github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

rc?.d" is an invalid filename when including disable-common.inc in the firejail profile #1173

New issue

Closed

opened 2026-05-05 07:35:17 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 07:35:17 -06:00

Owner

Originally created by @mYnDstrEAm on GitHub (Jan 14, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1732

Since recently I'm getting the following error when running firejail firefox-esr:

Error: "/etc/rc?.d" is an invalid filename

I don't get this error when commenting out the following line:

include /etc/firejail/disable-common.inc

ls -l shows that all rc folders in /etc/ have normal filenames.

I'm running Debian 9.

Why am I getting this error? How to reenable disable-common.inc? Is this a bug of some other software? Is this the right place to ask about this?

Originally created by @mYnDstrEAm on GitHub (Jan 14, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1732 Since recently I'm getting the following error when running `firejail firefox-esr`: Error: "/etc/rc?.d" is an invalid filename I don't get this error when commenting out the following line: include /etc/firejail/disable-common.inc `ls -l` shows that all rc folders in /etc/ have normal filenames. I'm running Debian 9. Why am I getting this error? How to reenable disable-common.inc? Is this a bug of some other software? Is this the right place to ask about this?

gitea-mirror

2026-05-05 07:35:17 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:35:21 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Jan 15, 2018):

Are you on Firejail 0.9.52? As a temporary workaround you could simply comment out the line
sudo sed -i 's|blacklist /etc/rc?.d|#blacklist /etc/rc?.d|' /etc/firejail/disable-common.inc

@SkewedZeppelin commented on GitHub (Jan 15, 2018): Are you on Firejail 0.9.52? As a temporary workaround you could simply comment out the line `sudo sed -i 's|blacklist /etc/rc?.d|#blacklist /etc/rc?.d|' /etc/firejail/disable-common.inc`

gitea-mirror commented

2026-05-05 07:35:22 -06:00

Author

Owner

@mYnDstrEAm commented on GitHub (Jan 15, 2018):

Thanks. What parts of disable-common.inc are actually needed given that no additional directories were whitelisted? disable-common.inc seems to be almost exclusively blacklistings and setting some files to read-only: shouldn't those files be blacklisted/read-only anyway?

Please get the latest version onto the Debian repositories.

@mYnDstrEAm commented on GitHub (Jan 15, 2018): Thanks. What parts of disable-common.inc are actually needed given that no additional directories were whitelisted? disable-common.inc seems to be almost exclusively blacklistings and setting some files to read-only: shouldn't those files be blacklisted/read-only anyway? Please get the latest version onto the Debian repositories.

gitea-mirror commented

2026-05-05 07:35:24 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Jan 15, 2018):

See here about which versions are packaged in Debian.

As for your question about disable-common, it is very useful and extremely recommended to use, even if you're using a whitelist only profile. Although from how you said it "almost exclusively whitelistings", I'm not too sure what your disable-common is doing.

@SkewedZeppelin commented on GitHub (Jan 15, 2018): See [here](https://packages.debian.org/search?keywords=firejail) about which versions are packaged in Debian. As for your question about disable-common, it is very useful and extremely recommended to use, even if you're using a whitelist only profile. Although from how you said it "almost exclusively whitelistings", I'm not too sure what your disable-common is doing.

gitea-mirror commented

2026-05-05 07:35:26 -06:00

Author

Owner

@mYnDstrEAm commented on GitHub (Jan 15, 2018):

Sorry, I meant to say blacklistings not whitelistings. But why is that? Shouldn't all those files be inaccessible to firefox-esr by default anyway as long as they aren't noblacklisted / whitelisted explicitly in the profile? Is it about disabling the QML image cache?

@mYnDstrEAm commented on GitHub (Jan 15, 2018): Sorry, I meant to say blacklistings not whitelistings. But why is that? Shouldn't all those files be inaccessible to firefox-esr by default anyway as long as they aren't noblacklisted / whitelisted explicitly in the profile? Is it about disabling the QML image cache?

gitea-mirror commented

2026-05-05 07:35:27 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Jan 15, 2018):

@mYnDstrEAm if a file doens't explicitly whitelist anything it can access any and all files that aren't blacklisted. In the case of firefox-esr which is a whitelist profile, it actually can access some of those files (the ones not in ${HOME})

@SkewedZeppelin commented on GitHub (Jan 15, 2018): @mYnDstrEAm if a file doens't explicitly whitelist anything it can access any and all files that aren't blacklisted. In the case of firefox-esr which is a whitelist profile, it actually can access some of those files (the ones not in ${HOME})

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1173

No description provided.

Rows
Columns