[GH-ISSUE #1740] skypeforlinux hangs with white non-responsive window, firejail 0.9.52 #1177

New issue

Closed

opened 2026-05-05 07:36:08 -06:00 by gitea-mirror · 21 comments

gitea-mirror commented 2026-05-05 07:36:08 -06:00

Owner

Copy link

Originally created by @selivan on GitHub (Jan 19, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1740

firejail: 0.9.52 (from Ubuntu ppa: deki/firejail)
skypeforlinux: 8.13.0.2

Skype window show loading process for a short time, then it becomes white non-responsive window. Without firejail it works fine.

Screenshot:

It is Electron-based, so I tried using chromium profile with additional whitelist for ${HOME}/.config/skypeforlinux, but it hangs the same way.

Is there any way I can debug this, like print what did it stumble upon? --debug didn't help much, neither did --allow-debugges strace ...

Originally created by @selivan on GitHub (Jan 19, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1740 firejail: 0.9.52 (from Ubuntu [ppa: deki/firejail](https://launchpad.net/~deki/+archive/ubuntu/firejail)) skypeforlinux: 8.13.0.2 Skype window show loading process for a short time, then it becomes white non-responsive window. Without firejail it works fine. Screenshot:  It is Electron-based, so I tried using chromium profile with additional whitelist for `${HOME}/.config/skypeforlinux`, but it hangs the same way. Is there any way I can debug this, like print what did it stumble upon? `--debug` didn't help much, neither did `--allow-debugges strace ...`

gitea-mirror 2026-05-05 07:36:08 -06:00

• closed this issue
• added the
  information_old
  label

gitea-mirror commented 2026-05-05 07:36:12 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 19, 2018):

I poke it with a stick and found, that without private-dev it works.
--allow-debuggers strace ... shows, that is uses /dev/aload*:

[pid   115] open("/dev/aloadC5", O_RDONLY|O_CLOEXEC <unfinished ...>
[pid   115] open("/dev/aloadC6", O_RDONLY|O_CLOEXEC <unfinished ...>
[pid   115] open("/dev/aloadC7", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   115] open("/dev/aloadC8", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   115] open("/dev/aloadC9", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   115] open("/dev/aloadC10", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)

Is there any way to allow this /dev/aload* files for private-dev?

Also, you should probably disable private-dev in skypeforlinux profile for now.

<!-- gh-comment-id:358874107 --> @selivan commented on GitHub (Jan 19, 2018): I poke it with a stick and found, that without `private-dev` it works. `--allow-debuggers strace ...` shows, that is uses `/dev/aload*`: ``` [pid 115] open("/dev/aloadC5", O_RDONLY|O_CLOEXEC <unfinished ...> [pid 115] open("/dev/aloadC6", O_RDONLY|O_CLOEXEC <unfinished ...> [pid 115] open("/dev/aloadC7", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 115] open("/dev/aloadC8", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 115] open("/dev/aloadC9", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 115] open("/dev/aloadC10", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) ``` Is there any way to allow this `/dev/aload*` files for `private-dev`? Also, you should probably disable `private-dev` in skypeforlinux profile for now.

gitea-mirror commented 2026-05-05 07:36:13 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Jan 19, 2018):

Hmm...I don't even have /dev/aload* on my system...are those files created by Skype?

<!-- gh-comment-id:359010161 --> @chiraag-nataraj commented on GitHub (Jan 19, 2018): Hmm...I don't even have `/dev/aload*` on my system...are those files created by Skype?

gitea-mirror commented 2026-05-05 07:36:15 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 19, 2018):

@chiraag-nataraj Hmm, I was wrong, my system doesn't have /dev/aload* files either. Something about ALSA, I suppose. Here are all files it uses from /dev: https://gist.github.com/selivan/926479e48c799cb4b7a37eb741af6c12

Everything seems allowed according to firejail manpage:

• /dev/shm/*
• /dev/urandom
• /dev/snd/*
• /dev/video0
• /dev/null
• /dev/dri
• /dev/disk/by-id

Anyway, it works without private-dev and doesn't work with it, I just can't find out why. Any ideas?

<!-- gh-comment-id:359036699 --> @selivan commented on GitHub (Jan 19, 2018): @chiraag-nataraj Hmm, I was wrong, my system doesn't have `/dev/aload*` files either. Something about ALSA, I suppose. Here are all files it uses from `/dev`: https://gist.github.com/selivan/926479e48c799cb4b7a37eb741af6c12 Everything seems allowed according to firejail manpage: - /dev/shm/* - /dev/urandom - /dev/snd/* - /dev/video0 - /dev/null - /dev/dri - /dev/disk/by-id Anyway, it works without `private-dev` and doesn't work with it, I just can't find out why. Any ideas?

gitea-mirror commented 2026-05-05 07:36:16 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Jan 19, 2018):

I'm going to download it and try it out and report back 🙂

<!-- gh-comment-id:359050564 --> @chiraag-nataraj commented on GitHub (Jan 19, 2018): I'm going to download it and try it out and report back :slightly_smiling_face:

gitea-mirror commented 2026-05-05 07:36:18 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Jan 19, 2018):

Hmm...I'm using the default profile for skypeforlinux with private-dev uncommented and it just worked for me. Although...I'm not logged in. Let me log in to see what happens.

