github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #1594] Problem with private-tmp in okular and libreoffice profiles #1063

New issue
Closed
opened 2026-05-05 07:23:45 -06:00 by gitea-mirror · 48 comments
gitea-mirror commented 2026-05-05 07:23:45 -06:00
Owner
Copy link

Originally created by @curiosity-seeker on GitHub (Oct 7, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1594

I cannot open attached documents in Thunderbird when private-tmp is activated in okular.profile and libreoffice.profile, hence I added ignore private-tmpto my individual profiles. Note that I've set xdg-open as helper application for each file type.

But am I really the only one affected by this? If not, this rule would break important functionalities for many users.

Originally created by @curiosity-seeker on GitHub (Oct 7, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1594 I cannot open attached documents in Thunderbird when `private-tmp` is activated in okular.profile and libreoffice.profile, hence I added `ignore private-tmp`to my individual profiles. Note that I've set xdg-open as helper application for each file type. But am I really the only one affected by this? If not, this rule would break important functionalities for many users.
gitea-mirror 2026-05-05 07:23:45 -06:00
gitea-mirror commented 2026-05-05 07:23:49 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Oct 7, 2017):

I can't duplicate this - using the default thunderbird profile, I can open files in libreoffice.

Are you using the default thunderbird profile and the latest firejail? The tbird profile has ignore private-tmp already.

<!-- gh-comment-id:334948284 --> @Fred-Barclay commented on GitHub (Oct 7, 2017): I can't duplicate this - using the default thunderbird profile, I can open files in libreoffice. Are you using the default thunderbird profile and the latest firejail? The tbird profile has `ignore private-tmp` already.
gitea-mirror commented 2026-05-05 07:23:50 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 7, 2017):

Reproducible for me. Try with the following in okular.local

ignore private-tmp
whitelist /tmp/mozilla_curiosity-seeker0
whitelist /tmp/.X11-unix

and replace curiosity-seeker with your actual user name
(paths edited)

<!-- gh-comment-id:334967558 --> @smitsohu commented on GitHub (Oct 7, 2017): Reproducible for me. Try with the following in okular.local ``` ignore private-tmp whitelist /tmp/mozilla_curiosity-seeker0 whitelist /tmp/.X11-unix ``` and replace curiosity-seeker with your actual user name (paths edited)
gitea-mirror commented 2026-05-05 07:23:52 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 8, 2017):

@Fred-Barclay : Yes, I know that the tbird profile already cpntains that rule but the problem is with the okular and libreoffice profiles.

@smitsohu : Indeed, I'm getting an error that /tmp/mozilla_user0/... doesn't exist. However, ignore private-tmp is sufficient for me in both profiles, the other two rules are not needed here.

So the question is - as @Fred-Barclay couldn't reproduce - if the problem is widespread enough to justify commenting private-tmp in both profiles.

<!-- gh-comment-id:334996726 --> @curiosity-seeker commented on GitHub (Oct 8, 2017): @Fred-Barclay : Yes, I know that the tbird profile already cpntains that rule but the problem is with the okular and libreoffice profiles. @smitsohu : Indeed, I'm getting an error that `/tmp/mozilla_user0/...` doesn't exist. However, `ignore private-tmp` is sufficient for me in both profiles, the other two rules are not needed here. So the question is - as @Fred-Barclay couldn't reproduce - if the problem is widespread enough to justify commenting `private-tmp` in both profiles.
gitea-mirror commented 2026-05-05 07:23:53 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 8, 2017):

@curiosity-seeker if codeblock works for you, it gets you as close as possible to what private-tmp offers security-wise, while still permitting what you intend to do

A related side note: pdf reader evince has private-tmp commented out for compatibility with firefox since 84230c5ed4, and the same was later added to its forks atril and xreader by analogy. Is this still relevant? In my hands the pdf readers always run inside the firefox sandbox, and if xdg-open doesn't add new justification to keep private-tmp commented, I'd propose reenabling it across all pdf readers

edit: also note that the firefox profile has a private-tmp option, which should prevent data exchange through the real /tmp directory

<!-- gh-comment-id:335000717 --> @smitsohu commented on GitHub (Oct 8, 2017): @curiosity-seeker if codeblock works for you, it gets you as close as possible to what `private-tmp` offers security-wise, while still permitting what you intend to do A related side note: pdf reader evince has `private-tmp` commented out for compatibility with firefox since 84230c5ed4a507f4262ab764475eab962624e032, and the same was later added to its forks atril and xreader by analogy. Is this still relevant? In my hands the pdf readers always run inside the firefox sandbox, and if xdg-open doesn't add new justification to keep `private-tmp` commented, I'd propose reenabling it across all pdf readers edit: also note that the firefox profile has a `private-tmp` option, which should prevent data exchange through the real /tmp directory
gitea-mirror commented 2026-05-05 07:23:55 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 8, 2017):

@smitsohu

if codeblock works for you, it gets you as close as possible to what private-tmp offers security-wise, while still permitting what you intend to do

You mean including the 2 whitelist rules? Yes, it works for me. (I've taken care that it is above disable-common.inc as that one contains noexec /tmp/.X11-unix). Nevertheless, the question remains what to do if many users are also affected. Default profiles should not break such things.

A related side note: pdf reader evince has private-tmp commented out for compatibility with firefox since 84230c5, and the same was later added to its forks atril and xreader by analogy. Is this still relevant? In my hands the pdf readers always run inside the firefox sandbox, and if xdg-open doesn't add new justification to keep private-tmp commented, I'd propose reenabling it across all pdf readers

Sorry, I'm a bit confused. Why do you propose reenabling private-tmp for all pdf readers when this setting breaks functionalities for, at least, okular ?

