[GH-ISSUE #1995] Adding a global modifier (net=eth0) to all firejails

gitea-mirror commented

2026-05-05 07:54:26 -06:00

Owner

Originally created by @Futureknows on GitHub (Jun 14, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1995

How can I add a global parameter to all launched firejails?
In my case I want everything to open with --net=eth0.

I tried adding a line net=eth0 to /etc/firejail/default.profile, /etc/firejail/default.local and /etc/firejail/globals.local. No luck. Do I need to sudo firecfg to rebuild symlinks?

Originally created by @Futureknows on GitHub (Jun 14, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1995 How can I add a global parameter to all launched firejails? In my case I want everything to open with `--net=eth0`. I tried adding a line `net=eth0` to /etc/firejail/default.profile, /etc/firejail/default.local and /etc/firejail/globals.local. No luck. Do I need to sudo firecfg to rebuild symlinks?

gitea-mirror

2026-05-05 07:54:26 -06:00

closed this issue
added the
question_old
label

gitea-mirror commented

2026-05-05 07:54:31 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jun 14, 2018):

Try net eth0 in /etc/firejail/globals.local (the same thing as what you did without the =).

@Fred-Barclay commented on GitHub (Jun 14, 2018): Try `net eth0` in /etc/firejail/globals.local (the same thing as what you did without the `=`).

gitea-mirror commented

2026-05-05 07:54:32 -06:00

Author

Owner

@Futureknows commented on GitHub (Jun 14, 2018):

I did that but it didn't take, I don't see /etc/firejail/globals.local being parsed during Firefox launch.
Below is list of profiles that get read by default.

[user@localhost ~]$ firejail firefox
Reading profile /usr/local/etc/firejail/firefox.profile
Reading profile /usr/local/etc/firejail/firefox-common.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc

@Futureknows commented on GitHub (Jun 14, 2018): I did that but it didn't take, I don't see /etc/firejail/globals.local being parsed during Firefox launch. Below is list of profiles that get read by default. ``` [user@localhost ~]$ firejail firefox Reading profile /usr/local/etc/firejail/firefox.profile Reading profile /usr/local/etc/firejail/firefox-common.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-interpreters.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/whitelist-common.inc Reading profile /usr/local/etc/firejail/whitelist-var-common.inc ```

gitea-mirror commented

2026-05-05 07:54:34 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jun 14, 2018):

Oh -- firejial is in /usr/local/ for you. So instead, put net none in /usr/local/etc/firejail/globals.local.

Also are there files in /etc/firejail? You maybe should remove them if so. Firejail in your case will be reading from /usr/local/etc/firejail/, not /etc/firejail/.

@Fred-Barclay commented on GitHub (Jun 14, 2018): Oh -- firejial is in /usr/local/ for you. So instead, put `net none` in /usr/local/etc/firejail/globals.local. Also are there files in /etc/firejail? You maybe should remove them if so. Firejail in your case will be reading from /usr/local/etc/firejail/, not /etc/firejail/.

gitea-mirror commented

2026-05-05 07:54:35 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jun 15, 2018):

@Fred-Barclay Probably a bad idea to remove them manually, since those are probably installed by a package manager. It's better to uninstall the package or just leave the files alone - leaving the package installed has the benefit that you'll know when a new version of firejail is released (and can uninstall the local version then should you want to do so).

@chiraag-nataraj commented on GitHub (Jun 15, 2018): @Fred-Barclay Probably a bad idea to remove them manually, since those are probably installed by a package manager. It's better to uninstall the package or just leave the files alone - leaving the package installed has the benefit that you'll know when a new version of firejail is released (and can uninstall the local version then should you want to do so).

gitea-mirror commented

2026-05-05 07:54:37 -06:00

Author

Owner

@Futureknows commented on GitHub (Jun 15, 2018):

Thanks, I had installed from a package manager then updated several versions manually leaving traces everywhere. I removed firejail then deleted every firejail* trace from the system. Compiled and installed latest and now I have one odd problem: firecfg works fine as user but sudo firecfg says firecfg not found.

@Futureknows commented on GitHub (Jun 15, 2018): Thanks, I had installed from a package manager then updated several versions manually leaving traces everywhere. I removed firejail then deleted every firejail* trace from the system. Compiled and installed latest and now I have one odd problem: firecfg works fine as user but sudo firecfg says firecfg not found.

gitea-mirror commented

2026-05-05 07:54:39 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jun 15, 2018):

What do where firecfg and firecfg --version say?