<!-- gh-comment-id:359052356 --> @chiraag-nataraj commented on GitHub (Jan 19, 2018): Hmm...I'm using the default profile for `skypeforlinux` with `private-dev` uncommented and it just worked for me. Although...I'm not logged in. Let me log in to see what happens.

gitea-mirror commented 2026-05-05 07:36:19 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 19, 2018):

@chiraag-nataraj Yep, when I was playing with chrome profile and forgot to allow $HOME/.config/skypeforlinux, it showed me login window. Try to log in.

<!-- gh-comment-id:359078673 --> @selivan commented on GitHub (Jan 19, 2018): @chiraag-nataraj Yep, when I was playing with chrome profile and forgot to allow `$HOME/.config/skypeforlinux`, it showed me login window. Try to log in.

gitea-mirror commented 2026-05-05 07:36:20 -06:00

Author

Owner

Copy link

@Fred-Barclay commented on GitHub (Jan 22, 2018):

See also #1730

<!-- gh-comment-id:359489014 --> @Fred-Barclay commented on GitHub (Jan 22, 2018): See also #1730

gitea-mirror commented 2026-05-05 07:36:22 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 22, 2018):

@Fred-Barclay Tried it with both of /run/systemd and /var/run/systemd, didn't help. Only removing nodev helps.

Btw, I noticed that this whte non-responsive window loads 100% of one of processor cores.

<!-- gh-comment-id:359511060 --> @selivan commented on GitHub (Jan 22, 2018): @Fred-Barclay Tried it with both of `/run/systemd` and `/var/run/systemd`, didn't help. Only removing `nodev` helps. Btw, I noticed that this whte non-responsive window loads 100% of one of processor cores.

gitea-mirror commented 2026-05-05 07:36:23 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Jan 23, 2018):

Hi @selivan, if you want you can try pasting the following into /etc/firejail/skypeforlinux.local

ignore private-dev
whitelist /dev/dri
whitelist /dev/full
# whitelist /dev/log
whitelist /dev/null
whitelist /dev/ptmx
whitelist /dev/pts
whitelist /dev/random
whitelist /dev/shm
whitelist /dev/snd
whitelist /dev/tty
whitelist /dev/urandom
whitelist /dev/video0
whitelist /dev/zero

Adjust this for your system according to the output of firejail --quiet --private-dev --nodvd --notv ls -1 /dev

If that works, the culprit should be /dev/shm.

<!-- gh-comment-id:359801370 --> @smitsohu commented on GitHub (Jan 23, 2018): Hi @selivan, if you want you can try pasting the following into /etc/firejail/skypeforlinux.local ``` ignore private-dev whitelist /dev/dri whitelist /dev/full # whitelist /dev/log whitelist /dev/null whitelist /dev/ptmx whitelist /dev/pts whitelist /dev/random whitelist /dev/shm whitelist /dev/snd whitelist /dev/tty whitelist /dev/urandom whitelist /dev/video0 whitelist /dev/zero ``` Adjust this for your system according to the output of `firejail --quiet --private-dev --nodvd --notv ls -1 /dev` If that works, the culprit should be /dev/shm.

gitea-mirror commented 2026-05-05 07:36:24 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 23, 2018):

@smitsohu
firejail --quiet --private-dev --nodvd --notv ls -1 /dev :

dri
full
log
null
ptmx
pts
random
shm
snd
tty
urandom
video0
zero

~/.config/firejail/skypeforlinux.profile: https://gist.github.com/selivan/cd5742035409fe0571e1507046c71506

firejail --profile=~/.config/firejail/skypeforlinux.profile /usr/bin/skypeforlinux

still end up with white non-responsive window after short time(login, I suppose). Moreover, if I comment out ignore private-dev, and leave just whitelist *, it still hangs, even without private-dev in config O_o

<!-- gh-comment-id:359805950 --> @selivan commented on GitHub (Jan 23, 2018): @smitsohu `firejail --quiet --private-dev --nodvd --notv ls -1 /dev` : ``` dri full log null ptmx pts random shm snd tty urandom video0 zero ``` `~/.config/firejail/skypeforlinux.profile`: https://gist.github.com/selivan/cd5742035409fe0571e1507046c71506 `firejail --profile=~/.config/firejail/skypeforlinux.profile /usr/bin/skypeforlinux` still end up with white non-responsive window after short time(login, I suppose). Moreover, if I comment out `ignore private-dev`, and leave just `whitelist *`, it still hangs, even without `private-dev` in config O_o

gitea-mirror commented 2026-05-05 07:36:25 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Jan 23, 2018):

whitelist /dev/disk (in addition to the other whitelisting in /dev) works as a workaround for me.

