github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #175] using links in sandboxed firefox #121

New issue
Closed
opened 2026-05-05 05:06:03 -06:00 by gitea-mirror · 11 comments
gitea-mirror commented 2026-05-05 05:06:03 -06:00
Owner
Copy link

Originally created by @Micha-Btz on GitHub (Nov 29, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/175

hi there,

just a usability question related to sandboed processes. i use firejail for pidgin, icedove, skype and
iceweasel. if i get a link in one of these apps, the reactions are different:

pidgin / skype: /usr/bin/iceweasel %u - not found
icedove: seems to open a new ifrefox instance, the result is, that all tabs set as start page are opened, but not the link i pushed

i think it is clear, the processes are separated from each other but is it possible to let this communicate?

Originally created by @Micha-Btz on GitHub (Nov 29, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/175 hi there, just a usability question related to sandboed processes. i use firejail for pidgin, icedove, skype and iceweasel. if i get a link in one of these apps, the reactions are different: pidgin / skype: /usr/bin/iceweasel %u - not found icedove: seems to open a new ifrefox instance, the result is, that all tabs set as start page are opened, but not the link i pushed i think it is clear, the processes are separated from each other but is it possible to let this communicate?
gitea-mirror 2026-05-05 05:06:03 -06:00
gitea-mirror commented 2026-05-05 05:06:10 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Nov 30, 2015):

They do communicate, the trick is to have iceweasel already running. You basically have two firefox instances communicating. The new one started by pidgin/icedove communicates with the existing iceweasel instance, it passes the URL and it shuts down. How do you start the sandboxes?

<!-- gh-comment-id:160502076 --> @netblue30 commented on GitHub (Nov 30, 2015): They do communicate, the trick is to have iceweasel already running. You basically have two firefox instances communicating. The new one started by pidgin/icedove communicates with the existing iceweasel instance, it passes the URL and it shuts down. How do you start the sandboxes?
gitea-mirror commented 2026-05-05 05:06:12 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Nov 30, 2015):

i have added the firejails to my aliases,
#sandboxing processes
alias iceweasel='firejail iceweasel'
alias icedove='firejail icedove'
alias skype='firejail skype'
alias pidgin='firejail pidgin'
alias deluge='firejail deluge'

so that is startet with the profiles from 0.9.34 debian sid.
mdomann@sysiphus:$ firejail --list
1427:mdomann:firejail iceweasel
1434:mdomann:firejail icedove
3745:mdomann:firejail --debug pidgin
4028:mdomann:firejail skype
mdomann@sysiphus:$ firejail --tree
1427:mdomann:firejail iceweasel
1431:mdomann:iceweasel
1434:mdomann:firejail icedove
1438:mdomann:icedove
3745:mdomann:firejail --debug pidgin
3746:mdomann:pidgin
4028:mdomann:firejail skype
4029:mdomann:skype

skype, pidgin and icedove, no can comunicate with firefox.

<!-- gh-comment-id:160725390 --> @Micha-Btz commented on GitHub (Nov 30, 2015): i have added the firejails to my aliases, #sandboxing processes alias iceweasel='firejail iceweasel' alias icedove='firejail icedove' alias skype='firejail skype' alias pidgin='firejail pidgin' alias deluge='firejail deluge' so that is startet with the profiles from 0.9.34 debian sid. mdomann@sysiphus:~$ firejail --list 1427:mdomann:firejail iceweasel 1434:mdomann:firejail icedove 3745:mdomann:firejail --debug pidgin 4028:mdomann:firejail skype mdomann@sysiphus:~$ firejail --tree 1427:mdomann:firejail iceweasel 1431:mdomann:iceweasel 1434:mdomann:firejail icedove 1438:mdomann:icedove 3745:mdomann:firejail --debug pidgin 3746:mdomann:pidgin 4028:mdomann:firejail skype 4029:mdomann:skype skype, pidgin and icedove, no can comunicate with firefox.
gitea-mirror commented 2026-05-05 05:06:15 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Dec 1, 2015):

Can you try it without aliases? I have it running here on Debian jessie. I start with icedove, click on a link in an email, and it opens iceweasel with the correct page. Or, if iceweasel is already running, a new tab is opened. I didn't try it from skype or pidgin, but it shouldn't make any difference.

