[GH-ISSUE #1651] Dropbox failed to start after update the firejail new built yesterday

gitea-mirror commented

2026-05-05 07:28:10 -06:00

Owner

Originally created by @cryptogun on GitHub (Nov 17, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1651

After the prompt printed posixffi.libc._posixffi_libc.so this pop up:

Failed to run /bin/sh '/tmp/tmpxglHBD' as user root.
Failed to exec new process: permission denied

And then pop up:

Couldn't start Dropbox.

This is usually because of a permissions error. Storing your home folder on a network share can also cause an error. 

Get more help at https://www.dropbox.com/c/help/permissions_error

Please contact Dropbox support with the following info for help: /tmp/dropbox_errorpqMhZD.txt

ls /tmp/drop* gets none.
Traceback:

$ dropbox start
Reading profile /usr/local/etc/firejail/dropbox.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Parent pid 16274, child pid 16275
Child process initialized in 224.86 ms
Starting Dropbox...dropbox: locating interpreter
dropbox: logging to /tmp/dropbox-antifreeze-pzN2ss
dropbox: initializing
dropbox: running python 2.7.11
dropbox: setting program path '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/dropbox'
dropbox: setting home path '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49'
dropbox: setting python path '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49:/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/python-packages-27.zip'
dropbox: python initialized
dropbox: running dropbox
dropbox: setting args
dropbox: applying overrides
dropbox: running main script
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cryptography.hazmat.bindings._constant_time.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cryptography.hazmat.bindings._openssl.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cryptography.hazmat.bindings._padding.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/psutil._psutil_linux.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/psutil._psutil_posix.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/linuxffi.pthread._linuxffi_pthread.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/tornado.speedups.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cpuid.compiled._cpuid.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/linuxffi.resolv.compiled._linuxffi_resolv.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/librsyncffi.compiled._librsyncffi.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/linuxffi.sys.compiled._linuxffi_sys.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/posixffi.libc._posixffi_libc.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtWebKit.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtCore.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtNetwork.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtGui.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtWebKitWidgets.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtWidgets.so'
dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtPrintSupport.so'
Qt: Session management error: None of the authentication protocols specified are supported

Originally created by @cryptogun on GitHub (Nov 17, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1651 After the prompt printed `posixffi.libc._posixffi_libc.so` this pop up: ``` Failed to run /bin/sh '/tmp/tmpxglHBD' as user root. Failed to exec new process: permission denied ``` And then pop up: ``` Couldn't start Dropbox. This is usually because of a permissions error. Storing your home folder on a network share can also cause an error. Get more help at https://www.dropbox.com/c/help/permissions_error Please contact Dropbox support with the following info for help: /tmp/dropbox_errorpqMhZD.txt ``` `ls /tmp/drop*` gets none. Traceback: ``` $ dropbox start Reading profile /usr/local/etc/firejail/dropbox.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/whitelist-common.inc Parent pid 16274, child pid 16275 Child process initialized in 224.86 ms Starting Dropbox...dropbox: locating interpreter dropbox: logging to /tmp/dropbox-antifreeze-pzN2ss dropbox: initializing dropbox: running python 2.7.11 dropbox: setting program path '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/dropbox' dropbox: setting home path '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49' dropbox: setting python path '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49:/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/python-packages-27.zip' dropbox: python initialized dropbox: running dropbox dropbox: setting args dropbox: applying overrides dropbox: running main script dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cryptography.hazmat.bindings._constant_time.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cryptography.hazmat.bindings._openssl.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cryptography.hazmat.bindings._padding.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/psutil._psutil_linux.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/psutil._psutil_posix.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/linuxffi.pthread._linuxffi_pthread.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/tornado.speedups.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/cpuid.compiled._cpuid.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/linuxffi.resolv.compiled._linuxffi_resolv.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/librsyncffi.compiled._librsyncffi.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/linuxffi.sys.compiled._linuxffi_sys.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/posixffi.libc._posixffi_libc.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtWebKit.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtCore.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtNetwork.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtGui.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtWebKitWidgets.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtWidgets.so' dropbox: load fq extension '/home/i/.dropbox-dist/dropbox-lnx.x86_64-39.4.49/PyQt5.QtPrintSupport.so' Qt: Session management error: None of the authentication protocols specified are supported ```

gitea-mirror

2026-05-05 07:28:10 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 07:28:16 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Nov 17, 2017):

Thanks for the report! It should be fixed now.