@Fred-Barclay commented on GitHub (Jun 15, 2018): What do `where firecfg` and `firecfg --version` say?

gitea-mirror commented

2026-05-05 07:54:41 -06:00

Author

Owner

@Futureknows commented on GitHub (Jun 15, 2018):

Both Firejail and Firecfg report 0.9.55.

[user@localhost ~]$ sudo firecfg [sudo] password for user: sudo: firecfg: command not found [user@localhost ~]$ firecfg Error: cannot set the symbolic links in /usr/local/bin The proper way to run this command is "sudo firecfg".

@Futureknows commented on GitHub (Jun 15, 2018): Both Firejail and Firecfg report 0.9.55. `[user@localhost ~]$ sudo firecfg [sudo] password for user: sudo: firecfg: command not found [user@localhost ~]$ firecfg Error: cannot set the symbolic links in /usr/local/bin The proper way to run this command is "sudo firecfg". `

gitea-mirror commented

2026-05-05 07:54:42 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jun 15, 2018):

@Futureknows What is the output of where firecfg?

@Fred-Barclay commented on GitHub (Jun 15, 2018): @Futureknows What is the output of `where firecfg`?

gitea-mirror commented

2026-05-05 07:54:44 -06:00

Author

Owner

@Futureknows commented on GitHub (Jun 15, 2018):

[user@localhost ~]$ where firecfg bash: where: command not found
[user@localhost ~]$ sudo where firecfg [sudo] password for user: sudo: where: command not found

I see firecfg in /usr/local/bin

@Futureknows commented on GitHub (Jun 15, 2018): `[user@localhost ~]$ where firecfg bash: where: command not found ` `[user@localhost ~]$ sudo where firecfg [sudo] password for user: sudo: where: command not found ` I see firecfg in /usr/local/bin

gitea-mirror commented

2026-05-05 07:54:46 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jun 15, 2018):

Sorry -- whereis firefox. Looks like I've been using Windows a bit too much! 😄

@Fred-Barclay commented on GitHub (Jun 15, 2018): Sorry -- `whereis firefox`. Looks like I've been using Windows a bit too much! :smile:

gitea-mirror commented

2026-05-05 07:54:47 -06:00

Author

Owner

@Futureknows commented on GitHub (Jun 16, 2018):

[user@localhost ~]$ whereis firefox firefox: /usr/bin/firefox /usr/lib64/firefox /etc/firefox /usr/local/bin/firefox /usr/share/man/man1/firefox.1.gz

@Futureknows commented on GitHub (Jun 16, 2018): `[user@localhost ~]$ whereis firefox firefox: /usr/bin/firefox /usr/lib64/firefox /etc/firefox /usr/local/bin/firefox /usr/share/man/man1/firefox.1.gz `

gitea-mirror commented

2026-05-05 07:54:48 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jun 16, 2018):

And... I messed up again. What does whereis firecfg say?

@Fred-Barclay commented on GitHub (Jun 16, 2018): And... I messed up again. What does `whereis firecfg` say? ![](https://www.viralviralvideos.com/wp-content/uploads/2017/04/24619715.gif)

gitea-mirror commented

2026-05-05 07:54:49 -06:00

Author

Owner

@Futureknows commented on GitHub (Jun 17, 2018):

user@Mint ~ $ whereis firecfg firecfg: /usr/local/bin/firecfg

@Futureknows commented on GitHub (Jun 17, 2018): `user@Mint ~ $ whereis firecfg firecfg: /usr/local/bin/firecfg `

gitea-mirror commented

2026-05-05 07:54:50 -06:00

Author

Owner

@Futureknows commented on GitHub (Jun 17, 2018):

Ok, you fixed it! After I ran sudo /usr/local/bin/firecfg, it fixed the symlink.
Now it works as expected without the full path (`sudo firecfg')

@Futureknows commented on GitHub (Jun 17, 2018): Ok, you fixed it! After I ran `sudo /usr/local/bin/firecfg`, it fixed the symlink. Now it works as expected without the full path (`sudo firecfg')

gitea-mirror referenced this issue

2026-05-05 10:11:48 -06:00

[PR #1493] [MERGED] Fix #1492 #3994

Rows
Columns

[GH-ISSUE #1995] Adding a global modifier (net=eth0) to all firejails #1346