<!-- gh-comment-id:335002449 --> @curiosity-seeker commented on GitHub (Oct 8, 2017): @smitsohu > if codeblock works for you, it gets you as close as possible to what private-tmp offers security-wise, while still permitting what you intend to do You mean including the 2 whitelist rules? Yes, it works for me. (I've taken care that it is above disable-common.inc as that one contains `noexec /tmp/.X11-unix`). Nevertheless, the question remains what to do if many users are also affected. Default profiles should not break such things. > A related side note: pdf reader evince has private-tmp commented out for compatibility with firefox since 84230c5, and the same was later added to its forks atril and xreader by analogy. Is this still relevant? In my hands the pdf readers always run inside the firefox sandbox, and if xdg-open doesn't add new justification to keep private-tmp commented, I'd propose reenabling it across all pdf readers Sorry, I'm a bit confused. Why do you propose reenabling `private-tmp` for all pdf readers when this setting breaks functionalities for, at least, okular ?
gitea-mirror commented 2026-05-05 07:23:56 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 8, 2017):

@curiosity-seeker it seems you overlooked the

... if xdg-open doesn't add new justification to keep private-tmp commented ...

part. In the end the question is to which degree we want to support xdg-open. I suppose this issue is not limited to thunderbird, there should be the same issue with firefox, too.

Btw, if noexec is important to you, don't forget to explicitly noexec /tmp/mozilla_user0

<!-- gh-comment-id:335003802 --> @smitsohu commented on GitHub (Oct 8, 2017): @curiosity-seeker it seems you overlooked the > ... if xdg-open doesn't add new justification to keep private-tmp commented ... part. In the end the question is to which degree we want to support xdg-open. I suppose this issue is not limited to thunderbird, there should be the same issue with firefox, too. Btw, if noexec is important to you, don't forget to explicitly `noexec /tmp/mozilla_user0`
gitea-mirror commented 2026-05-05 07:23:57 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 8, 2017):

Ah, yes, sorry, I had overlooked that, indeed!

<!-- gh-comment-id:335004147 --> @curiosity-seeker commented on GitHub (Oct 8, 2017): Ah, yes, sorry, I had overlooked that, indeed!
gitea-mirror commented 2026-05-05 07:23:58 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 8, 2017):

I've just tried again to not use xdg-open but set okular itself as the helper application for pdf files in Thunderbird. Result: above codeblock is not needed - but okular now runs as as a child process of the firejailed thunderbird (which it does not if xdg-open is used - okular is running as its own firejailed process).

So what's preferable security-wise?

When running as a child process it has full access to ~/.thunderbird. I'm not sure that I want that. As a general rule I don't like running helper applications as child processes as this undermines the security provided by the respective fine-tuned profiles for them.

BTW: I also don't use the default thunderbird.profile as it includes firefox.profile. In other words, Thunderbird has full access to ~/.mozilla. This is unfortunate, IMHO.

<!-- gh-comment-id:335004865 --> @curiosity-seeker commented on GitHub (Oct 8, 2017): I've just tried again to not use xdg-open but set okular itself as the helper application for pdf files in Thunderbird. Result: above codeblock is **not** needed - but okular now runs as as a child process of the firejailed thunderbird (which it does **not** if xdg-open is used - okular is running as its own firejailed process). So what's preferable security-wise? When running as a child process it has full access to ~/.thunderbird. I'm not sure that I want that. As a general rule I don't like running helper applications as child processes as this undermines the security provided by the respective fine-tuned profiles for them. BTW: I also don't use the default thunderbird.profile as it includes firefox.profile. In other words, Thunderbird has full access to ~/.mozilla. This is unfortunate, IMHO.
gitea-mirror commented 2026-05-05 07:23:59 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Oct 8, 2017):

@curiosity-seeker

above codeblock is not needed - but okular now runs as as a child process of the firejailed thunderbird (which it does not if xdg-open is used - okular is running as its own firejailed process).

Ah - that's what I was missing. I didn't know xdg-open spawned programs into a separate sandbox, hence my thinking that the ignore private-tmp in thunderbird's profile was enough. 😄

<!-- gh-comment-id:335012429 --> @Fred-Barclay commented on GitHub (Oct 8, 2017): @curiosity-seeker > above codeblock is not needed - but okular now runs as as a child process of the firejailed thunderbird (which it does not if xdg-open is used - okular is running as its own firejailed process). Ah - that's what I was missing. I didn't know xdg-open spawned programs into a separate sandbox, hence my thinking that the `ignore private-tmp` in thunderbird's profile was enough. 😄
gitea-mirror commented 2026-05-05 07:24:00 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 8, 2017):

Fred, yes, that's an important difference, IMO. I remember that I've read here in other issues that using xdg-open is a possible security threat. Sure, that's not completely ruled out if another (malicious?) application changes the defaults to un-sandboxed (and possibly malicious) applications. But I wonder how big that risk really is - I consider it very small.

A bigger risk, IMO, is that - as I wrote above - a helper application running as a child process can manipulate, e.g., my Thunderbird or Firefox profiles if it opens malicious data. If it were running in its own process tightly confined by its profile this would hardly be possible - but now it is. That's why I prefer the xdg-open variant as the risk is smaller.

That's just my 2 cents. Implementing this philosophy would require changes in several profiles as exemplarily discussed above. And we would have to convince Firejail users somehow to use xdg-open in, e.g., Thunderbird.