@Fred-Barclay commented on GitHub (Nov 17, 2017): Thanks for the report! It should be fixed now.

gitea-mirror commented

2026-05-05 07:28:18 -06:00

Author

Owner

@cryptogun commented on GitHub (Nov 18, 2017):

Thanks for the fix.

Feed back: Not perfect after adding that line (noblacklist ~/.dropbox).
I can open dropbox and open the preference tabs. But:

Unable to open https://www.dropbox.com/cli_link_nonce?nonce=*** in Chrome and sign in. (I deleted .dropbox and .dropbox-dist before).

Warning: an existing sandbox was detected. /usr/bin/google-chrome-stable will run without any additional sandboxing features
/usr/bin/google-chrome-stable: line 45: /dev/fd/62: No such file or directory
/usr/bin/google-chrome-stable: line 46: /dev/fd/62: No such file or directory
[1:1:1118/120815.498801:ERROR:nacl_fork_delegate_linux.cc(315)] Bad NaCl helper startup ack (0 bytes)

Command line dropbox start is not daemonized now. Ctrl + C` quits Dropbox. Previous I can type that command and quit the prompt without closing Dropbox.

/usr/bin/dropbox run without any problem.

@cryptogun commented on GitHub (Nov 18, 2017): Thanks for the fix. Feed back: Not perfect after adding that line (`noblacklist ~/.dropbox`). I can open dropbox and open the preference tabs. But: 1. Unable to open `https://www.dropbox.com/cli_link_nonce?nonce=***` in Chrome and sign in. (I deleted `.dropbox` and `.dropbox-dist` before). ``` Warning: an existing sandbox was detected. /usr/bin/google-chrome-stable will run without any additional sandboxing features /usr/bin/google-chrome-stable: line 45: /dev/fd/62: No such file or directory /usr/bin/google-chrome-stable: line 46: /dev/fd/62: No such file or directory [1:1:1118/120815.498801:ERROR:nacl_fork_delegate_linux.cc(315)] Bad NaCl helper startup ack (0 bytes) ``` 2. Command line `dropbox start` is not daemonized now. <kbd>Ctrl</kbd> + <kbd>C</kbd>` quits Dropbox. Previous I can type that command and quit the prompt without closing Dropbox. `/usr/bin/dropbox` run without any problem.

gitea-mirror commented

2026-05-05 07:28:19 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Nov 18, 2017):

To run Chrome, you'll need to copy the dropbox.profile to ~/.config/firejail, and then comment out (add a # to the beginning) of at least these lines:

protocol unix,inet,inet6
seccomp

This is because Chrome is started inside the Dropbox sandbox. Chrome has its own sandbox that doesn't interface well with firejail, so you'll need to loosen dropbox's profile so that Chrome can run in it.

If you only do this, Chrome won't be able to see its settings or bookmarks. For it to run normally, you'll also need to add the lines

noblacklist ${HOME}/.cache/google-chrome
noblacklist ${HOME}/.config/google-chrome
noblacklist ${HOME}/.pki

to the other noblacklist lines in dropbox.profile, and

mkdir ${HOME}/.cache/google-chrome
mkdir ${HOME}/.config/google-chrome
mkdir ${HOME}/.pki
whitelist ${DOWNLOADS}
whitelist ${HOME}/.cache/google-chrome
whitelist ${HOME}/.config/google-chrome
whitelist ${HOME}/.pki

to the other whitelist lines.

About the second problem, there's no way around this that I'm aware of. The daemon is running inside firejail, so Ctrl+C kills firejail and therefore dropboxd.

