github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #2078] FIrejail in openSUSE Leap15 #1405

New issue
Closed
opened 2026-05-05 08:04:10 -06:00 by gitea-mirror · 15 comments
gitea-mirror commented 2026-05-05 08:04:10 -06:00
Owner
Copy link

Originally created by @uli13 on GitHub (Aug 12, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2078

I used firejail with openSUSE for a while but since the latest upgrade to LEAP15 it does not seem to work any more. I have the standard profiles but firejail only works without profile or the --noprofile option. The command firejail chromium gives the following result:

`firejail chromium
Reading profile /etc/firejail/chromium.profile
Reading profile /etc/firejail/chromium-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 5571, child pid 5572
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Child process initialized in 83.37 ms
/usr/bin/chromium: line 91: /usr/lib64/chromium/chromium: Permission denied
/usr/bin/chromium: line 91: /usr/lib64/chromium/chromium: Success

Parent is shutting down, bye...`
I spent hours trying to comment out (nearly) every statements with the same result except when I hash out the line "include chromium-common.profile" (or when within this chromium-common.profile hash out the line "apparmor"). THen I get:

`fuli@linux-tl1r:~> firejail chromium
Reading profile /etc/firejail/chromium.profile
Parent pid 5667, child pid 5668
Child process initialized in 10.84 ms
No protocol specified
No protocol specified

(chromium:6): Gtk-WARNING **: cannot open display: :0

Parent is shutting down, bye...`

I include the file "firejail --debug chromium" here: http://paste.opensuse.org/17219511
I am using firejail 0.9.54 and chromium 68.0.3440.75. Any help is appreciated.

Originally created by @uli13 on GitHub (Aug 12, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2078 I used firejail with openSUSE for a while but since the latest upgrade to LEAP15 it does not seem to work any more. I have the standard profiles but firejail only works without profile or the `--noprofile` option. The command firejail chromium gives the following result: `firejail chromium Reading profile /etc/firejail/chromium.profile Reading profile /etc/firejail/chromium-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 5571, child pid 5572 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Child process initialized in 83.37 ms /usr/bin/chromium: line 91: /usr/lib64/chromium/chromium: Permission denied /usr/bin/chromium: line 91: /usr/lib64/chromium/chromium: Success Parent is shutting down, bye...` I spent hours trying to comment out (nearly) every statements with the same result except when I hash out the line "include chromium-common.profile" (or when within this chromium-common.profile hash out the line "apparmor"). THen I get: `fuli@linux-tl1r:~> firejail chromium Reading profile /etc/firejail/chromium.profile Parent pid 5667, child pid 5668 Child process initialized in 10.84 ms No protocol specified No protocol specified (chromium:6): Gtk-WARNING **: cannot open display: :0 Parent is shutting down, bye...` I include the file "firejail --debug chromium" here: http://paste.opensuse.org/17219511 I am using firejail 0.9.54 and chromium 68.0.3440.75. Any help is appreciated.
gitea-mirror commented 2026-05-05 08:04:13 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Aug 12, 2018):

We seem to be having many issues on openSUSE 15 at the moment. See #2027 and https://github.com/netblue30/firejail/issues/2077#issuecomment-412356300

<!-- gh-comment-id:412362321 --> @SkewedZeppelin commented on GitHub (Aug 12, 2018): We seem to be having many issues on openSUSE 15 at the moment. See #2027 and https://github.com/netblue30/firejail/issues/2077#issuecomment-412356300
gitea-mirror commented 2026-05-05 08:04:14 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Aug 12, 2018):

@uli13 One question would be if error messages are showing up in your syslog.

Could you run in one terminal sudo journalctl -fand then provoke these problems with Chromium in a second terminal? Does AppArmor report violations in the first terminal?

<!-- gh-comment-id:412371162 --> @smitsohu commented on GitHub (Aug 12, 2018): @uli13 One question would be if error messages are showing up in your syslog. Could you run in one terminal `sudo journalctl -f`and then provoke these problems with Chromium in a second terminal? Does AppArmor report violations in the first terminal?
gitea-mirror commented 2026-05-05 08:04:15 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Aug 12, 2018):

For apparmor check you may do sudo aa-status and check if chromium is listed there.

