[GH-ISSUE #1950] Chrome cannot get the timezone correctly breaking many websites

gitea-mirror commented

2026-05-05 07:50:22 -06:00

Owner

Originally created by @nitrocode on GitHub (May 20, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1950

My firejail command

firejail --dns=1.1.1.1 --dns=8.8.4.4 google-chrome-stable %U

If I open up DevTools and run

new Date().toLocaleTimeString()

This returns

VM42:1 Uncaught RangeError: Unsupported time zone specified undefined
at new DateTimeFormat (chrome://newtab/native)
at Date.toLocaleTimeString (chrome://newtab/native)
at :1:12

In order to set the timezone correctly so it does not break websites, I found this workaround.

firejail --dns=1.1.1.1 --dns=8.8.4.4 --env=TZ=America/Tijuana google-chrome-stable %U

Firefox doesn't seem to have this issue and I'm currently running firejail version 0.9.55

Originally created by @nitrocode on GitHub (May 20, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1950 My firejail command firejail --dns=1.1.1.1 --dns=8.8.4.4 google-chrome-stable %U If I open up DevTools and run new Date().toLocaleTimeString() This returns > VM42:1 Uncaught RangeError: Unsupported time zone specified undefined at new DateTimeFormat (chrome://newtab/native) at Date.toLocaleTimeString (chrome://newtab/native) at <anonymous>:1:12 In order to set the timezone correctly so it does not break websites, I found this workaround. firejail --dns=1.1.1.1 --dns=8.8.4.4 --env=TZ=America/Tijuana google-chrome-stable %U Firefox doesn't seem to have this issue and I'm currently running firejail version 0.9.55

gitea-mirror added the

enhancement

bug

labels 2026-05-05 07:50:22 -06:00

gitea-mirror commented

2026-05-05 07:50:24 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (May 20, 2018):

What distro are you running?
Is the output of ls -lha /etc/localtime your correct timezone?

@SkewedZeppelin commented on GitHub (May 20, 2018): What distro are you running? Is the output of `ls -lha /etc/localtime` your correct timezone?

gitea-mirror commented

2026-05-05 07:50:26 -06:00

Author

Owner

@nitrocode commented on GitHub (May 20, 2018):

@SkewedZeppelin running Ubuntu 16.04 Xenial.

My timezone is set correctly

$ ls -lha /etc/localtime
lrwxrwxrwx 1 root root 36 Jan  7 11:40 /etc/localtime -> /usr/share/zoneinfo/America/Tijuana

@nitrocode commented on GitHub (May 20, 2018): @SkewedZeppelin running Ubuntu 16.04 Xenial. My timezone is set correctly $ ls -lha /etc/localtime lrwxrwxrwx 1 root root 36 Jan 7 11:40 /etc/localtime -> /usr/share/zoneinfo/America/Tijuana

gitea-mirror commented

2026-05-05 07:50:28 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (May 21, 2018):

Can you try commenting apparmor and nodbus in /etc/firejail/chromium-common.profile?

@SkewedZeppelin commented on GitHub (May 21, 2018): Can you try commenting `apparmor` and `nodbus` in `/etc/firejail/chromium-common.profile`?

gitea-mirror commented

2026-05-05 07:50:29 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Oct 3, 2018):

@nitrocode Is this still an issue?

@chiraag-nataraj commented on GitHub (Oct 3, 2018): @nitrocode Is this still an issue?

gitea-mirror commented

2026-05-05 07:50:30 -06:00

Author

Owner

@nitrocode commented on GitHub (Oct 3, 2018):

I haven't checked in a while but I'll check again by the end of the week.

@nitrocode commented on GitHub (Oct 3, 2018): I haven't checked in a while but I'll check again by the end of the week.

gitea-mirror commented

2026-05-05 07:50:31 -06:00

Author

Owner

@tofurky commented on GitHub (Jan 20, 2019):

Seeing the same thing when using private-etc in google-chrome.local using 0.9.56-1~0ubuntu18.10.0.