Cheers!
Fred

@Fred-Barclay commented on GitHub (Nov 18, 2017): To run Chrome, you'll need to copy the dropbox.profile to ~/.config/firejail, and then comment out (add a `#` to the beginning) of at least these lines: ``` protocol unix,inet,inet6 seccomp ``` This is because Chrome is started inside the Dropbox sandbox. Chrome has its own sandbox that doesn't interface well with firejail, so you'll need to loosen dropbox's profile so that Chrome can run in it. If you only do this, Chrome won't be able to see its settings or bookmarks. For it to run normally, you'll also need to add the lines ``` noblacklist ${HOME}/.cache/google-chrome noblacklist ${HOME}/.config/google-chrome noblacklist ${HOME}/.pki ``` to the other noblacklist lines in dropbox.profile, and ``` mkdir ${HOME}/.cache/google-chrome mkdir ${HOME}/.config/google-chrome mkdir ${HOME}/.pki whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/google-chrome whitelist ${HOME}/.config/google-chrome whitelist ${HOME}/.pki ``` to the other whitelist lines. About the second problem, there's no way around this that I'm aware of. The daemon is running inside firejail, so Ctrl+C kills firejail and therefore dropboxd. Cheers! Fred

gitea-mirror commented

2026-05-05 07:28:21 -06:00

Author

Owner

@cryptogun commented on GitHub (Nov 18, 2017):

OK. I use /usr/bin/dropbox start so as to link to my account. Then I can use firejail dropbox start now.

Oh I remembered that I first installed firejail then Dropbox, so there's no sim-link
/usr/local/bin/dropbox -> /usr/local/bin/firejail
so I can daemonize it previously.

Not big deal because I can start Dropbox from startup menu, without a prompt.

Thank you all :)

@cryptogun commented on GitHub (Nov 18, 2017): OK. I use `/usr/bin/dropbox start` so as to link to my account. Then I can use `firejail dropbox start` now. Oh I remembered that I first installed firejail then Dropbox, so there's no sim-link `/usr/local/bin/dropbox -> /usr/local/bin/firejail` so I can daemonize it previously. Not big deal because I can start Dropbox from startup menu, without a prompt. Thank you all :)

gitea-mirror commented

2026-05-05 07:28:22 -06:00

Author

Owner

@Tanath commented on GitHub (Jan 22, 2018):

I was getting this issue until I commented out noroot.

@Tanath commented on GitHub (Jan 22, 2018): I was getting this issue until I commented out `noroot`.

gitea-mirror commented

2026-05-05 07:28:24 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jan 22, 2018):

Thanks @Tanath. I think it's better for now to keep noroot in the main profile and just start dropbox outside firejail whenever you need to update, rather than to run it without noroot all the time (which could theoretically allow a sucessful attacker, or a bug in the program, to act with root permissions.)

Although we do have the nonewprivs line, so removing noroot might be okay. @SpotComms any thoughts?

@Fred-Barclay commented on GitHub (Jan 22, 2018): Thanks @Tanath. I think it's better for now to keep `noroot` in the main profile and just start dropbox outside firejail whenever you need to update, rather than to run it without `noroot` all the time (which could theoretically allow a sucessful attacker, or a bug in the program, to act with root permissions.) Although we do have the `nonewprivs` line, so removing `noroot` might be okay. @SpotComms any thoughts?

gitea-mirror commented

2026-05-05 07:28:26 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Jan 22, 2018):

@Fred-Barclay We can just comment it for now, I don't think its too big an issue. I just wonder why noroot would cause it not to start.

@SkewedZeppelin commented on GitHub (Jan 22, 2018): @Fred-Barclay We can just comment it for now, I don't think its too big an issue. I just wonder why `noroot` would cause it not to start.

gitea-mirror commented

2026-05-05 07:28:27 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jan 22, 2018):

I think the first three lines in the OP hinted at noroot being a problem. But then, nonewprivs would probably have blocked running a shell as root too. 😕

@Fred-Barclay commented on GitHub (Jan 22, 2018): I think the first three lines in the OP hinted at noroot being a problem. But then, nonewprivs would probably have blocked running a shell as root too. 😕

gitea-mirror commented

2026-05-05 07:28:28 -06:00

Author

Owner

@Tanath commented on GitHub (Jan 22, 2018):

I don't know if this is related but may be worth mentioning. My Dropbox has been unable to update in-app for a very long time. When I run it in firejail it takes an hour or so but then it does the same thing as running without. It perpetually says 'Upgrading Dropbox...' in the tooltip, with the spinning icon in tray.

Every time I thought I fixed it, it started again in an hour or so.