<!-- gh-comment-id:412376062 --> @Vincent43 commented on GitHub (Aug 12, 2018): For apparmor check you may do `sudo aa-status` and check if chromium is listed there.
gitea-mirror commented 2026-05-05 08:04:16 -06:00
Author
Owner
Copy link

@uli13 commented on GitHub (Aug 12, 2018):

Thank you to all who answered. @SkewedZeppelin - I was aware of 2027 but not of 2077. I will look into those soon and report later. @smitsohu I ran Journalctl -fas root and in another terminal firejail chromium here is the result

Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: plasma-pk-updates: Total number of updates:  0
Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: plasma-pk-updates: Is net online: true
Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: qml: Populating model
Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: plasma-pk-updates: Transaction status changed: "finished" "(100%)"
Aug 13 10:45:39 linux-tl1r.site PackageKit[2482]: daemon quit
Aug 13 10:45:39 linux-tl1r.site packagekitd[2482]: Source ID 11 was not found when attempting to remove it
Aug 13 10:45:41 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4020, resource id: 65011718, major code: 142 (Unknown), minor code: 3
Aug 13 10:45:57 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4097, resource id: 67108881, major code: 142 (Unknown), minor code: 3
Aug 13 10:45:58 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4127, resource id: 69206022, major code: 142 (Unknown), minor code: 3
Aug 13 10:45:59 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4196, resource id: 65011718, major code: 142 (Unknown), minor code: 3
Aug 13 10:47:22 linux-tl1r.site kwin_x11[2311]: QXcbConnection: XCB error: 3 (BadWindow), sequence: 9494, resource id: 81788928, major code: 18 (ChangeProperty), minor code: 0
Aug 13 10:47:22 linux-tl1r.site kwin_x11[2311]: QXcbConnection: XCB error: 3 (BadWindow), sequence: 9499, resource id: 81788929, major code: 18 (ChangeProperty), minor code: 0
Aug 13 10:47:38 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 5342, resource id: 69206022, major code: 142 (Unknown), minor code: 3
Aug 13 10:47:57 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 5628, resource id: 81788934, major code: 142 (Unknown), minor code: 3
Aug 13 10:47:57 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 5663, resource id: 69206022, major code: 142 (Unknown), minor code: 3
Aug 13 10:48:00 linux-tl1r.site kwin_x11[2311]: QXcbConnection: XCB error: 3 (BadWindow), sequence: 11768, resource id: 65011731, major code: 18 (ChangeProperty), minor code: 0
Aug 13 10:48:02 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 6111, resource id: 81788934, major code: 142 (Unknown), minor code: 3

There is this XCB error - I don't know yet what this means but will see if I find something on the net.
@Vincent43 chromium is not listed under the loaded apparmor profiles but firejail-default is listed.

Fred Barclay small edit -- put output in a single code block.

<!-- gh-comment-id:412377660 --> @uli13 commented on GitHub (Aug 12, 2018): Thank you to all who answered. @SkewedZeppelin - I was aware of 2027 but not of 2077. I will look into those soon and report later. @smitsohu I ran `Journalctl -f`as root and in another terminal `firejail chromium` here is the result ```-- Logs begin at Mon 2016-02-29 11:00:25 NZDT. -- Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: plasma-pk-updates: Total number of updates: 0 Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: plasma-pk-updates: Is net online: true Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: qml: Populating model Aug 13 10:45:20 linux-tl1r.site plasmashell[2319]: plasma-pk-updates: Transaction status changed: "finished" "(100%)" Aug 13 10:45:39 linux-tl1r.site PackageKit[2482]: daemon quit Aug 13 10:45:39 linux-tl1r.site packagekitd[2482]: Source ID 11 was not found when attempting to remove it Aug 13 10:45:41 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4020, resource id: 65011718, major code: 142 (Unknown), minor code: 3 Aug 13 10:45:57 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4097, resource id: 67108881, major code: 142 (Unknown), minor code: 3 Aug 13 10:45:58 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4127, resource id: 69206022, major code: 142 (Unknown), minor code: 3 Aug 13 10:45:59 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 4196, resource id: 65011718, major code: 142 (Unknown), minor code: 3 Aug 13 10:47:22 linux-tl1r.site kwin_x11[2311]: QXcbConnection: XCB error: 3 (BadWindow), sequence: 9494, resource id: 81788928, major code: 18 (ChangeProperty), minor code: 0 Aug 13 10:47:22 linux-tl1r.site kwin_x11[2311]: QXcbConnection: XCB error: 3 (BadWindow), sequence: 9499, resource id: 81788929, major code: 18 (ChangeProperty), minor code: 0 Aug 13 10:47:38 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 5342, resource id: 69206022, major code: 142 (Unknown), minor code: 3 Aug 13 10:47:57 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 5628, resource id: 81788934, major code: 142 (Unknown), minor code: 3 Aug 13 10:47:57 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 5663, resource id: 69206022, major code: 142 (Unknown), minor code: 3 Aug 13 10:48:00 linux-tl1r.site kwin_x11[2311]: QXcbConnection: XCB error: 3 (BadWindow), sequence: 11768, resource id: 65011731, major code: 18 (ChangeProperty), minor code: 0 Aug 13 10:48:02 linux-tl1r.site plasmashell[2319]: QXcbConnection: XCB error: 2 (BadValue), sequence: 6111, resource id: 81788934, major code: 142 (Unknown), minor code: 3 ``` There is this XCB error - I don't know yet what this means but will see if I find something on the net. @Vincent43 chromium is not listed under the loaded apparmor profiles but firejail-default is listed. *Fred Barclay small edit -- put output in a single code block.*
gitea-mirror commented 2026-05-05 08:04:17 -06:00
Author
Owner
Copy link

@uli13 commented on GitHub (Aug 12, 2018):

OK @SkewedZeppelin I couldn't find anything in #2077 that would help me (no private-etc and adding it made no difference).
I found several bug reports on QXcbConnection from 2016 and 2017 from KDE (Bug 366421) from Fedora (Bug 1497564) and from QT (QTBUG-55167) but I am no further to solving my problem.