For some reason, specifying private-etc ...,localtime,... causes /etc/localtime to point at the wrong file (seen by joining chrome's namespace):

bash-4.4$ ls -l /etc/localtime 
lrwxrwxrwx 1 root root 30 Jan 20 04:34 /etc/localtime -> /usr/share/zoneinfo/posixrules

However, my actual filesystem has this:

matt@aquos:~$ ls -l /etc/localtime 
lrwxrwxrwx 1 root root 36 Jan  1 22:31 /etc/localtime -> /usr/share/zoneinfo/America/New_York

I poked around but I'm kind of stumped. Running with --debug shows:

...
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/hosts /run/firejail/mnt/etc (null) 
copying /etc/localtime to private /etc
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/localtime /run/firejail/mnt/etc (null) 
copying /etc/nsswitch.conf to private /etc
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc (null) 
copying /etc/resolv.conf to private /etc
...

The only reference I saw to localtime was here: 97eed29370/src/firejail/fs_whitelist.c (L601-L615)

As a workaround for the time being, removing localtime from private-etc and adding env TZ=America/New_York to google-chrome.local seems to fix it.

@tofurky commented on GitHub (Jan 20, 2019): Seeing the same thing when using private-etc in google-chrome.local using 0.9.56-1~0ubuntu18.10.0. For some reason, specifying `private-etc ...,localtime,...` causes /etc/localtime to point at the wrong file (seen by joining chrome's namespace): ``` bash-4.4$ ls -l /etc/localtime lrwxrwxrwx 1 root root 30 Jan 20 04:34 /etc/localtime -> /usr/share/zoneinfo/posixrules ``` However, my actual filesystem has this: ``` matt@aquos:~$ ls -l /etc/localtime lrwxrwxrwx 1 root root 36 Jan 1 22:31 /etc/localtime -> /usr/share/zoneinfo/America/New_York ``` I poked around but I'm kind of stumped. Running with --debug shows: ``` ... sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/hosts /run/firejail/mnt/etc (null) copying /etc/localtime to private /etc sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/localtime /run/firejail/mnt/etc (null) copying /etc/nsswitch.conf to private /etc sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc (null) copying /etc/resolv.conf to private /etc ... ``` The only reference I saw to localtime was here: https://github.com/netblue30/firejail/blob/97eed29370b91f54caac7d150c09a681a1763317/src/firejail/fs_whitelist.c#L601-L615 As a workaround for the time being, removing localtime from private-etc and adding `env TZ=America/New_York` to google-chrome.local seems to fix it.

gitea-mirror commented

2026-05-05 07:50:32 -06:00

Author

Owner

@tofurky commented on GitHub (Jan 20, 2019):

Seems that it might have to do with fcopy resolving the final file, rather than the intermediate symlink:

matt@aquos:~$ ls -l /etc/localtime 
lrwxrwxrwx 1 root root 36 Jan  1 22:31 /etc/localtime -> /usr/share/zoneinfo/America/New_York
matt@aquos:~$ ls -l /usr/share/zoneinfo/America/New_York
lrwxrwxrwx 1 root root 13 Jan  1 00:05 /usr/share/zoneinfo/America/New_York -> ../posixrules

If copy_link() is the function in question, I guess readlink() could be used there instead of realpath(), but that would be a major change in behavior:
012dd9faeb/src/fcopy/main.c (L117-L134)

@tofurky commented on GitHub (Jan 20, 2019): Seems that it might have to do with fcopy resolving the final file, rather than the intermediate symlink: ``` matt@aquos:~$ ls -l /etc/localtime lrwxrwxrwx 1 root root 36 Jan 1 22:31 /etc/localtime -> /usr/share/zoneinfo/America/New_York matt@aquos:~$ ls -l /usr/share/zoneinfo/America/New_York lrwxrwxrwx 1 root root 13 Jan 1 00:05 /usr/share/zoneinfo/America/New_York -> ../posixrules ``` If `copy_link()` is the function in question, I guess `readlink()` could be used there instead of `realpath()`, but that would be a major change in behavior: https://github.com/netblue30/firejail/blob/012dd9faeb2c994731d77808f83265c90072f809/src/fcopy/main.c#L117-L134

gitea-mirror commented

2026-05-05 07:50:33 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 21, 2019):

Is this still an issue?