<!-- gh-comment-id:335023546 --> @curiosity-seeker commented on GitHub (Oct 8, 2017): Fred, yes, that's an important difference, IMO. I remember that I've read here in other issues that using xdg-open is a possible security threat. Sure, that's not completely ruled out if another (malicious?) application changes the defaults to un-sandboxed (and possibly malicious) applications. But I wonder how big that risk really is - I consider it very small. A bigger risk, IMO, is that - as I wrote above - a helper application running as a child process can manipulate, e.g., my Thunderbird or Firefox profiles if it opens malicious data. If it were running in its own process tightly confined by its profile this would hardly be possible - but now it is. That's why I prefer the xdg-open variant as the risk is smaller. That's just my 2 cents. Implementing this philosophy would require changes in several profiles as exemplarily discussed above. And we would have to convince Firejail users somehow to use xdg-open in, e.g., Thunderbird.
gitea-mirror commented 2026-05-05 07:24:01 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Oct 8, 2017):

I see. And the (potential) issue with xdg-open if I'm understanding it correctly is that it seems to require a shell, grep, and egrep for any use, as well as other utilities for specialised use. We'd have to add those to all private-bin filters.

<!-- gh-comment-id:335035508 --> @Fred-Barclay commented on GitHub (Oct 8, 2017): I see. And the (potential) issue with xdg-open if I'm understanding it correctly is that it seems to require a shell, grep, and egrep for any use, as well as other utilities for specialised use. We'd have to add those to all private-bin filters.
gitea-mirror commented 2026-05-05 07:24:02 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 8, 2017):

@Fred-Barclay yes, and we probably have to disable private-tmp in some places, or keep it disabled.

But a general question: Is it possible the issues with private-tmp exist only on KDE? I remember I have seen it on KDE, but just noted that I have trouble reproducing it on Mate.

<!-- gh-comment-id:335042193 --> @smitsohu commented on GitHub (Oct 8, 2017): @Fred-Barclay yes, and we probably have to disable `private-tmp` in some places, or keep it disabled. But a general question: Is it possible the issues with `private-tmp` exist only on KDE? I remember I have seen it on KDE, but just noted that I have trouble reproducing it on Mate.
gitea-mirror commented 2026-05-05 07:24:03 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 9, 2017):

@curiosity-seeker I believe xdg-open delegates work to KIO on KDE (via kde-open). If that's right, it is the reason why Okular is launched outside the sandbox (see #1599), where in your case it is again confined by Firejail, now with a tailored profile.

In a way that's nice, because the most dangerous part about email is attachments, and the default Okular profile denies internet access, access to emails, browser profiles... But at the bottom I think it is a security flaw itself.

In the context of xdg-open, I didn't see sandbox escapes outside KDE (please correct me). This means that also issues with private-tmp should be limited to xdg-open on KDE, and further the helper application must be set to run in Firejail automatically.

<!-- gh-comment-id:335272585 --> @smitsohu commented on GitHub (Oct 9, 2017): @curiosity-seeker I believe xdg-open delegates work to KIO on KDE (via kde-open). If that's right, it is the reason why Okular is launched outside the sandbox (see #1599), where in your case it is again confined by Firejail, now with a tailored profile. In a way that's nice, because the most dangerous part about email is attachments, and the default Okular profile denies internet access, access to emails, browser profiles... But at the bottom I think it is a security flaw itself. In the context of xdg-open, I didn't see sandbox escapes outside KDE (please correct me). This means that also issues with `private-tmp` should be limited to xdg-open on KDE, and further the helper application must be set to run in Firejail automatically.
gitea-mirror commented 2026-05-05 07:24:04 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 13, 2017):

@smitsohu : Thanks for your comments and your commit! Unfortunately I'm on a trip abroad and cannot test it - but I will certainly when I'm back.

<!-- gh-comment-id:336442390 --> @curiosity-seeker commented on GitHub (Oct 13, 2017): @smitsohu : Thanks for your comments and your commit! Unfortunately I'm on a trip abroad and cannot test it - but I will certainly when I'm back.
gitea-mirror commented 2026-05-05 07:24:06 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 15, 2017):

@curiosity-seeker yes, please try it out when you have time :)

<!-- gh-comment-id:336720554 --> @smitsohu commented on GitHub (Oct 15, 2017): @curiosity-seeker yes, please try it out when you have time :)
gitea-mirror commented 2026-05-05 07:24:07 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 20, 2017):

@smitsohu : I must admit that I'm a bit confused and I'm not sure what to make of all this. As I wrote in #1599 there is no sandbox escape of okular for me.

Regarding helper applications in Thunderbird your commit doesn't change the behavior mentioned above: if okular or libreoffice are started via xdg-open they are launched in their own firejailed processes, otherwise they are launched as sub-processes of Thunderbird. The latter is a security risk and I don't want that.

In a way that's nice, because the most dangerous part about email is attachments, and the default Okular profile denies internet access, access to emails, browser profiles... But at the bottom I think it is a security flaw itself.

Hm - why exactly? As long as there is no private-bin line in the (Thunderbird) profile, everything in, e.g., /usr/bin can be executed including xdg-open. Does this really qualify as a sandbox escape?

In the context of xdg-open, I didn't see sandbox escapes outside KDE (please correct me).

I can't comment on that as I'm a die-hard KDE user. What is the exact behavior in Gnome if you set xdg-open and, alternatively, Evince as helper applications in Thunderbird?

<!-- gh-comment-id:338190894 --> @curiosity-seeker commented on GitHub (Oct 20, 2017): @smitsohu : I must admit that I'm a bit confused and I'm not sure what to make of all this. As I wrote in #1599 there is no sandbox escape of okular for me. Regarding helper applications in Thunderbird your [commit](https://github.com/netblue30/firejail/commit/d9ba74da220680ed019461a7b832ae1e61798b1f) doesn't change the behavior mentioned above: if okular or libreoffice are started via xdg-open they are launched in their own firejailed processes, otherwise they are launched as sub-processes of Thunderbird. The latter is a security risk and I don't want that. > In a way that's nice, because the most dangerous part about email is attachments, and the default Okular profile denies internet access, access to emails, browser profiles... But at the bottom I think it is a security flaw itself. Hm - why exactly? As long as there is no private-bin line in the (Thunderbird) profile, everything in, e.g., /usr/bin can be executed including xdg-open. Does this really qualify as a sandbox escape? > In the context of xdg-open, I didn't see sandbox escapes outside KDE (please correct me). I can't comment on that as I'm a die-hard KDE user. What is the exact behavior in Gnome if you set xdg-open and, alternatively, Evince as helper applications in Thunderbird?
gitea-mirror commented 2026-05-05 07:24:08 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 20, 2017):

Can you try starting Thunderbird with --blacklist /run/user/$UID/bus, and then open a pdf attachment through xdg-open? This with Firejail from git.