EDIT: I just see now that you mentioned /dev/disk/by-id already in an earlier post. This folder is not whitelisted by private-dev, which is why the app breaks.

<!-- gh-comment-id:359860728 --> @smitsohu commented on GitHub (Jan 23, 2018): `whitelist /dev/disk` (in addition to the other whitelisting in /dev) works as a workaround for me. EDIT: I just see now that you mentioned /dev/disk/by-id already in an earlier post. This folder is not whitelisted by `private-dev`, which is why the app breaks.

gitea-mirror commented 2026-05-05 07:36:26 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 23, 2018):

@smitsohu nope, this still doesn't work:

private-dev
whitelist /dev/dri
whitelist /dev/full
whitelist /dev/null
whitelist /dev/ptmx
whitelist /dev/pts
whitelist /dev/random
whitelist /dev/shm
whitelist /dev/snd
whitelist /dev/tty
whitelist /dev/urandom
whitelist /dev/video0
whitelist /dev/zero
whitelist /dev/disk

...

Btw, man firejail says:

"disc, dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available.",

so disc should be available with private-dev.

<!-- gh-comment-id:359899654 --> @selivan commented on GitHub (Jan 23, 2018): @smitsohu nope, this still doesn't work: ``` private-dev whitelist /dev/dri whitelist /dev/full whitelist /dev/null whitelist /dev/ptmx whitelist /dev/pts whitelist /dev/random whitelist /dev/shm whitelist /dev/snd whitelist /dev/tty whitelist /dev/urandom whitelist /dev/video0 whitelist /dev/zero whitelist /dev/disk ... ``` Btw, man firejail says: "disc, dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available.", so disc should be available with private-dev.

gitea-mirror commented 2026-05-05 07:36:27 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Jan 23, 2018):

private-dev and whitelisting in /dev are mutually exclusive. Try it again without private-dev please.

Also I think there was a misunderstanding regarding disc. It is an alias for /dev/sr0, /dev/dvd and so on, i.e. for cd and dvd devices.

<!-- gh-comment-id:359913812 --> @smitsohu commented on GitHub (Jan 23, 2018): `private-dev` and whitelisting in /dev are mutually exclusive. Try it again without `private-dev` please. Also I think there was a misunderstanding regarding disc. It is an alias for /dev/sr0, /dev/dvd and so on, i.e. for cd and dvd devices.

gitea-mirror commented 2026-05-05 07:36:28 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 23, 2018):

@smitsohu without private-dev it works even without any whitelisting. And with whitelisting too, of course. But is sees real /dev, which is no good.

<!-- gh-comment-id:359920477 --> @selivan commented on GitHub (Jan 23, 2018): @smitsohu without `private-dev` it works even without any whitelisting. And with whitelisting too, of course. But is sees real /dev, which is no good.

gitea-mirror commented 2026-05-05 07:36:29 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 23, 2018):

@smitsohu it would be much better to have some private-dev-extended, including whatever it needs there.

<!-- gh-comment-id:359920950 --> @selivan commented on GitHub (Jan 23, 2018): @smitsohu it would be much better to have some `private-dev-extended`, including whatever it needs there.

gitea-mirror commented 2026-05-05 07:36:29 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Jan 23, 2018):

@selivan

without private-dev it works even without any whitelisting. And with whitelisting too, of course. But is sees real /dev, which is no good.

Yes, but with whitelisting only a fraction of /dev is available inside the jail.

it would be much better to have some private-dev-extended, including whatever it needs there.

We've had this discussion before, check out #1446. I wonder though how widespread issues with /dev/disk are. It would be interesting to see if more electron apps are affected.

@netblue30 what do you think?

<!-- gh-comment-id:359933113 --> @smitsohu commented on GitHub (Jan 23, 2018): @selivan > without private-dev it works even without any whitelisting. And with whitelisting too, of course. But is sees real /dev, which is no good. Yes, but with whitelisting only a fraction of /dev is available inside the jail. > it would be much better to have some private-dev-extended, including whatever it needs there. We've had this discussion before, check out #1446. I wonder though how widespread issues with /dev/disk are. It would be interesting to see if more electron apps are affected. @netblue30 what do you think?

gitea-mirror commented 2026-05-05 07:36:30 -06:00

Author

Owner

Copy link

@bmeh commented on GitHub (Jan 28, 2018):

I would like to note that Electron apps (too) (Wire, for example, amongst many others) have not been working for me for a few months now. I am getting error while loading shared libraries: libnode.so: cannot open shared object file: No such file or directory, which could be a problem caused by not having the directory containing the executable and libnode.so whitelisted, except it is. At least with a previous version I could just cd to the directory that contains libnode.so and it would work, but it doesn't work anymore that way either. Additionally, even in this case, the application wouldn't always show up properly (meaning it freezes, not getting displayed as expected), it would just start giving me such errors:

[154:0109/161459.161525:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.161653:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.161807:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.161940:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162080:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.162209:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162347:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.162476:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162617:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.162765:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162917:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.163052:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.