@Tanath commented on GitHub (Jan 22, 2018): I don't know if this is related but may be worth mentioning. My Dropbox has been unable to update in-app for a very long time. When I run it in firejail it takes an hour or so but then it does the same thing as running without. It perpetually says 'Upgrading Dropbox...' in the tooltip, with the spinning icon in tray. Every time I thought I fixed it, it started again in an hour or so.

gitea-mirror commented

2026-05-05 07:28:28 -06:00

Author

Owner

@atrent commented on GitHub (Jul 15, 2018):

Hi, I had to comment the 'include /etc/firejail/disable-interpreters.inc' in the dropbox.profile since I was getting this error:
/bin/bash: /usr/bin/dropbox: /usr/bin/python: bad interpreter: Permission denied

Then it worked.

@atrent commented on GitHub (Jul 15, 2018): Hi, I had to comment the 'include /etc/firejail/disable-interpreters.inc' in the dropbox.profile since I was getting this error: /bin/bash: /usr/bin/dropbox: /usr/bin/python: bad interpreter: Permission denied Then it worked.

gitea-mirror commented

2026-05-05 07:28:29 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

You should be able to use either

noblacklist ${PATH}/python3*
noblacklist /usr/include/python3*
noblacklist /usr/lib/python3*
noblacklist /usr/local/lib/python3*
noblacklist /usr/share/python3*

or

noblacklist ${PATH}/python2*
noblacklist /usr/include/python2*
noblacklist /usr/lib/python2*
noblacklist /usr/local/lib/python2*
noblacklist /usr/share/python2*

in the dropbox profile to get it to work. Can you report back on which one works so that we can add it to the profile?

@chiraag-nataraj commented on GitHub (Jul 15, 2018): You should be able to use either ``` noblacklist ${PATH}/python3* noblacklist /usr/include/python3* noblacklist /usr/lib/python3* noblacklist /usr/local/lib/python3* noblacklist /usr/share/python3* ``` or ``` noblacklist ${PATH}/python2* noblacklist /usr/include/python2* noblacklist /usr/lib/python2* noblacklist /usr/local/lib/python2* noblacklist /usr/share/python2* ``` in the dropbox profile to get it to work. Can you report back on which one works so that we can add it to the profile?

gitea-mirror commented

2026-05-05 07:28:31 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

Had the same problem as @atrent since yesterday, commenting out the line worked, while trying adding the lines (tried both) as @chiraag-nataraj suggested didn't....

@Nutjob commented on GitHub (Jul 15, 2018): Had the same problem as @atrent since yesterday, commenting out the line worked, while trying adding the lines (tried both) as @chiraag-nataraj suggested didn't....

gitea-mirror commented

2026-05-05 07:28:32 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

Cool. @Nutjob @atrent I'll look into it and report back.

@chiraag-nataraj commented on GitHub (Jul 15, 2018): Cool. @Nutjob @atrent I'll look into it and report back.

gitea-mirror commented

2026-05-05 07:28:33 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

Can you try these files? Move them to ${HOME}/.config/firejail/common.inc and ${HOME}/.config/firejail/dropbox.profile and give it a whirl (I've only tested syncing files, since I don't really use Dropbox all that much) 🙂 I'll probably tighten the profile further, but I wanted to see if this profile works for y'all before adding more things that may break it.
common.txt
dropbox.txt

@chiraag-nataraj commented on GitHub (Jul 15, 2018): Can you try these files? Move them to `${HOME}/.config/firejail/common.inc` and `${HOME}/.config/firejail/dropbox.profile` and give it a whirl (I've only tested syncing files, since I don't really use Dropbox all that much) :slightly_smiling_face: I'll probably tighten the profile further, but I wanted to see if this profile works for y'all before adding more things that may break it. [common.txt](https://github.com/netblue30/firejail/files/2195747/common.txt) [dropbox.txt](https://github.com/netblue30/firejail/files/2195748/dropbox.txt)

gitea-mirror commented

2026-05-05 07:28:34 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

Nope, not working.
(BTW Didn't have common.inc file, had to make it, )
EDIT: Just checked, i've got whitelist-common.inc and whitelist-var-common.inc if that can help.