There shouldn't be an escape... if Okular still escapes, our picture is not complete yet.

<!-- gh-comment-id:338257827 --> @smitsohu commented on GitHub (Oct 20, 2017): Can you try starting Thunderbird with `--blacklist /run/user/$UID/bus`, and then open a pdf attachment through xdg-open? This with Firejail from git. There shouldn't be an escape... if Okular still escapes, our picture is not complete yet.
gitea-mirror commented 2026-05-05 07:24:09 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 20, 2017):

Okay, I added blacklist /run/user/$UID/bus to my Thunderbird profile.

With the symlink for okular it starts as its own firejailed process.
Without the symlink it starts unsandboxed.

<!-- gh-comment-id:338266652 --> @curiosity-seeker commented on GitHub (Oct 20, 2017): Okay, I added `blacklist /run/user/$UID/bus` to my Thunderbird profile. **With** the symlink for okular it starts as its own firejailed process. **Without** the symlink it starts unsandboxed.
gitea-mirror commented 2026-05-05 07:24:11 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 20, 2017):

Hmmm.

In case you pasted blacklist /run/user/$UID/bus, could I ask you to try again with blacklist /run/user/1000/bus? Sorry for the trouble.

<!-- gh-comment-id:338296287 --> @smitsohu commented on GitHub (Oct 20, 2017): Hmmm. In case you pasted `blacklist /run/user/$UID/bus`, could I ask you to try again with `blacklist /run/user/1000/bus`? Sorry for the trouble.
gitea-mirror commented 2026-05-05 07:24:11 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 20, 2017):

I did that and in both cases (with and without the symlink) okular starts as a sub-process of the firejailed Thunderbird. Interesting! But it's not what I prefer.

<!-- gh-comment-id:338303397 --> @curiosity-seeker commented on GitHub (Oct 20, 2017): I did that and in both cases (with and without the symlink) okular starts as a sub-process of the firejailed Thunderbird. Interesting! But it's not what I prefer.
gitea-mirror commented 2026-05-05 07:24:12 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 21, 2017):

To me this discussion leads to 2 questions:

  1. How is the situation on Gnome, Mate, Xfc etc.? Does this problem also exist in those DEs?
  2. Is there a workaround for the problems mentioned in Fred's comment?
<!-- gh-comment-id:338384515 --> @curiosity-seeker commented on GitHub (Oct 21, 2017): To me this discussion leads to 2 questions: 1. How is the situation on Gnome, Mate, Xfc etc.? Does this problem also exist in those DEs? 2. Is there a workaround for the problems mentioned in Fred's [comment](https://github.com/netblue30/firejail/issues/1594#issuecomment-335035508)?
gitea-mirror commented 2026-05-05 07:24:13 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 24, 2017):

@curiosity-seeker you are doing it right IMO. Attachments are the dangerous thing, so it makes sense to loosen a bit the sandbox of the email client (permit D-Bus), if the helper application runs then in a much tighter sandbox.
I would think twice before doing the same with a browser though.

How is the situation on Gnome, Mate, Xfc etc.? Does this problem also exist in those DEs?

I tried with Gnome, Mate, Cinnamon, Xfce. It seems to be a KDE peculiarity.

Is there a workaround for the problems mentioned in Fred's comment?

from #1386, adding something like xdg-open,sh,grep,egrep,kde-open* to private-bin should help. Adding the helper application itself is not necessary as long as there is D-Bus.

But back to the original issue: In light of all of this, what do we do with private-tmp? Currently we support use cases like yours for some pdf readers, but maybe we should do it only for Okular (as the KDE default)? Or we add Okular to the list to have more or less all stock readers covered? I would hesitate to remove private-tmp beyond this, but I'm curious if there are other opinions.

<!-- gh-comment-id:338841691 --> @smitsohu commented on GitHub (Oct 24, 2017): @curiosity-seeker you are doing it right IMO. Attachments are the dangerous thing, so it makes sense to loosen a bit the sandbox of the email client (permit D-Bus), if the helper application runs then in a much tighter sandbox. I would think twice before doing the same with a browser though. > How is the situation on Gnome, Mate, Xfc etc.? Does this problem also exist in those DEs? I tried with Gnome, Mate, Cinnamon, Xfce. It seems to be a KDE peculiarity. > Is there a workaround for the problems mentioned in Fred's comment? from #1386, adding something like `xdg-open,sh,grep,egrep,kde-open*` to private-bin should help. Adding the helper application itself is not necessary as long as there is D-Bus. But back to the original issue: In light of all of this, what do we do with private-tmp? Currently we support use cases like yours for some pdf readers, but maybe we should do it only for Okular (as the KDE default)? Or we add Okular to the list to have more or less all stock readers covered? I would hesitate to remove private-tmp beyond this, but I'm curious if there are other opinions.
gitea-mirror commented 2026-05-05 07:24:14 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Oct 24, 2017):

In my opinion it's best to move TMPDIR inside user $HOME, i.e. ~/.cache/tmp by setting TMPDIR= environment variable and add this directory to global whitelist while leaving private-tmp untouched. It somewhat middle-ground as It's more secure than having system wide TMPDIR and it doesn't cause breakages when two applications want to share the same temporary file.

