github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #2051] wire-desktop #1388

New issue
Closed
opened 2026-05-05 08:01:45 -06:00 by gitea-mirror · 19 comments
gitea-mirror commented 2026-05-05 08:01:45 -06:00
Owner
Copy link

Originally created by @veloute on GitHub (Jul 21, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2051

OS: Arch Linux
Firejail Version: firejail-git

wire-desktop doesn't work with its own profile, however it does work with --noprofile and electron.profile.
currently working on figuring out the problem but I don't have much experience with troubleshooting firejail profiles.

Originally created by @veloute on GitHub (Jul 21, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2051 OS: Arch Linux Firejail Version: firejail-git wire-desktop doesn't work with its own profile, however it does work with --noprofile and electron.profile. currently working on figuring out the problem but I don't have much experience with troubleshooting firejail profiles.
gitea-mirror 2026-05-05 08:01:45 -06:00
  • closed this issue
  • added the
    bug
         label
gitea-mirror commented 2026-05-05 08:01:52 -06:00
Author
Owner
Copy link

@veloute commented on GitHub (Jul 21, 2018):

Commenting out "private-etc fonts,machine-id" seems to fix the problem.

<!-- gh-comment-id:406829712 --> @veloute commented on GitHub (Jul 21, 2018): Commenting out "private-etc fonts,machine-id" seems to fix the problem.
gitea-mirror commented 2026-05-05 08:01:53 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Jul 22, 2018):

G'day @veloute ! Can you add the changes in 5be0b98a75 to the private-etc line and see if that works?
Cheers!
Fred

<!-- gh-comment-id:406836010 --> @Fred-Barclay commented on GitHub (Jul 22, 2018): G'day @veloute ! Can you add the changes in 5be0b98a7540a1c7b5f1c251546df290fc9c2e2a to the private-etc line and see if that works? Cheers! Fred
gitea-mirror commented 2026-05-05 08:01:56 -06:00
Author
Owner
Copy link

@veloute commented on GitHub (Jul 22, 2018):

Works perfectly.
Thanks!

<!-- gh-comment-id:406836825 --> @veloute commented on GitHub (Jul 22, 2018): Works perfectly. Thanks!
gitea-mirror commented 2026-05-05 08:01:58 -06:00
Author
Owner
Copy link

@CodeArtisan00 commented on GitHub (Feb 26, 2019):

I'm running wire-desktop on manjaro (kde) & unable to firejail it. here is the output-

`Reading profile /etc/firejail/wire-desktop.profile
Reading profile /etc/firejail/wire-desktop.local
Reading profile /etc/firejail/globals.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 6262, child pid 6263
Warning: skipping pki for private /etc
Warning: skipping crypto-policies for private /etc
Private /etc installed in 15.58 ms
1 program installed in 0.70 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 121.59 ms

Parent is shutting down, bye...
`
What should I do?

<!-- gh-comment-id:467276610 --> @CodeArtisan00 commented on GitHub (Feb 26, 2019): I'm running wire-desktop on manjaro (kde) & unable to firejail it. here is the output- `Reading profile /etc/firejail/wire-desktop.profile Reading profile /etc/firejail/wire-desktop.local Reading profile /etc/firejail/globals.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Parent pid 6262, child pid 6263 Warning: skipping pki for private /etc Warning: skipping crypto-policies for private /etc Private /etc installed in 15.58 ms 1 program installed in 0.70 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized in 121.59 ms Parent is shutting down, bye... ` What should I do?
gitea-mirror commented 2026-05-05 08:01:58 -06:00
Author
Owner
Copy link

@veloute commented on GitHub (Feb 26, 2019):

have you tried running firejail with the --debug flag to get more helpful output?

<!-- gh-comment-id:467353230 --> @veloute commented on GitHub (Feb 26, 2019): have you tried running firejail with the --debug flag to get more helpful output?
gitea-mirror commented 2026-05-05 08:02:02 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 26, 2019):

@Neo00001 Have you tried --noprofile? What is the content of /etc/firejail/globals.local?

<!-- gh-comment-id:467481196 --> @rusty-snake commented on GitHub (Feb 26, 2019): @Neo00001 Have you tried `--noprofile`? What is the content of `/etc/firejail/globals.local`?
gitea-mirror commented 2026-05-05 08:02:04 -06:00
Author
Owner
Copy link

@CodeArtisan00 commented on GitHub (Feb 26, 2019):

@Neo00001 Have you tried --noprofile? What is the conent of /etc/firejail/globals.local?

--noprofile does work. & in globals.local- apparmor, net none

<!-- gh-comment-id:467509404 --> @CodeArtisan00 commented on GitHub (Feb 26, 2019): > @Neo00001 Have you tried `--noprofile`? What is the conent of `/etc/firejail/globals.local`? --noprofile does work. & in globals.local- apparmor, net none
gitea-mirror commented 2026-05-05 08:02:06 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Feb 26, 2019):

@Neo00001 net none is why, remove it from your globals.local
or add ignore net none to ~/.config/firejail/wire-desktop.local

<!-- gh-comment-id:467509833 --> @SkewedZeppelin commented on GitHub (Feb 26, 2019): @Neo00001 `net none` is why, remove it from your globals.local or add `ignore net none` to ~/.config/firejail/wire-desktop.local
gitea-mirror commented 2026-05-05 08:02:08 -06:00
Author
Owner
Copy link

@CodeArtisan00 commented on GitHub (Feb 26, 2019):

or add ignore net none to ~/.config/firejail/wire-desktop.local

ignore net is included in wire-desktop.local.