@Nutjob commented on GitHub (Jul 15, 2018): Nope, not working. (BTW Didn't have `common.inc` file, had to make it, ) EDIT: Just checked, i've got `whitelist-common.inc` and `whitelist-var-common.inc` if that can help.

gitea-mirror commented

2026-05-05 07:28:35 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

I uploaded two files above! common.txt => common.inc and dropbox.txt => dropbox.profile :)

@chiraag-nataraj commented on GitHub (Jul 15, 2018): I uploaded two files above! `common.txt` => `common.inc` and `dropbox.txt` => `dropbox.profile` :)

gitea-mirror commented

2026-05-05 07:28:37 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

And if that's still not working, is it the same error or a different one?

@chiraag-nataraj commented on GitHub (Jul 15, 2018): And if that's still not working, is it the same error or a different one?

gitea-mirror commented

2026-05-05 07:28:38 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

Now it won't start, with the message Error: cannot access profile file

@Nutjob commented on GitHub (Jul 15, 2018): Now it won't start, with the message `Error: cannot access profile file`

gitea-mirror commented

2026-05-05 07:28:40 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

Did you copy common.txt to ~/.config/firejail/common.inc? That's the only file that this dropbox profile depends on.

@chiraag-nataraj commented on GitHub (Jul 15, 2018): Did you copy `common.txt` to `~/.config/firejail/common.inc`? That's the only file that this dropbox profile depends on.

gitea-mirror commented

2026-05-05 07:28:41 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

Okay, you know what, never mind. I also realized there a couple of things in the common.inc file which will break on earlier versions of firejail. If you comment out the include ${HOME}/.config/firejail/common.inc in the dropbox profile, what happens?

@chiraag-nataraj commented on GitHub (Jul 15, 2018): Okay, you know what, never mind. I also realized there a couple of things in the `common.inc` file which will break on earlier versions of `firejail`. If you comment out the `include ${HOME}/.config/firejail/common.inc` in the dropbox profile, what happens?

gitea-mirror commented

2026-05-05 07:28:42 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

Yeah, my bad about common.inc, i put it there and got
Error: line 24 in /home/user/.config/firejail/common.inc is invalid.
Tried commenting the line in dropbox.profile, got the following message:
execvp: No such file or directory

@Nutjob commented on GitHub (Jul 15, 2018): Yeah, my bad about `common.inc`, i put it there and got `Error: line 24 in /home/user/.config/firejail/common.inc is invalid`. Tried commenting the line in dropbox.profile, got the following message: `execvp: No such file or directory`

gitea-mirror commented

2026-05-05 07:28:42 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

Ah okay. That's because you don't have shell none. Just comment out nou2f in common.inc (and uncomment the include in dropbox.profile) and try again.

@chiraag-nataraj commented on GitHub (Jul 15, 2018): Ah okay. That's because you don't have `shell none`. Just comment out `nou2f` in `common.inc` (and uncomment the `include` in `dropbox.profile`) and try again.

gitea-mirror commented

2026-05-05 07:28:43 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

Here's the result:
Parent pid 4460, child pid 4461 Warning: skipping emp for private /opt Private /opt installed in 0.12 ms 9 programs installed in 19.80 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Child process initialized in 52.63 ms Starting Dropbox...Traceback (most recent call last): File "/usr/bin/dropbox", line 1535, in <module> ret = main(sys.argv) File "/usr/bin/dropbox", line 1524, in main result = commands[argv[i]](argv[i+1:]) File "/usr/bin/dropbox", line 1395, in start if not start_dropbox(): File "/usr/bin/dropbox", line 732, in start_dropbox stderr=sys.stderr, stdout=f, close_fds=True) File "/usr/lib/python2.7/subprocess.py", line 394, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 13] Permission denied

@Nutjob commented on GitHub (Jul 15, 2018): Here's the result: `Parent pid 4460, child pid 4461 Warning: skipping emp for private /opt Private /opt installed in 0.12 ms 9 programs installed in 19.80 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Child process initialized in 52.63 ms Starting Dropbox...Traceback (most recent call last): File "/usr/bin/dropbox", line 1535, in <module> ret = main(sys.argv) File "/usr/bin/dropbox", line 1524, in main result = commands[argv[i]](argv[i+1:]) File "/usr/bin/dropbox", line 1395, in start if not start_dropbox(): File "/usr/bin/dropbox", line 732, in start_dropbox stderr=sys.stderr, stdout=f, close_fds=True) File "/usr/lib/python2.7/subprocess.py", line 394, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 13] Permission denied`

gitea-mirror commented

2026-05-05 07:28:44 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

Which shell do you use? This is a problem with not whitelisting the proper shell I think...alternatively, you could comment out private-bin to see if that helps.