<!-- gh-comment-id:338946378 --> @Vincent43 commented on GitHub (Oct 24, 2017): In my opinion it's best to move `TMPDIR` inside user `$HOME`, i.e. `~/.cache/tmp` by setting `TMPDIR=` environment variable and add this directory to global whitelist while leaving `private-tmp` untouched. It somewhat middle-ground as It's more secure than having system wide `TMPDIR` and it doesn't cause breakages when two applications want to share the same temporary file.
gitea-mirror commented 2026-05-05 07:24:15 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 25, 2017):

@smitsohu : I'm glad that you agree.

I tried with Gnome, Mate, Cinnamon, Xfce. It seems to be a KDE peculiarity.

How is the behavior if you set Evince as the helper application in Thunderbird? Does it also execute as a sub-process like Okular?

Any opinion about @Vincent43 's suggestion?

<!-- gh-comment-id:339390022 --> @curiosity-seeker commented on GitHub (Oct 25, 2017): @smitsohu : I'm glad that you agree. > I tried with Gnome, Mate, Cinnamon, Xfce. It seems to be a KDE peculiarity. How is the behavior if you set Evince as the helper application in Thunderbird? Does it also execute as a sub-process like Okular? Any opinion about @Vincent43 's suggestion?
gitea-mirror commented 2026-05-05 07:24:16 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Oct 25, 2017):

To be clear, my suggestion is about local system configuration. Nothing to do on firejail side except rationale for keeping private-tmp enabled in profiles.

<!-- gh-comment-id:339443358 --> @Vincent43 commented on GitHub (Oct 25, 2017): To be clear, my suggestion is about local system configuration. Nothing to do on firejail side except rationale for keeping `private-tmp` enabled in profiles.
gitea-mirror commented 2026-05-05 07:24:17 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 25, 2017):

@Vincent43 thanks for your suggestion! It is actually possible to do everything in firejail... add to thunderbird.local:

mkdir ~/.cache/tmp
env TMPDIR=~/.cache/tmp

and whitelist ~/.cache/tmp to /etc/firejail/whitelist-common.local, and you're set to bring back private-tmp to thunderbird and your pdf-reader.

Part of the feature description, but still noteworthy: Opened attachments are then visible to more or less all concurrently running (firejailed or not) processes. Also, if thunderbird crashes, /tmp is tidied upon reboot, whereas ~/.cache/tmp is not.

@curiosity-seeker Yes, evince ends up in the same sandbox as thunderbird, not in its own.

<!-- gh-comment-id:339480675 --> @smitsohu commented on GitHub (Oct 25, 2017): @Vincent43 thanks for your suggestion! It is actually possible to do everything in firejail... add to thunderbird.local: ``` mkdir ~/.cache/tmp env TMPDIR=~/.cache/tmp ``` and `whitelist ~/.cache/tmp` to /etc/firejail/whitelist-common.local, and you're set to bring back `private-tmp` to thunderbird and your pdf-reader. Part of the feature description, but still noteworthy: Opened attachments are then visible to more or less all concurrently running (firejailed or not) processes. Also, if thunderbird crashes, /tmp is tidied upon reboot, whereas ~/.cache/tmp is not. @curiosity-seeker Yes, evince ends up in the same sandbox as thunderbird, not in its own.
gitea-mirror commented 2026-05-05 07:24:17 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 26, 2017):

It would be possible to take it one step further and blacklist/noblacklist ~/.cache/tmp.

If we added noblacklist only to the pdf reader profiles, we reached today's level of xdg-open support... and could bring back private-tmp in several places :)

What about having in thunderbird.profile something like:

# only KDE: if xdg-open is used to handle email attachments, uncomment the following lines. pdf readers
# work out of the box, for other applications add 'noblacklist ~/.cache/tmp' to their firejail profiles
# mkdir ~/.cache/tmp
# env TMPDIR=~/.cache/tmp
<!-- gh-comment-id:339510164 --> @smitsohu commented on GitHub (Oct 26, 2017): It would be possible to take it one step further and blacklist/noblacklist ~/.cache/tmp. If we added noblacklist only to the pdf reader profiles, we reached today's level of xdg-open support... and could bring back private-tmp in several places :) What about having in thunderbird.profile something like: ``` # only KDE: if xdg-open is used to handle email attachments, uncomment the following lines. pdf readers # work out of the box, for other applications add 'noblacklist ~/.cache/tmp' to their firejail profiles # mkdir ~/.cache/tmp # env TMPDIR=~/.cache/tmp ```
gitea-mirror commented 2026-05-05 07:24:18 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 26, 2017):

@smitsohu : Unfortunately this does not work for me. I added those two lines to my Thunderbird profile and `noblacklist ~/.cache/tmp to the Okular profile (although this should not be necessary as that folder is not blacklisted in any *.inc file) but I got an error in Okular:

Could not open file:///home/hank/cache/tmp/...

Perhaps I'm missing something trivial ... ?

EDIT: I had forgotten to add whitelist ~/.cache/tmp to my Thunderbird profile (as it's a whitelisted profile). It works now as expected! I will further investigate.

EDIT2: I can confirm that Okular works even after re-enabling private-tmp in its profile.

EDIT3: It also works for LibreOffice after adding whitelist ~/.cache/tmp to my tightened whitelisted profile (and re-enabling private-tmp). In the default libreoffice.profile noblacklist ~/.cache/tmp should work.