@chiraag-nataraj commented on GitHub (May 21, 2019): Is this still an issue?

gitea-mirror commented

2026-05-05 07:50:34 -06:00

Author

Owner

@tofurky commented on GitHub (May 22, 2019):

Is this still an issue?

yes, and will continue to be until copy_link() includes all intermediate symlinks.

@tofurky commented on GitHub (May 22, 2019): > Is this still an issue? yes, and will continue to be until `copy_link()` includes all intermediate symlinks.

gitea-mirror commented

2026-05-05 07:50:35 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 22, 2019):

The thing is that this doesn't seem to affect Firefox's ability to get the system time right (or any other program's, for that matter)...that's why this is so odd.

@chiraag-nataraj commented on GitHub (May 22, 2019): The thing is that this doesn't seem to affect Firefox's ability to get the system time right (or any other program's, for that matter)...that's why this is so odd.

gitea-mirror commented

2026-05-05 07:50:36 -06:00

Author

Owner

@tofurky commented on GitHub (May 22, 2019):

it might have to do with chrome's extra sandboxing, not sure.

@tofurky commented on GitHub (May 22, 2019): it might have to do with chrome's extra sandboxing, not sure.

gitea-mirror commented

2026-05-05 07:50:37 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 22, 2019):

Does this profile work for you? I don't get the error you're getting.
~/.config/firejail/chromium.profile

ignore noroot
ignore seccomp
ignore seccomp.block-secondary
ignore nonewprivs
ignore caps.drop
ignore net
ignore memory-deny-write-execute
ignore private-dev
ignore nou2f

include ${HOME}/.config/firejail/common.inc

mkdir ${HOME}/.config/chromium

whitelist ${HOME}/.config/chromium
whitelist ${HOME}/.themes
whitelist ${HOME}/.config/gtk-3.0

whitelist ${DOWNLOADS}

# private-bin seems to only work with firejail /usr/lib/chromium/chromium on
# Debian... Kept it enabled since other platforms may be different
private-bin chromium,bash,readlink,dirname,cat,uname,mktemp,sed,man,grep,expr
private-etc fonts,alternatives,X11,pulse,resolv.conf,localtime,chromium.d

caps.keep sys_chroot,sys_admin
blacklist /usr/share/fonts/truetype/unifont

~/.config/firejail/common.inc

blacklist /usr/local/bin
blacklist /usr/local/sbin

blacklist /boot

private-tmp
read-only /tmp/.X11-unix
private-dev
disable-mnt
private-opt emp
private-srv emp

shell none
seccomp
seccomp.block-secondary
noroot
caps.drop all
apparmor
nonewprivs
ipc-namespace
machine-id
nodbus
nou2f
nogroups
net none
netfilter
memory-deny-write-execute

noexec ${HOME}
noexec /tmp
noexec ${RUNUSER}

I don't have google-chrome installed, but I can try that to see if chromium versus google-chrome makes a difference.

@chiraag-nataraj commented on GitHub (May 22, 2019): Does this profile work for you? I don't get the error you're getting. `~/.config/firejail/chromium.profile` ``` ignore noroot ignore seccomp ignore seccomp.block-secondary ignore nonewprivs ignore caps.drop ignore net ignore memory-deny-write-execute ignore private-dev ignore nou2f include ${HOME}/.config/firejail/common.inc mkdir ${HOME}/.config/chromium whitelist ${HOME}/.config/chromium whitelist ${HOME}/.themes whitelist ${HOME}/.config/gtk-3.0 whitelist ${DOWNLOADS} # private-bin seems to only work with firejail /usr/lib/chromium/chromium on # Debian... Kept it enabled since other platforms may be different private-bin chromium,bash,readlink,dirname,cat,uname,mktemp,sed,man,grep,expr private-etc fonts,alternatives,X11,pulse,resolv.conf,localtime,chromium.d caps.keep sys_chroot,sys_admin blacklist /usr/share/fonts/truetype/unifont ``` `~/.config/firejail/common.inc` ``` blacklist /usr/local/bin blacklist /usr/local/sbin blacklist /boot private-tmp read-only /tmp/.X11-unix private-dev disable-mnt private-opt emp private-srv emp shell none seccomp seccomp.block-secondary noroot caps.drop all apparmor nonewprivs ipc-namespace machine-id nodbus nou2f nogroups net none netfilter memory-deny-write-execute noexec ${HOME} noexec /tmp noexec ${RUNUSER} ``` I don't have `google-chrome` installed, but I can try that to see if `chromium` versus `google-chrome` makes a difference.