@chiraag-nataraj commented on GitHub (Jul 15, 2018): Which shell do you use? This is a problem with not whitelisting the proper shell I think...alternatively, you could comment out `private-bin` to see if that helps.

gitea-mirror commented

2026-05-05 07:28:44 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

I'm using bash, i've tried to comment out private-bin, but i'm getting an error (the line is written like this: private-bin dropbox,python,python2,sh,readlink,dirname )

@Nutjob commented on GitHub (Jul 15, 2018): I'm using bash, i've tried to comment out `private-bin`, but i'm getting an error (the line is written like this: `private-bin dropbox,python,python2,sh,readlink,dirname` )

gitea-mirror commented

2026-05-05 07:28:45 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

What's the error you get if you comment out private-bin?

@chiraag-nataraj commented on GitHub (Jul 15, 2018): What's the error you get if you comment out `private-bin`?

gitea-mirror commented

2026-05-05 07:28:46 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

Parent pid 5886, child pid 5887
Warning: skipping emp for private /opt
Private /opt installed in 0.23 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.

@Nutjob commented on GitHub (Jul 15, 2018): ``` Parent pid 5886, child pid 5887 Warning: skipping emp for private /opt Private /opt installed in 0.23 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. ```

gitea-mirror commented

2026-05-05 07:28:46 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

That's not an error. That's actually expected (it's just a warning from firejail that you can ignore). But does dropbox actually start?

@chiraag-nataraj commented on GitHub (Jul 15, 2018): That's not an error. That's actually expected (it's just a warning from `firejail` that you can ignore). But does dropbox actually start?

gitea-mirror commented

2026-05-05 07:28:47 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 15, 2018):

It seems dropbox start and close immediately.

@Nutjob commented on GitHub (Jul 15, 2018): It seems dropbox start and close immediately.

gitea-mirror commented

2026-05-05 07:28:48 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 15, 2018):

Okay. I'm not quite sure what's going on there. There's no output at all from dropbox?

@chiraag-nataraj commented on GitHub (Jul 15, 2018): Okay. I'm not quite sure what's going on there. There's no output at all from `dropbox`?

gitea-mirror commented

2026-05-05 07:28:49 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 16, 2018):

The only output outside of the one i posted before

Parent pid 5886, child pid 5887
Warning: skipping emp for private /opt
Private /opt installed in 0.23 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.

is:

 Dropbox isn't running!
 Dropbox is already running!
 
 Parent is shutting down, bye...

@Nutjob commented on GitHub (Jul 16, 2018): The only output outside of the one i posted before ``` Parent pid 5886, child pid 5887 Warning: skipping emp for private /opt Private /opt installed in 0.23 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. ``` is: ``` Dropbox isn't running! Dropbox is already running! Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 07:28:49 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 16, 2018):

Hmm, that's weird. I get a bunch of output about it loading libraries and stuff. Can you try a killall dropbox before running it within firejail?

@chiraag-nataraj commented on GitHub (Jul 16, 2018): Hmm, that's weird. I get a bunch of output about it loading libraries and stuff. Can you try a `killall dropbox` before running it within `firejail`?

gitea-mirror commented

2026-05-05 07:28:50 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 16, 2018):

$killall dropbox
dropbox: no process found

If i try to run it within firejail i get the output i posted before.....

@Nutjob commented on GitHub (Jul 16, 2018): ``` $killall dropbox dropbox: no process found ``` If i try to run it within firejail i get the output i posted before.....

gitea-mirror commented

2026-05-05 07:28:51 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 16, 2018):

sudo killall dropbox?