<!-- gh-comment-id:339668872 --> @curiosity-seeker commented on GitHub (Oct 26, 2017): @smitsohu : Unfortunately this does not work for me. I added those two lines to my Thunderbird profile and `noblacklist ~/.cache/tmp to the Okular profile (although this should not be necessary as that folder is not blacklisted in any *.inc file) but I got an error in Okular: ` Could not open file:///home/hank/cache/tmp/...` Perhaps I'm missing something trivial ... ? EDIT: I had forgotten to add `whitelist ~/.cache/tmp` to my Thunderbird profile (as it's a whitelisted profile). It works now as expected! I will further investigate. EDIT2: I can confirm that Okular works even after re-enabling `private-tmp` in its profile. EDIT3: It also works for LibreOffice after adding `whitelist ~/.cache/tmp` to my tightened _whitelisted_ profile (and re-enabling `private-tmp`). In the _default_ libreoffice.profile `noblacklist ~/.cache/tmp` should work.
gitea-mirror commented 2026-05-05 07:24:19 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Oct 26, 2017):

You can also add whitelist ~/.cache/tmpto /etc/firejail/whitelist-common.local instead of adding it to each profile and assuming that you include whitelist-common.inc in your profiles.

The same you can add env TMPDIR=/home/username/.cache/tmp to /etc/firejail/globals.local.

<!-- gh-comment-id:339703169 --> @Vincent43 commented on GitHub (Oct 26, 2017): You can also add `whitelist ~/.cache/tmp`to `/etc/firejail/whitelist-common.local` instead of adding it to each profile and assuming that you include `whitelist-common.inc` in your profiles. The same you can add `env TMPDIR=/home/username/.cache/tmp` to `/etc/firejail/globals.local`.
gitea-mirror commented 2026-05-05 07:24:20 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 26, 2017):

You can also add whitelist ~/.cache/tmpto /etc/firejail/whitelist-common.local instead of adding it to each profile and assuming that you include whitelist-common.inc in your profiles.

Yes, but this works only for whitelisted profiles. For example, default libreoffice.profile is not a whitelisted profile, hence whitelist-common.local cannot be used.

The same you can add env TMPDIR=~/.cache/tmp to /etc/firejail/globals.local.

I don't think that I want that as I prefer to restrict access for specific applications only. I rather add blacklist ~/.cache/tmp to globals.local and add noblacklist or whitelist rules whereever needed.

<!-- gh-comment-id:339710931 --> @curiosity-seeker commented on GitHub (Oct 26, 2017): > You can also add whitelist ~/.cache/tmpto /etc/firejail/whitelist-common.local instead of adding it to each profile and assuming that you include whitelist-common.inc in your profiles. Yes, but this works only for whitelisted profiles. For example, default libreoffice.profile is not a whitelisted profile, hence whitelist-common.local cannot be used. > The same you can add env TMPDIR=~/.cache/tmp to /etc/firejail/globals.local. I don't think that I want that as I prefer to restrict access for specific applications only. I rather add `blacklist ~/.cache/tmp` to globals.local and add noblacklist or whitelist rules whereever needed.
gitea-mirror commented 2026-05-05 07:24:21 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 27, 2017):

Hm - whenever I add TMPDIR=~/.cache/tmp to the Thunderbird profile, HTML emails are no longer displayed. Any idea why?

<!-- gh-comment-id:339978815 --> @curiosity-seeker commented on GitHub (Oct 27, 2017): Hm - whenever I add `TMPDIR=~/.cache/tmp` to the Thunderbird profile, HTML emails are no longer displayed. Any idea why?
gitea-mirror commented 2026-05-05 07:24:22 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Oct 27, 2017):

Works for me. What's your thunderbird.profile?

<!-- gh-comment-id:340010480 --> @Vincent43 commented on GitHub (Oct 27, 2017): Works for me. What's your `thunderbird.profile`?
gitea-mirror commented 2026-05-05 07:24:23 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 27, 2017):

Voilà:

noblacklist ~/.gnupg
mkdir ~/.gnupg
whitelist ~/.gnupg

noblacklist ~/.thunderbird
mkdir ~/.thunderbird
whitelist ~/.thunderbird

noblacklist ~/.cache/thunderbird
mkdir ~/.cache/thunderbird
whitelist ~/.cache/thunderbird

whitelist ~/.config/mimeapps.list
read-only ~/.config/mimeapps.list
whitelist ~/.local/share/applications
read-only ~/.local/share/applications

whitelist ${HOME}/Downloads
whitelist ${HOME}/Uploads

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

include /etc/firejail/whitelist-common.inc
include /etc/firejail/whitelist-var-common.inc

caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
netfilter
seccomp
tracelog

private-dev

private-tmp

shell none

# only KDE: if xdg-open is used to handle email attachments, uncomment the following lines. pdf readers
# work out of the box, for other applications add 'noblacklist ~/.cache/tmp' to their firejail profiles
noblacklist ~/.cache/tmp
mkdir ~/.cache/tmp
whitelist ~/.cache/tmp
env TMPDIR=~/.cache/tmp


#blacklist /run/user/1000/bus

noexec ${HOME}
noexec /tmp
<!-- gh-comment-id:340042652 --> @curiosity-seeker commented on GitHub (Oct 27, 2017): Voilà: ``` noblacklist ~/.gnupg mkdir ~/.gnupg whitelist ~/.gnupg noblacklist ~/.thunderbird mkdir ~/.thunderbird whitelist ~/.thunderbird noblacklist ~/.cache/thunderbird mkdir ~/.cache/thunderbird whitelist ~/.cache/thunderbird whitelist ~/.config/mimeapps.list read-only ~/.config/mimeapps.list whitelist ~/.local/share/applications read-only ~/.local/share/applications whitelist ${HOME}/Downloads whitelist ${HOME}/Uploads include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc caps.drop all netfilter nonewprivs noroot protocol unix,inet,inet6,netlink netfilter seccomp tracelog private-dev private-tmp shell none # only KDE: if xdg-open is used to handle email attachments, uncomment the following lines. pdf readers # work out of the box, for other applications add 'noblacklist ~/.cache/tmp' to their firejail profiles noblacklist ~/.cache/tmp mkdir ~/.cache/tmp whitelist ~/.cache/tmp env TMPDIR=~/.cache/tmp #blacklist /run/user/1000/bus noexec ${HOME} noexec /tmp ```
gitea-mirror commented 2026-05-05 07:24:24 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Oct 27, 2017):

I tried your config and HTML emails are displayed correctly. Maybe it's thunderbird config issue, you can try with fresh profile.