<!-- gh-comment-id:160806639 --> @netblue30 commented on GitHub (Dec 1, 2015): Can you try it without aliases? I have it running here on Debian jessie. I start with icedove, click on a link in an email, and it opens iceweasel with the correct page. Or, if iceweasel is already running, a new tab is opened. I didn't try it from skype or pidgin, but it shouldn't make any difference.
gitea-mirror commented 2026-05-05 05:06:17 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Dec 3, 2015):

hm, i tried it today, all directly from console with debug output. But it doen't change the described behaviour.
iceweasel and icedove are set as default about the xfce standard. but none work as aspected.
any idea? what command do you use?

<!-- gh-comment-id:161754621 --> @Micha-Btz commented on GitHub (Dec 3, 2015): hm, i tried it today, all directly from console with debug output. But it doen't change the described behaviour. iceweasel and icedove are set as default about the xfce standard. but none work as aspected. any idea? what command do you use?
gitea-mirror commented 2026-05-05 05:06:20 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Dec 3, 2015):

icedove shows this message
Warning: an existing sandbox was detected. iceweasel will run without any additional sandboxing features in a /bin/sh shell

<!-- gh-comment-id:161755485 --> @Micha-Btz commented on GitHub (Dec 3, 2015): icedove shows this message Warning: an existing sandbox was detected. iceweasel will run without any additional sandboxing features in a /bin/sh shell
gitea-mirror commented 2026-05-05 05:06:21 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Dec 7, 2015):

which version of thunderbird and firefox you use? i use for both the esr 38.x

<!-- gh-comment-id:162614147 --> @Micha-Btz commented on GitHub (Dec 7, 2015): which version of thunderbird and firefox you use? i use for both the esr 38.x
gitea-mirror commented 2026-05-05 05:06:24 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Dec 8, 2015):

which version of thunderbird and firefox you use? i use for both the esr 38.x

I am on Debian jessie, with both of them on 38.4

$ iceweasel --version
Mozilla Iceweasel 38.4.0
$ icedove --version
 Icedove 38.4.0

Warning: an existing sandbox was detected. iceweasel will run without any additional sandboxing features in a /bin/sh shell

Don't worry about this one. In case you already have a sandbox running, it will not allow you to start another sandbox inside it. Instead, it will start your program as is.

Let's try to debug it. Without iceweasel running, I start icedove in a xterm:

$ firejail icedove

I click on a link in an email, this opens iceweasel with the new link. After this I open another xterm and run:

$ firejail --tree
6237:netblue:firejail icedove 
  6238:netblue:firejail icedove 
    6239:netblue:icedove 
    6317:netblue:iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147

The command prints all the processes for all sandboxes running. I have a single sandbox (6237), and inside it I have two processes: icedove (6239) and iceweasel (6317). Notice how iceweasel was started with a url, This is the link I've clicked in iceweasel. Try this command, maybe the url is not passed to iceweasel.

You can also use firemon utility (distributed with firejail) to debug it. It will tell you what processes are started in the sandbox. You run "sudo firemon" in a separate xterm before you start icedove, and as you start the sandbox, the messages will start coming:

 $ sudo firemon
12:00:58 uid  6237 (root) NEW SANDBOX: firejail icedove 
12:00:58 exec 6237 (netblue) firejail icedove 
12:00:58 fork 6237 (netblue) firejail icedove 
    child 6238 firejail icedove 
12:00:58 fork 6238 (netblue) firejail icedove 
    child 6239 firejail icedove 
12:00:58 uid  6239 (netblue) /bin/bash -c "icedove"  
12:00:58 exec 6239 (netblue) /bin/bash -c "icedove"  
12:00:58 exec 6239 (netblue) icedove 
12:00:58 fork 6239 (netblue) icedove 
    child 6240 icedove 
12:00:59 exit 6240 (netblue)
12:01:08 fork 6239 (netblue) icedove 
    child 6316 icedove 
12:01:08 fork 6316 (netblue)
    child 6317 icedove 
12:01:08 exit 6316 (netblue)
12:01:08 exec 6317 (netblue) iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147 
12:01:08 fork 6317 (netblue) iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147 
    child 6321 iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147 
12:01:08 exit 6321 (netblue)

Monitor here if the link is passed down to iceweasel.