And on occasions, it would work as expected (???), but it's pretty rare.

Aaaaand steam-native is broken as well. It has been for a while.

Note: all the applications not working with firejail do work without it.

I don't know what changed, but it seems like firejail has been broken for a few months now. I tried downgrading to an older version, but it doesn't work either. Any pointers to a workaround or something? Mind you, firejail --noprofile foobar works, but yeah.

Distro: Arch Linux

firejail version 0.9.52

Compile time support:
        - AppArmor support is disabled
        - AppImage support is enabled
        - bind support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - git install support is disabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

firejail --quiet --private-dev --nodvd --notv ls -1 /dev:

dri
full
log
null
nvidia0
nvidiactl
nvidia-modeset
ptmx
pts
random
shm
snd
tty
urandom
video0
zero

Update:

This is very odd, commenting noroot in /etc/firejail/steam.profile (and wire.profile) solves all the issues, and the window is responsive and is displayed correctly. Huh?

<!-- gh-comment-id:361060829 --> @bmeh commented on GitHub (Jan 28, 2018): I would like to note that Electron apps (too) (Wire, for example, amongst many others) have not been working for me for a few months now. I am getting `error while loading shared libraries: libnode.so: cannot open shared object file: No such file or directory`, which could be a problem caused by not having the directory containing the executable and `libnode.so` whitelisted, except it is. At least with a previous version I could just `cd` to the directory that contains `libnode.so` and it would work, but it doesn't work anymore that way either. Additionally, even in this case, the application wouldn't always show up properly (meaning it freezes, not getting displayed as expected), it would just start giving me such errors: ``` [154:0109/161459.161525:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.161653:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.161807:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.161940:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162080:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.162209:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162347:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.162476:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162617:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.162765:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162917:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.163052:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. ``` And on occasions, it would work as expected (???), but it's pretty rare. Aaaaand `steam-native` is broken as well. It has been for a while. Note: all the applications not working with firejail do work without it. I don't know what changed, but it seems like firejail has been broken for a few months now. I tried downgrading to an older version, but it doesn't work either. Any pointers to a workaround or something? Mind you, `firejail --noprofile foobar` works, but yeah. Distro: Arch Linux ``` firejail version 0.9.52 Compile time support: - AppArmor support is disabled - AppImage support is enabled - bind support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - git install support is disabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` `firejail --quiet --private-dev --nodvd --notv ls -1 /dev`: ``` dri full log null nvidia0 nvidiactl nvidia-modeset ptmx pts random shm snd tty urandom video0 zero ``` Update: This is very odd, commenting `noroot` in `/etc/firejail/steam.profile` (and `wire.profile`) solves all the issues, and the window is responsive and is displayed correctly. Huh?

gitea-mirror commented 2026-05-05 07:36:31 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Jan 28, 2018):

@bmeh you may want to create a new issue for that, this one is about broken skypeforlinux.

<!-- gh-comment-id:361066399 --> @selivan commented on GitHub (Jan 28, 2018): @bmeh you may want to create a new issue for that, this one is about broken skypeforlinux.

gitea-mirror commented 2026-05-05 07:36:32 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Sep 28, 2018):

@selivan Is this still an issue?

<!-- gh-comment-id:425566810 --> @chiraag-nataraj commented on GitHub (Sep 28, 2018): @selivan Is this still an issue?

gitea-mirror commented 2026-05-05 07:36:33 -06:00

Author

Owner

Copy link

@selivan commented on GitHub (Oct 9, 2018):

@chiraag-nataraj Nope, with firejail 0.9.56 and skypeforlinux 8.31.0.92 I don't have this problem.

<!-- gh-comment-id:428313031 --> @selivan commented on GitHub (Oct 9, 2018): @chiraag-nataraj Nope, with firejail `0.9.56` and skypeforlinux `8.31.0.92` I don't have this problem.

gitea-mirror commented 2026-05-05 07:36:33 -06:00

Author

Owner

Copy link

@Vincent43 commented on GitHub (Oct 9, 2018):

Thx for the report.

<!-- gh-comment-id:428356495 --> @Vincent43 commented on GitHub (Oct 9, 2018): Thx for the report.

gitea-mirror referenced this issue 2026-05-05 10:09:25 -06:00

[PR #1177] [MERGED] various profile fixes and enhancements #3869

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1177

No description provided.