<!-- gh-comment-id:340095045 --> @Vincent43 commented on GitHub (Oct 27, 2017): I tried your config and HTML emails are displayed correctly. Maybe it's thunderbird config issue, you can try with fresh profile.
gitea-mirror commented 2026-05-05 07:24:25 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 28, 2017):

@Vincent43 : You're right, it works for me,too. I made a silly mistake, sorry :-(

So - should this issue be closed? It's fixed for me but I don't know if it should be kept open in order to possibly adjust specific profiles accordingly.

<!-- gh-comment-id:340166528 --> @curiosity-seeker commented on GitHub (Oct 28, 2017): @Vincent43 : You're right, it works for me,too. I made a silly mistake, sorry :-( So - should this issue be closed? It's fixed for me but I don't know if it should be kept open in order to possibly adjust specific profiles accordingly.
gitea-mirror commented 2026-05-05 07:24:27 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 28, 2017):

Ok, maybe we fix it conservatively for now, add a comment to thunderbird and disable private-tmp in okular?
Feeling is rather that private-tmp can go back to all other pdf readers... xdg-open is broken in firefox already since quite some time because of the private-tmp there.

<!-- gh-comment-id:340185713 --> @smitsohu commented on GitHub (Oct 28, 2017): Ok, maybe we fix it conservatively for now, add a comment to thunderbird and disable private-tmp in okular? Feeling is rather that `private-tmp` can go back to all other pdf readers... xdg-open is broken in firefox already since quite some time because of the `private-tmp` there.
gitea-mirror commented 2026-05-05 07:24:28 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 28, 2017):

Ok, maybe we fix it conservatively for now, add a comment to thunderbird and disable private-tmp in okular?

Yes, I think that's a good proposal. Just don't forget to add whitelist ~/.cache/tmp to that comment as the Thunderbird profile is a whitelisted profile.

Feeling is rather that private-tmp can go back to all other pdf readers... xdg-open is broken in firefox already since quite some time because of the private-tmp there.

I'm not sure that I understand. Firefox with private-tmp is properly launched via xdg-open here.

<!-- gh-comment-id:340187848 --> @curiosity-seeker commented on GitHub (Oct 28, 2017): > Ok, maybe we fix it conservatively for now, add a comment to thunderbird and disable private-tmp in okular? Yes, I think that's a good proposal. Just don't forget to add `whitelist ~/.cache/tmp` to that comment as the Thunderbird profile is a whitelisted profile. > Feeling is rather that private-tmp can go back to all other pdf readers... xdg-open is broken in firefox already since quite some time because of the private-tmp there. I'm not sure that I understand. Firefox with private-tmp is properly launched via xdg-open here.
gitea-mirror commented 2026-05-05 07:24:29 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Oct 28, 2017):

I'm not sure that I understand. Firefox with private-tmp is properly launched via xdg-open here.

The same issue that you had with thunderbird exists with firefox. Also there you can use xdg-open to handle pdfs, ...

<!-- gh-comment-id:340188082 --> @smitsohu commented on GitHub (Oct 28, 2017): > I'm not sure that I understand. Firefox with private-tmp is properly launched via xdg-open here. The same issue that you had with thunderbird exists with firefox. Also there you can use xdg-open to handle pdfs, ...
gitea-mirror commented 2026-05-05 07:24:29 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Oct 28, 2017):

Ah, yes, I see. I didn't think of this as pdf files are usually opened in the built-in pdf reader. But if it comes to, e.g., doc files (-> libreoffice) this is relevant, indeed.

<!-- gh-comment-id:340209217 --> @curiosity-seeker commented on GitHub (Oct 28, 2017): Ah, yes, I see. I didn't think of this as pdf files are usually opened in the built-in pdf reader. But if it comes to, e.g., doc files (-> libreoffice) this is relevant, indeed.
gitea-mirror commented 2026-05-05 07:24:30 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Nov 6, 2017):

I've noticed only now that when using above profile - i.e. with env TMPDIR=~/.cache/tmp - print preview and accessing my printer is broken in Thunderbird. Commenting this rule solves the problem.

<!-- gh-comment-id:342205787 --> @curiosity-seeker commented on GitHub (Nov 6, 2017): I've noticed only now that when using [above](https://github.com/netblue30/firejail/issues/1594#issuecomment-340042652) profile - i.e. with `env TMPDIR=~/.cache/tmp` - print preview and accessing my printer is broken in Thunderbird. Commenting this rule solves the problem.
gitea-mirror commented 2026-05-05 07:24:31 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Nov 6, 2017):

Try with absolute path:

env TMPDIR=/home/curiosity-seeker/.cache/tmp

<!-- gh-comment-id:342289848 --> @Vincent43 commented on GitHub (Nov 6, 2017): Try with absolute path: `env TMPDIR=/home/curiosity-seeker/.cache/tmp`
gitea-mirror commented 2026-05-05 07:24:31 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Nov 7, 2017):

Wow - that change solved the problem, indeed! I didn't expect that. Do you have an explanation?