<!-- gh-comment-id:163021958 --> @netblue30 commented on GitHub (Dec 8, 2015): > which version of thunderbird and firefox you use? i use for both the esr 38.x I am on Debian jessie, with both of them on 38.4 ``` $ iceweasel --version Mozilla Iceweasel 38.4.0 $ icedove --version Icedove 38.4.0 ``` > Warning: an existing sandbox was detected. iceweasel will run without any additional sandboxing features in a /bin/sh shell Don't worry about this one. In case you already have a sandbox running, it will not allow you to start another sandbox inside it. Instead, it will start your program as is. Let's try to debug it. Without iceweasel running, I start icedove in a xterm: ``` $ firejail icedove ``` I click on a link in an email, this opens iceweasel with the new link. After this I open another xterm and run: ``` $ firejail --tree 6237:netblue:firejail icedove 6238:netblue:firejail icedove 6239:netblue:icedove 6317:netblue:iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147 ``` The command prints all the processes for all sandboxes running. I have a single sandbox (6237), and inside it I have two processes: icedove (6239) and iceweasel (6317). Notice how iceweasel was started with a url, This is the link I've clicked in iceweasel. Try this command, maybe the url is not passed to iceweasel. You can also use firemon utility (distributed with firejail) to debug it. It will tell you what processes are started in the sandbox. You run "sudo firemon" in a separate xterm before you start icedove, and as you start the sandbox, the messages will start coming: ``` $ sudo firemon 12:00:58 uid 6237 (root) NEW SANDBOX: firejail icedove 12:00:58 exec 6237 (netblue) firejail icedove 12:00:58 fork 6237 (netblue) firejail icedove child 6238 firejail icedove 12:00:58 fork 6238 (netblue) firejail icedove child 6239 firejail icedove 12:00:58 uid 6239 (netblue) /bin/bash -c "icedove" 12:00:58 exec 6239 (netblue) /bin/bash -c "icedove" 12:00:58 exec 6239 (netblue) icedove 12:00:58 fork 6239 (netblue) icedove child 6240 icedove 12:00:59 exit 6240 (netblue) 12:01:08 fork 6239 (netblue) icedove child 6316 icedove 12:01:08 fork 6316 (netblue) child 6317 icedove 12:01:08 exit 6316 (netblue) 12:01:08 exec 6317 (netblue) iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147 12:01:08 fork 6317 (netblue) iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147 child 6321 iceweasel https://github.com/netblue30/firejail/issues/175#issuecomment-162614147 12:01:08 exit 6321 (netblue) ``` Monitor here if the link is passed down to iceweasel.
gitea-mirror commented 2026-05-05 05:06:26 -06:00
Author
Owner
Copy link

@xinomilo commented on GitHub (Dec 13, 2015):

same debian/sid. wanted to report different behavior in icedove and another instance of mozilla thunderbird.
icedove opens links in iceweasel (as it is associated to do), but mozilla thunderbird doesnt open url links at all. same thunderbird without firejail opens them in default browser.
from what i saw, they load the same firejail profiles, didnt debug further than that.
dont know if others face the same issue, its not a default scenario.

edit] found this with firejail --debug /path/to/mozilla/thunderbird :
[70:70:1213/173945:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chromium/chrome-sandbox is owned by root and has mode 4755.
#0 0x55f66ac1ebee
#1 0x55f66ac343f0
#2 0x55f66d37ec73
#3 0x55f66d057ad0
#4 0x55f66d0e58f7
#5 0x55f66cee5dc6
#6 0x55f66cee5ada
#7 0x55f66abf1e0f
#8 0x55f66abf0f30
#9 0x55f66a753258 ChromeMain
#10 0x7ff0c4ef2870 __libc_start_main
#11 0x55f66a7530f9 _start

but /usr/lib/chromium/chrome-sandbox is owned by root and 4755.
i guess icedove would behave the same, if it wasnt associated with iceweasel in preferences.