gitea-mirror commented

2026-05-05 07:50:39 -06:00

Author

Owner

@tofurky commented on GitHub (May 22, 2019):

you can see what timezone the browser is using @ https://browserspy.dk/date.php

@tofurky commented on GitHub (May 22, 2019): you can see what timezone the browser is using @ https://browserspy.dk/date.php

gitea-mirror commented

2026-05-05 07:50:40 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 22, 2019):

So it thinks I'm in GMT (come to think of it, I got the same result when I used the Date object in the Dev console...). I guess I never noticed this because I enabled fingerprinting resistance in Firefox, which also spoofs the timezone to GMT 😜

@chiraag-nataraj commented on GitHub (May 22, 2019): So it thinks I'm in GMT (come to think of it, I got the same result when I used the Date object in the Dev console...). I guess I never noticed this because I enabled fingerprinting resistance in Firefox, which _also_ spoofs the timezone to GMT :stuck_out_tongue_winking_eye:

gitea-mirror commented

2026-05-05 07:50:41 -06:00

Author

Owner

@Vincent43 commented on GitHub (May 22, 2019):

@tofurky why /usr/share/zoneinfo/America/New_York is a symlink to posixrules on your system?

@Vincent43 commented on GitHub (May 22, 2019): @tofurky why `/usr/share/zoneinfo/America/New_York` is a symlink to `posixrules` on your system?

gitea-mirror commented

2026-05-05 07:50:42 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 22, 2019):

It is on mine as well @Vincent43. From exploring a bit, it seems that (I think) the chosen timezone file is symlinked to posixrules for some reason...

@chiraag-nataraj commented on GitHub (May 22, 2019): It is on mine as well @Vincent43. From exploring a bit, it seems that (I think) the chosen timezone file is symlinked to posixrules for some reason...

gitea-mirror commented

2026-05-05 07:50:43 -06:00

Author

Owner

@Vincent43 commented on GitHub (May 22, 2019):

Interesting. On Arch Linux I don't have such symlink.

@Vincent43 commented on GitHub (May 22, 2019): Interesting. On Arch Linux I don't have such symlink.

gitea-mirror commented

2026-05-05 07:50:44 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 22, 2019):

Hmm, I see.

@chiraag-nataraj commented on GitHub (May 22, 2019): Hmm, I see.

gitea-mirror commented

2026-05-05 07:50:45 -06:00

Author

Owner

@tofurky commented on GitHub (May 24, 2019):

@tofurky why /usr/share/zoneinfo/America/New_York is a symlink to posixrules on your system?

it's the standard way of doing it on debian/ubuntu, at least.

@tofurky commented on GitHub (May 24, 2019): > @tofurky why `/usr/share/zoneinfo/America/New_York` is a symlink to `posixrules` on your system? it's the standard way of doing it on debian/ubuntu, at least.

gitea-mirror commented

2026-05-05 07:50:47 -06:00

Author

Owner

@dw-loewe commented on GitHub (Mar 28, 2023):

had the same problem with firefox-esr (debian 11; firejail version 0.9.72) with private-etc enabled in firefox.local and firefox-common.local; circumvent that with env TZ=<timezone> as mentioned by @tofurky

@dw-loewe commented on GitHub (Mar 28, 2023): had the same problem with firefox-esr (debian 11; firejail version 0.9.72) with private-etc enabled in firefox.local and firefox-common.local; circumvent that with `env TZ=<timezone>` as mentioned by @tofurky

Rows
Columns

[GH-ISSUE #1950] Chrome cannot get the timezone correctly breaking many websites #1306