github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #1658] firejail with wine and optirun #1117

New issue

Open

opened 2026-05-05 07:29:25 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 07:29:25 -06:00

Owner

Originally created by @silvervellum on GitHub (Nov 25, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1658

Hello!

I would like to use firejail with wine and optirun (to use a dedicated Nvidia graphics card) but I didn't find a case such this documented.

I tried a bit to work with this setup and I would like to share my notes and have a confirmation that my approach is correct. I am using firejail 9.50 on Debian Testing.

Firejail can be used with wine as everything else:
firejail wine <path/to/application>

In this way the wine.profile is loaded and the application should be jailed as expected.

To run the application with a dedicated Nvidia graphics card one has to use optirun:
optirun <options> wine <path/to/application>

How to use firejail whit this? Given that I have to jail wine, I tried at first with this syntax (somewhere else on the Internet I found another user doing the same):
optirun <options> firejail wine <path/to/application>

In this way I expected to see all the commands following optirun to run on the dedicated graphics card. Instead, despite that optirun ran and firejail loaded the wine.profile, the application launched with wine used the integrated graphics card. I didn't look at the documentation but at first it seems counterintuitive.

Then I changed the order of the commands and it worked, sort of:
firejail optirun <options> wine <path/to/application>

In fact firejail tried to load a profile for the first command it saw, in this case optirun, but given that there were no optirun profile it loaded the generic default one. Therefore I manually chose the correct profile:
firejail --profile=/etc/firejail/wine.profile optirun <options> wine <path/to/application>

To verify that everything works I made a simple test:
firejail --profile=/etc/firejail/wine.profile --private optirun wine notepad

and notepad was exposed to the fake home directory.

Therefore in this way everything seems to work as expected, but is it the correct way to do it? Thank you!

Originally created by @silvervellum on GitHub (Nov 25, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1658 Hello! I would like to use firejail with wine and optirun (to use a dedicated Nvidia graphics card) but I didn't find a case such this documented. I tried a bit to work with this setup and I would like to share my notes and have a confirmation that my approach is correct. I am using firejail 9.50 on Debian Testing. Firejail can be used with wine as everything else: `firejail wine <path/to/application>` In this way the wine.profile is loaded and the application should be jailed as expected. To run the application with a dedicated Nvidia graphics card one has to use optirun: `optirun <options> wine <path/to/application>` How to use firejail whit this? Given that I have to jail wine, I tried at first with this syntax (somewhere else on the Internet I found another user doing the same): `optirun <options> firejail wine <path/to/application>` In this way I expected to see all the commands following optirun to run on the dedicated graphics card. Instead, despite that optirun ran and firejail loaded the wine.profile, the application launched with wine used the integrated graphics card. I didn't look at the documentation but at first it seems counterintuitive. Then I changed the order of the commands and it worked, sort of: `firejail optirun <options> wine <path/to/application>` In fact firejail tried to load a profile for the first command it saw, in this case optirun, but given that there were no optirun profile it loaded the generic default one. Therefore I manually chose the correct profile: `firejail --profile=/etc/firejail/wine.profile optirun <options> wine <path/to/application>` To verify that everything works I made a simple test: `firejail --profile=/etc/firejail/wine.profile --private optirun wine notepad` and notepad was exposed to the fake home directory. Therefore in this way everything seems to work as expected, but is it the correct way to do it? Thank you!

gitea-mirror added the

information_old

label 2026-05-05 07:29:25 -06:00

gitea-mirror commented

2026-05-05 07:29:27 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Nov 25, 2017):

firejail optirun [program] is probably the right way. I haven't used Bumblebee in a while, but afaik opti/primusrun was like LD_PRELOAD and you can't LD_PRELOAD on suid binaries.

Maybe someone can add an '--optirun' option to allow running with optirun instead of having to firejail --profile=realprogram optirun program

Edit: closed by accident.

@SkewedZeppelin commented on GitHub (Nov 25, 2017): `firejail optirun [program]` is probably the right way. I haven't used Bumblebee in a while, but afaik opti/primusrun was like LD_PRELOAD and you can't LD_PRELOAD on suid binaries. Maybe someone can add an '--optirun' option to allow running with optirun instead of having to `firejail --profile=realprogram optirun program` Edit: closed by accident.

gitea-mirror commented

2026-05-05 07:29:29 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 4, 2021):

Can we close here?

@rusty-snake commented on GitHub (Aug 4, 2021): Can we close here?

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1117

No description provided.

Rows
Columns