<!-- gh-comment-id:164268278 --> @xinomilo commented on GitHub (Dec 13, 2015): same debian/sid. wanted to report different behavior in icedove and another instance of mozilla thunderbird. icedove opens links in iceweasel (as it is associated to do), but mozilla thunderbird doesnt open url links at all. same thunderbird without firejail opens them in default browser. from what i saw, they load the same firejail profiles, didnt debug further than that. dont know if others face the same issue, its not a default scenario. edit] found this with firejail --debug /path/to/mozilla/thunderbird : [70:70:1213/173945:FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chromium/chrome-sandbox is owned by root and has mode 4755. #0 0x55f66ac1ebee <unknown> #1 0x55f66ac343f0 <unknown> #2 0x55f66d37ec73 <unknown> #3 0x55f66d057ad0 <unknown> #4 0x55f66d0e58f7 <unknown> #5 0x55f66cee5dc6 <unknown> #6 0x55f66cee5ada <unknown> #7 0x55f66abf1e0f <unknown> #8 0x55f66abf0f30 <unknown> #9 0x55f66a753258 ChromeMain #10 0x7ff0c4ef2870 __libc_start_main #11 0x55f66a7530f9 _start but /usr/lib/chromium/chrome-sandbox is owned by root and 4755. i guess icedove would behave the same, if it wasnt associated with iceweasel in preferences.
gitea-mirror commented 2026-05-05 05:06:29 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Dec 13, 2015):

i have give it another try. if i clicked a link in icedove, the browser opends. but the link is not opened.

root@sysiphus:/home/mdomann# firemon
1326:mdomann:firejail pidgin
1329:mdomann:pidgin
1338:mdomann:firejail icedove
1340:mdomann:icedove
12077: (zombie)
12083: (zombie)
12298:mdomann:firejail iceweasel
12301:mdomann:sh -c iceweasel
12302:mdomann:iceweasel
2040:mdomann:firejail deluge
2041:mdomann:/usr/bin/python /usr/bin/deluge

18:48:11 fork 1340 (mdomann) icedove
child 12525 icedove
18:48:11 fork 12525 (mdomann)
child 12526 icedove
18:48:11 exec 12526 (mdomann) firejail iceweasel
18:48:11 fork 12526 (mdomann) firejail iceweasel
child 12528 firejail iceweasel
18:48:11 exec 12528 (mdomann) sh -c iceweasel
18:48:11 fork 12528 (mdomann) sh -c iceweasel
child 12530 sh -c iceweasel
18:48:11 exec 12530 (mdomann) iceweasel
18:48:11 exit 12525 (mdomann)
18:48:11 fork 12530 (mdomann) iceweasel
child 12532 iceweasel
18:48:11 exit 12532 (mdomann)
18:48:11 exit 12528 (mdomann)
18:48:11 exit 12526 (mdomann)
18:48:11 exit 12530 (mdomann)

and one thing that is realy strange. if i run iceweasel with the profile, i can only acces the Donwload folder, but i iceweasel was startet from icedove, i have acces to much more files.