<!-- gh-comment-id:342558833 --> @curiosity-seeker commented on GitHub (Nov 7, 2017): Wow - that change solved the problem, indeed! I didn't expect that. Do you have an explanation?
gitea-mirror commented 2026-05-05 07:24:33 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Nov 7, 2017):

Non-absolute env variables aren't properly resolved, i.e. env TMPDIR=~/.cache/tmp gives you literally TMPDIR=~/.cache/tmp instead of TMPDIR=/home/username/.cache/tmp which is garbage.

You can test it yourself:

firejail --profile=/path/to/thunderbird.profile bash
echo $TMPDIR

firejail --quiet --env=TMPDIR=~/.cache/tmp bash
echo $TMPDIR
<!-- gh-comment-id:342569347 --> @Vincent43 commented on GitHub (Nov 7, 2017): Non-absolute env variables aren't properly resolved, i.e. `env TMPDIR=~/.cache/tmp` gives you literally `TMPDIR=~/.cache/tmp` instead of `TMPDIR=/home/username/.cache/tmp` which is garbage. You can test it yourself: ``` firejail --profile=/path/to/thunderbird.profile bash echo $TMPDIR ``` ``` firejail --quiet --env=TMPDIR=~/.cache/tmp bash echo $TMPDIR ```
gitea-mirror commented 2026-05-05 07:24:33 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Nov 7, 2017):

Indeed, I can reproduce what you're saying. Thanks for this info - I learned soemthing new today!

<!-- gh-comment-id:342573567 --> @curiosity-seeker commented on GitHub (Nov 7, 2017): Indeed, I can reproduce what you're saying. Thanks for this info - I learned soemthing new today!
gitea-mirror commented 2026-05-05 07:24:34 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Dec 17, 2017):

After coming back from a trip I noticed that the solution above does not work any more.
My Thunderbird profile contains the following rules:

private-tmp
noblacklist ~/.cache/tbtmp
mkdir ~/.cache/tbtmp
whitelist ~/.cache/tbtmp
env TMPDIR=/home/curiosity-seeker/.cache/tbtmp

When I try to open a pdf attachment with Okular I get an error that file:///tmp/mozilla_curiosity-seeker0/Example.pdf could not be opened.

And after disabling private-tmp I can open the pdf and firejail --list reports:
/usr/bin/firejail /usr/bin/okular /tmp/mozilla_curiosity-seeker0/Example.pdf

It seems that the env variable is no longer applied - but it used to work earlier. Is perhaps env broken due to a recent change?

<!-- gh-comment-id:352261883 --> @curiosity-seeker commented on GitHub (Dec 17, 2017): After coming back from a trip I noticed that the solution above does not work any more. My Thunderbird profile contains the following rules: ``` private-tmp noblacklist ~/.cache/tbtmp mkdir ~/.cache/tbtmp whitelist ~/.cache/tbtmp env TMPDIR=/home/curiosity-seeker/.cache/tbtmp ``` When I try to open a pdf attachment with Okular I get an error that `file:///tmp/mozilla_curiosity-seeker0/Example.pdf` could not be opened. And after disabling private-tmp I can open the pdf and firejail --list reports: `/usr/bin/firejail /usr/bin/okular /tmp/mozilla_curiosity-seeker0/Example.pdf` It seems that the env variable is no longer applied - but it used to work earlier. Is perhaps `env` broken due to a recent change?
gitea-mirror commented 2026-05-05 07:24:36 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Dec 17, 2017):

Yeah, it seems firejail doesn't pass TMPDIR env variable.

firejail --quiet --env=TMPDIR=/tmp bash
echo $TMPDIR


firejail --quiet --env=BLAHBLAH=/tmp bash
printenv |grep -i BLAHBLAH
BLAHBLAH=/tmp

Opened issue: https://github.com/netblue30/firejail/issues/1682

<!-- gh-comment-id:352271425 --> @Vincent43 commented on GitHub (Dec 17, 2017): Yeah, it seems firejail doesn't pass TMPDIR env variable. ``` firejail --quiet --env=TMPDIR=/tmp bash echo $TMPDIR ``` ``` firejail --quiet --env=BLAHBLAH=/tmp bash printenv |grep -i BLAHBLAH BLAHBLAH=/tmp ``` Opened issue: https://github.com/netblue30/firejail/issues/1682
gitea-mirror commented 2026-05-05 07:24:37 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Dec 18, 2017):

@curiosity-seeker can you confirm that you can reproduce below on https://github.com/netblue30/firejail/issues/1682

firejail --noprofile --noroot --env=TMPDIR=/tmp bash
Parent pid 6479, child pid 6480
Child process initialized in 18.72 ms
$ echo $TMPDIR

firejail --noprofile --env=TMPDIR=/tmp bash
Parent pid 6536, child pid 6537
Child process initialized in 21.94 ms
$ echo $TMPDIR
/tmp
<!-- gh-comment-id:352439883 --> @Vincent43 commented on GitHub (Dec 18, 2017): @curiosity-seeker can you confirm that you can reproduce below on https://github.com/netblue30/firejail/issues/1682 ``` firejail --noprofile --noroot --env=TMPDIR=/tmp bash Parent pid 6479, child pid 6480 Child process initialized in 18.72 ms $ echo $TMPDIR firejail --noprofile --env=TMPDIR=/tmp bash Parent pid 6536, child pid 6537 Child process initialized in 21.94 ms $ echo $TMPDIR /tmp ```
gitea-mirror commented 2026-05-05 07:24:38 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Dec 18, 2017):

@Vincent43 : Yes, I can reproduce! noroot seems to be the culprit, indeed.

<!-- gh-comment-id:352456384 --> @curiosity-seeker commented on GitHub (Dec 18, 2017): @Vincent43 : Yes, I can reproduce! `noroot` seems to be the culprit, indeed.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1063
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?