@chiraag-nataraj commented on GitHub (Jul 16, 2018): `sudo killall dropbox`?

gitea-mirror commented

2026-05-05 07:28:51 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 16, 2018):

Same: dropbox: no process found

@Nutjob commented on GitHub (Jul 16, 2018): Same: `dropbox: no process found`

gitea-mirror commented

2026-05-05 07:28:52 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 16, 2018):

Hmm, I have no idea then. I thought maybe dropbox was already running (and so the new dropbox quit automatically).

@chiraag-nataraj commented on GitHub (Jul 16, 2018): Hmm, I have no idea then. I thought maybe `dropbox` was already running (and so the new `dropbox` quit automatically).

gitea-mirror commented

2026-05-05 07:28:53 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 18, 2018):

No, i've checked, dropbox wasn't running ..........

@Nutjob commented on GitHub (Jul 18, 2018): No, i've checked, `dropbox` wasn't running ..........

gitea-mirror commented

2026-05-05 07:28:53 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 21, 2018):

If you comment out all of the dropbox-specific stuff (so the dropbox.profile file should just have include ~/.config/firejail/common.inc), does dropbox work?

@chiraag-nataraj commented on GitHub (Jul 21, 2018): If you comment out all of the dropbox-specific stuff (so the `dropbox.profile` file should _just_ have `include ~/.config/firejail/common.inc`), does dropbox work?

gitea-mirror commented

2026-05-05 07:28:54 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jul 22, 2018):

Let's reopen for now!

@Fred-Barclay commented on GitHub (Jul 22, 2018): Let's reopen for now!

gitea-mirror commented

2026-05-05 07:28:55 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 22, 2018):

If you comment out all of the dropbox-specific stuff (so the dropbox.profile file should just have include ~/.config/firejail/common.inc), does dropbox work?

Yes, with that configuration dropbox starts, but it can't connect to the dropbox server

@Nutjob commented on GitHub (Jul 22, 2018): > If you comment out all of the dropbox-specific stuff (so the dropbox.profile file should just have include ~/.config/firejail/common.inc), does dropbox work? Yes, with that configuration dropbox starts, but it `can't connect to the dropbox server`

gitea-mirror commented

2026-05-05 07:28:56 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 22, 2018):

My bad, keep the ignore statements as well. So just keep the ignore statements and the include statement.

@chiraag-nataraj commented on GitHub (Jul 22, 2018): My bad, keep the `ignore` statements as well. So just keep the `ignore` statements and the `include` statement.

gitea-mirror commented

2026-05-05 07:28:56 -06:00

Author

Owner

@Nutjob commented on GitHub (Jul 22, 2018):

Ok, leaving uncommented include ~/.config/firejail/common.inc and ignore net seems to work, but the software stops working after installing.

@Nutjob commented on GitHub (Jul 22, 2018): Ok, leaving uncommented `include ~/.config/firejail/common.inc` and `ignore net` seems to work, but the software stops working after installing.

gitea-mirror commented

2026-05-05 07:28:57 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 22, 2018):

Okay, so I installed dropbox without sandboxing and only sandbox the running of the daemon. I don't know if/how sandboxing during installation works. I installed the daemon, linked it with my account, and then ran it sandboxed.

@chiraag-nataraj commented on GitHub (Jul 22, 2018): Okay, so I installed `dropbox` without sandboxing and only sandbox the running of the daemon. I don't know if/how sandboxing during installation works. I installed the daemon, linked it with my account, and then ran it sandboxed.

gitea-mirror commented

2026-05-05 07:28:58 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 21, 2019):

Is this still an issue?

@chiraag-nataraj commented on GitHub (May 21, 2019): Is this still an issue?

gitea-mirror commented

2026-05-05 07:28:59 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 21, 2019):

I still maintain that the easiest is to install it without sandboxing and to sandbox it after setup (this also solves the thorny issue of authenticating with the browser...). I followed the following steps and everything works pretty well:

Run cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64" | tar xzf - (as recommended by the Dropbox website for headless install). This creates the ~/.dropbox-dist folder, which I move to ~/.local/share/dropbox.
Since I have ~/.local/bin in my $PATH, I do cd ~/.local/bin && ln -s ../share/dropbox/dropboxd . so I can easily run dropboxd.
Run dropboxd without sandboxing and authenticate.
I right-click on the icon and tell it to sync to ~/.cache/dropbox instead of polluting my home folder.
I move ~/.dropbox (created by the program) to ~/.config/dropbox and run ln -s .config/dropbox .dropbox.