<!-- gh-comment-id:164281811 --> @Micha-Btz commented on GitHub (Dec 13, 2015): i have give it another try. if i clicked a link in icedove, the browser opends. but the link is not opened. <addr> root@sysiphus:/home/mdomann# firemon 1326:mdomann:firejail pidgin 1329:mdomann:pidgin 1338:mdomann:firejail icedove 1340:mdomann:icedove 12077: (zombie) 12083: (zombie) 12298:mdomann:firejail iceweasel 12301:mdomann:sh -c iceweasel 12302:mdomann:iceweasel 2040:mdomann:firejail deluge 2041:mdomann:/usr/bin/python /usr/bin/deluge 18:48:11 fork 1340 (mdomann) icedove child 12525 icedove 18:48:11 fork 12525 (mdomann) child 12526 icedove 18:48:11 exec 12526 (mdomann) firejail iceweasel 18:48:11 fork 12526 (mdomann) firejail iceweasel child 12528 firejail iceweasel 18:48:11 exec 12528 (mdomann) sh -c iceweasel 18:48:11 fork 12528 (mdomann) sh -c iceweasel child 12530 sh -c iceweasel 18:48:11 exec 12530 (mdomann) iceweasel 18:48:11 exit 12525 (mdomann) 18:48:11 fork 12530 (mdomann) iceweasel child 12532 iceweasel 18:48:11 exit 12532 (mdomann) 18:48:11 exit 12528 (mdomann) 18:48:11 exit 12526 (mdomann) 18:48:11 exit 12530 (mdomann) <addr/> and one thing that is realy strange. if i run iceweasel with the profile, i can only acces the Donwload folder, but i iceweasel was startet from icedove, i have acces to much more files.
gitea-mirror commented 2026-05-05 05:06:34 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Dec 16, 2015):

It is clear, it doesn't pass down your url to iceweasel. I have no idea why, did you modified anything in icedove configuration?

Try this: as root open /etc/icedove/pref/icedove.js. Comment out the two pref("network.protocol-handler.app*" lines and replace them as follows:

// if you are not using gnome
#pref("network.protocol-handler.app.http", "x-www-browser");
#pref("network.protocol-handler.app.https", "x-www-browser");
pref("network.protocol-handler.app.http", "/usr/lib/iceweasel/iceweasel");
pref("network.protocol-handler.app.https", "/usr/lib/iceweasel/iceweasel");

and one thing that is realy strange. if i run iceweasel with the profile, i can only acces the Donwload folder, but i iceweasel was startet from icedove, i have acces to much more files.

The two profiles are different, the one used by iceweasel is more restrictive than the one used by icedove. I usually start iceweasel before icedove, so when I click on a link, icedove contacts the already running instance of iceweasel.

<!-- gh-comment-id:165099151 --> @netblue30 commented on GitHub (Dec 16, 2015): It is clear, it doesn't pass down your url to iceweasel. I have no idea why, did you modified anything in icedove configuration? Try this: as root open /etc/icedove/pref/icedove.js. Comment out the two pref("network.protocol-handler.app*" lines and replace them as follows: ``` // if you are not using gnome #pref("network.protocol-handler.app.http", "x-www-browser"); #pref("network.protocol-handler.app.https", "x-www-browser"); pref("network.protocol-handler.app.http", "/usr/lib/iceweasel/iceweasel"); pref("network.protocol-handler.app.https", "/usr/lib/iceweasel/iceweasel"); ``` > and one thing that is realy strange. if i run iceweasel with the profile, i can only acces the Donwload folder, but i iceweasel was startet from icedove, i have acces to much more files. The two profiles are different, the one used by iceweasel is more restrictive than the one used by icedove. I usually start iceweasel before icedove, so when I click on a link, icedove contacts the already running instance of iceweasel.
gitea-mirror commented 2026-05-05 05:06:37 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Dec 17, 2015):

ok, with the suggested option, i get icedove and pidgin to work with iceweasel.
skype not there is no option for changing the default browser and all possibility's the web suggested does not work.
i also try to modify .config/mimeapps.list but no luck. since i am not often use skype, i can live with that.
so far i close this issue.
bildschirmfoto_2015-12-17_20-28-25

<!-- gh-comment-id:165558097 --> @Micha-Btz commented on GitHub (Dec 17, 2015): ok, with the suggested option, i get icedove and pidgin to work with iceweasel. skype not there is no option for changing the default browser and all possibility's the web suggested does not work. i also try to modify .config/mimeapps.list but no luck. since i am not often use skype, i can live with that. so far i close this issue. ![bildschirmfoto_2015-12-17_20-28-25](https://cloud.githubusercontent.com/assets/4420944/11879652/f985b7d6-a4fc-11e5-9f2d-d5a3397fa1e1.png)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#121
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?