DBusActivatable=true /usr/share/applications/org.gnome.DiskUtility.desktop:DBusActivatable=true /usr/share/applications/ca.desrt.dconf-editor.desktop:DBusActivatable=true /usr/share/applications/io.bassi.Amberol.desktop:DBusActivatable=true /usr/share/applications/org.gnome.TextEditor.desktop:DBusActivatable=false /usr/share/applications/org.gnome.font-viewer.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Screenshot.desktop:DBusActivatable=true /usr/share/applications/de.haeckerfelix.Fragments.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Ptyxis.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Extensions.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Maps.desktop:DBusActivatable=true /usr/share/applications/io.github.celluloid_player.Celluloid.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Shell.PortalHelper.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Builder.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Weather.desktop:DBusActivatable=true /usr/share/applications/org.gnome.clocks.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Software.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Nautilus.desktop:DBusActivatable=true /usr/share/applications/org.gnome.Console.desktop:DBusActivatable=true ``` Any new workarounds in 2k24?
gitea-mirror commented 2026-05-05 07:21:50 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Sep 5, 2024):

  • Your list contains a lot of programs w/o profile.
  • This issue is closed.
  • This issue is old.
  • The open bug (#2624) is about not detecting all .desktop files.

Any new workarounds in 2k24?

sed "s/DBusActivatable=true/DBusActivatable=false/g"

<!-- gh-comment-id:2331797862 --> @rusty-snake commented on GitHub (Sep 5, 2024): - Your list contains a lot of programs w/o profile. - This issue is closed. - This issue is old. - The open bug (#2624) is about not detecting all .desktop files. > Any new workarounds in 2k24? `sed "s/DBusActivatable=true/DBusActivatable=false/g"`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1045
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?