Now, I can start dropboxd using firejail dropboxd with the following profile files:
~/.config/firejail/dropboxd.profile:

ignore net
ignore memory-deny-write-execute
ignore noexec ${HOME}

include ${HOME}/.config/firejail/common.inc

mkdir ${HOME}/.cache/dropbox
mkdir ${HOME}/.config/dropbox
mkdir ${HOME}/.dropbox
mkdir ${HOME}/.local/share/dropbox

whitelist ${HOME}/.cache/dropbox
whitelist ${HOME}/.dropbox
whitelist ${HOME}/.config/dropbox
whitelist ${HOME}/.local/share/dropbox
whitelist ${HOME}/.local/bin/dropboxd

private-bin python,python2,sh,readlink,dirname,xdg-settings

~/.config/firejail/common.inc:

blacklist /usr/local/bin
blacklist /usr/local/sbin

blacklist /boot

private-tmp
read-only /tmp/.X11-unix
private-dev
disable-mnt
private-opt emp
private-srv emp

shell none
seccomp
seccomp.block-secondary
noroot
caps.drop all
apparmor
nonewprivs
ipc-namespace
machine-id
nodbus
nou2f
nogroups
net none
netfilter
memory-deny-write-execute

noexec ${HOME}
noexec /tmp
noexec ${RUNUSER}

This works successfully with Debian sid/experimental and firejail from git master.

@chiraag-nataraj commented on GitHub (May 21, 2019): I still maintain that the easiest is to install it without sandboxing and to sandbox it after setup (this also solves the thorny issue of authenticating with the browser...). I followed the following steps and everything works pretty well: 1. Run `cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64" | tar xzf -` (as recommended by the Dropbox website for headless install). This creates the `~/.dropbox-dist` folder, which I move to `~/.local/share/dropbox`. 2. Since I have `~/.local/bin` in my `$PATH`, I do `cd ~/.local/bin && ln -s ../share/dropbox/dropboxd .` so I can easily run `dropboxd`. 3. Run `dropboxd` without sandboxing and authenticate. 4. I right-click on the icon and tell it to sync to `~/.cache/dropbox` instead of polluting my home folder. 5. I move `~/.dropbox` (created by the program) to `~/.config/dropbox` and run `ln -s .config/dropbox .dropbox`. Now, I can start `dropboxd` using `firejail dropboxd` with the following profile files: `~/.config/firejail/dropboxd.profile`: ``` ignore net ignore memory-deny-write-execute ignore noexec ${HOME} include ${HOME}/.config/firejail/common.inc mkdir ${HOME}/.cache/dropbox mkdir ${HOME}/.config/dropbox mkdir ${HOME}/.dropbox mkdir ${HOME}/.local/share/dropbox whitelist ${HOME}/.cache/dropbox whitelist ${HOME}/.dropbox whitelist ${HOME}/.config/dropbox whitelist ${HOME}/.local/share/dropbox whitelist ${HOME}/.local/bin/dropboxd private-bin python,python2,sh,readlink,dirname,xdg-settings ``` `~/.config/firejail/common.inc`: ``` blacklist /usr/local/bin blacklist /usr/local/sbin blacklist /boot private-tmp read-only /tmp/.X11-unix private-dev disable-mnt private-opt emp private-srv emp shell none seccomp seccomp.block-secondary noroot caps.drop all apparmor nonewprivs ipc-namespace machine-id nodbus nou2f nogroups net none netfilter memory-deny-write-execute noexec ${HOME} noexec /tmp noexec ${RUNUSER} ``` This works successfully with Debian sid/experimental and firejail from git master.

gitea-mirror commented

2026-05-05 07:28:59 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 23, 2019):

I'm going to go ahead and close this for now. @cryptogun or others, please feel free to re-open if you still have this issue or have further questions.

@chiraag-nataraj commented on GitHub (May 23, 2019): I'm going to go ahead and close this for now. @cryptogun or others, please feel free to re-open if you still have this issue or have further questions.

Rows
Columns

[GH-ISSUE #1651] Dropbox failed to start after update the firejail new built yesterday #1113