<!-- gh-comment-id:467511481 --> @CodeArtisan00 commented on GitHub (Feb 26, 2019): > or add `ignore net none` to ~/.config/firejail/wire-desktop.local ignore net is included in wire-desktop.local.
gitea-mirror commented 2026-05-05 08:02:10 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Feb 26, 2019):

ignore net or ignore net none?

<!-- gh-comment-id:467511795 --> @SkewedZeppelin commented on GitHub (Feb 26, 2019): `ignore net` or `ignore net none`?
gitea-mirror commented 2026-05-05 08:02:11 -06:00
Author
Owner
Copy link

@CodeArtisan00 commented on GitHub (Feb 26, 2019):

ignore net or ignore net none?

ignore net

<!-- gh-comment-id:467511944 --> @CodeArtisan00 commented on GitHub (Feb 26, 2019): > `ignore net` or `ignore net none`? ignore net
gitea-mirror commented 2026-05-05 08:02:13 -06:00
Author
Owner
Copy link

@CodeArtisan00 commented on GitHub (Feb 26, 2019):

with --debug flag output is-
https://gist.github.com/Neo00001/1a07976b68396ace36fd749e840af1ba

<!-- gh-comment-id:467522361 --> @CodeArtisan00 commented on GitHub (Feb 26, 2019): with --debug flag output is- https://gist.github.com/Neo00001/1a07976b68396ace36fd749e840af1ba
gitea-mirror commented 2026-05-05 08:02:16 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 26, 2019):

@Neo00001 what else is in wire-desktop.local?

<!-- gh-comment-id:467522860 --> @rusty-snake commented on GitHub (Feb 26, 2019): @Neo00001 what else is in wire-desktop.local?
gitea-mirror commented 2026-05-05 08:02:17 -06:00
Author
Owner
Copy link

@CodeArtisan00 commented on GitHub (Feb 26, 2019):

@Neo00001 what else is in wire-desktop.local?

nothing else.

& in wire-desktop.profile - https://gist.github.com/Neo00001/5d5d207b3dc7a93edded4b379208e3b6

<!-- gh-comment-id:467524773 --> @CodeArtisan00 commented on GitHub (Feb 26, 2019): > @Neo00001 what else is in wire-desktop.local? nothing else. & in wire-desktop.profile - https://gist.github.com/Neo00001/5d5d207b3dc7a93edded4b379208e3b6
gitea-mirror commented 2026-05-05 08:02:18 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Feb 26, 2019):

@Neo00001 it has to be ignore net none, ignore net will not work

<!-- gh-comment-id:467585369 --> @SkewedZeppelin commented on GitHub (Feb 26, 2019): @Neo00001 it has to be `ignore net none`, `ignore net` will not work
gitea-mirror commented 2026-05-05 08:02:20 -06:00
Author
Owner
Copy link

@CodeArtisan00 commented on GitHub (Feb 26, 2019):

@Neo00001 it has to be ignore net none, ignore net will not work

Done.still not working. only --noprofile is working.

<!-- gh-comment-id:467603034 --> @CodeArtisan00 commented on GitHub (Feb 26, 2019): > @Neo00001 it has to be `ignore net none`, `ignore net` will not work Done.still not working. only --noprofile is working.
gitea-mirror commented 2026-05-05 08:02:23 -06:00
Author
Owner
Copy link

@njfox commented on GitHub (Mar 6, 2019):

I'm having the same issue as @Neo00001, with no wire-desktop.local file. On Arch Linux with the latest firejail release. globals.local only has apparmor set.

<!-- gh-comment-id:470274764 --> @njfox commented on GitHub (Mar 6, 2019): I'm having the same issue as @Neo00001, with no `wire-desktop.local` file. On Arch Linux with the latest `firejail` release. `globals.local` only has `apparmor` set.
gitea-mirror commented 2026-05-05 08:02:24 -06:00
Author
Owner
Copy link

@njfox commented on GitHub (Mar 7, 2019):

Commenting out private-bin wire-desktop allows the application to launch under firejail. Do you think this has something to do with how Wire is now packaged with a launcher script in the Arch community repo?

$ cat /usr/bin/wire-desktop 
#!/usr/bin/env sh

electron "/usr/lib/wire-desktop" "$@"

I'm wondering if there are other binaries/paths we need to add to allow Wire to launch in Arch.

<!-- gh-comment-id:470665213 --> @njfox commented on GitHub (Mar 7, 2019): Commenting out `private-bin wire-desktop` allows the application to launch under firejail. Do you think this has something to do with how Wire is now packaged with a launcher script in the Arch community repo? ``` $ cat /usr/bin/wire-desktop #!/usr/bin/env sh electron "/usr/lib/wire-desktop" "$@" ``` I'm wondering if there are other binaries/paths we need to add to allow Wire to launch in Arch.
gitea-mirror commented 2026-05-05 08:02:25 -06:00
Author
Owner
Copy link

@njfox commented on GitHub (Mar 7, 2019):

2dbbb92 seems to have fixed it, thanks!

<!-- gh-comment-id:470717549 --> @njfox commented on GitHub (Mar 7, 2019): 2dbbb92 seems to have fixed it, thanks!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1388
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?