github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2028] Chrome native notifications are broken #1368

New issue

Closed

opened 2026-05-05 07:56:52 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 07:56:52 -06:00

Owner

Originally created by @infokiller on GitHub (Jul 5, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2028

Chrome supports native Linux notifications for some time (article), and they worked for me before starting it with firejail.
Now it seems that Chrome uses its own notification system, even if I force it to use native Linux notifications.
After doing some testing, I think the issue is that chrome has nodbus in its profile (via chromium-common.profile).

Is there a way for me to disable the nodbus command using a local chrome profile (~/.config/firejail/chrome.profile)?
I know that I can rewrite the whole profile locally, but I would much rather have something like:

include /etc/firejail/google-chrome.profile
enable-dbus

Or something similar.

Thanks!

Originally created by @infokiller on GitHub (Jul 5, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2028 Chrome supports native Linux notifications for some time ([article](https://www.omgubuntu.co.uk/2017/04/google-chrome-dev-lets-enable-native-desktop-notifications)), and they worked for me before starting it with firejail. Now it seems that Chrome uses its own notification system, even if I force it to use native Linux notifications. After doing some testing, I think the issue is that chrome has `nodbus` in its profile (via [chromium-common.profile](https://github.com/netblue30/firejail/blob/master/etc/chromium-common.profile#L25)). Is there a way for me to disable the `nodbus` command using a local chrome profile (~/.config/firejail/chrome.profile)? I know that I can rewrite the whole profile locally, but I would much rather have something like: ``` include /etc/firejail/google-chrome.profile enable-dbus ``` Or something similar. Thanks!

gitea-mirror

2026-05-05 07:56:52 -06:00

closed this issue
added the
question_old
label

gitea-mirror commented

2026-05-05 07:56:57 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jul 5, 2018):

Hi @infokiller Yes, you can create the file /etc/firejail/chrome.local with the line

ignore nodbus

and this should allow dbus access in the sandbox and (hopefully) native notifications for Chrome.
However, it's worthwhile noting that dbus can be used to escape the firejail sandbox, so hypothetically this lowers your security. You still have all the other features of firejail, but if the sandbox were successfully escaped then they might have little or no effect.

@Fred-Barclay commented on GitHub (Jul 5, 2018): Hi @infokiller Yes, you can create the file `/etc/firejail/chrome.local` with the line ``` ignore nodbus ``` and this should allow dbus access in the sandbox and (hopefully) native notifications for Chrome. However, it's worthwhile noting that dbus can be used to escape the firejail sandbox, so *hypothetically* this lowers your security. You still have all the other features of firejail, but if the sandbox were successfully escaped then they might have little or no effect.

gitea-mirror commented

2026-05-05 07:56:58 -06:00

Author

Owner

@infokiller commented on GitHub (Jul 5, 2018):

Thanks a lot @Fred-Barclay!

@infokiller commented on GitHub (Jul 5, 2018): Thanks a lot @Fred-Barclay!

gitea-mirror commented

2026-05-05 07:57:02 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jul 5, 2018):

UPDATE: I'm sorry, the file name should be /etc/firejail/chromium-common.local that way no matter if you use chromium, or google-chrome stable, beta, or unstable, you'll get native notifications.

If you want Chrome-only, then /etc/firejail/google-chrome.local is the way to go.

@Fred-Barclay commented on GitHub (Jul 5, 2018): UPDATE: I'm sorry, the file name should be `/etc/firejail/chromium-common.local` that way no matter if you use chromium, or google-chrome stable, beta, or unstable, you'll get native notifications. If you want Chrome-only, then `/etc/firejail/google-chrome.local` is the way to go.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1368

No description provided.

Rows
Columns