<!-- gh-comment-id:412380588 --> @uli13 commented on GitHub (Aug 12, 2018): OK @SkewedZeppelin I couldn't find anything in #2077 that would help me (no private-etc and adding it made no difference). I found several bug reports on QXcbConnection from 2016 and 2017 from KDE (Bug 366421) from Fedora (Bug 1497564) and from QT (QTBUG-55167) but I am no further to solving my problem.
gitea-mirror commented 2026-05-05 08:04:18 -06:00
Author
Owner
Copy link

@uli13 commented on GitHub (Aug 13, 2018):

OK I think the problem is that one of these qt packages still has this bug mentioned in the previous comment. In the previous versions (Leap 42.x) firejail was working and in the openSUSE Tumbleweed (rolling release) it is working as well (with apparmor hashed out in the chromium-common.profile and in the firefox-common.profile). Tumbleweed uses the KDE plasma version 5.13.4 and Leap 15 uses version 5.12.5. So I added the following repos for Leap15:
Compatible Qt 5.x: http://download.opensuse.org/repositories/KDE:/Qt5/openSUSE_Leap_15.0/
KDE Frameworks 5: http://download.opensuse.org/repositories/KDE:/Frameworks5/openSUSE_Leap_15.0/
KDE Applications (optional): https://download.opensuse.org/repositories/KDE:/Applications/KDE_Frameworks5_openSUSE_Leap_15.0/
Then upgraded to the KDE plasma version 5.13.4 (same as in Tumbleweed), hashed out the apparmor as described above and now firejail works there as it works in Tumbleweed. Now I have to do it on the other Leap15 computer as well.

<!-- gh-comment-id:412407382 --> @uli13 commented on GitHub (Aug 13, 2018): OK I think the problem is that one of these qt packages still has this bug mentioned in the previous comment. In the previous versions (Leap 42.x) firejail was working and in the openSUSE Tumbleweed (rolling release) it is working as well (with apparmor hashed out in the chromium-common.profile and in the firefox-common.profile). Tumbleweed uses the KDE plasma version 5.13.4 and Leap 15 uses version 5.12.5. So I added the following repos for Leap15: Compatible Qt 5.x: http://download.opensuse.org/repositories/KDE:/Qt5/openSUSE_Leap_15.0/ KDE Frameworks 5: http://download.opensuse.org/repositories/KDE:/Frameworks5/openSUSE_Leap_15.0/ KDE Applications (optional): https://download.opensuse.org/repositories/KDE:/Applications/KDE_Frameworks5_openSUSE_Leap_15.0/ Then upgraded to the KDE plasma version 5.13.4 (same as in Tumbleweed), hashed out the apparmor as described above and now firejail works there as it works in Tumbleweed. Now I have to do it on the other Leap15 computer as well.
gitea-mirror commented 2026-05-05 08:04:19 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Aug 14, 2018):

in the openSUSE Tumbleweed (rolling release) it is working as well (with apparmor hashed out

Confirmed!

<!-- gh-comment-id:412838444 --> @curiosity-seeker commented on GitHub (Aug 14, 2018): > in the openSUSE Tumbleweed (rolling release) it is working as well (with apparmor hashed out Confirmed!
gitea-mirror commented 2026-05-05 08:04:20 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Aug 14, 2018):

Can you post journalctl -b |grep -i denied or cat /var/log/audit/audit.log |grep -i denied to show what exactly is apparmor breaking?

<!-- gh-comment-id:412945198 --> @Vincent43 commented on GitHub (Aug 14, 2018): Can you post `journalctl -b |grep -i denied` or `cat /var/log/audit/audit.log |grep -i denied` to show what exactly is apparmor breaking?
gitea-mirror commented 2026-05-05 08:04:21 -06:00
Author
Owner
Copy link

@uli13 commented on GitHub (Aug 14, 2018):

@Vincent43 this is from my tumbleweed computer but I expect the same from my two Leap15 computers now as they have the same desktop version and all of them have apparmor hashed out. I deleted some repetitions of the same error message:
cat /var/log/audit/audit.log |grep -i denied type=AVC msg=audit(1533600566.298:184): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=10182 comm="firejail" ...... type=AVC msg=audit(1533611758.799:220): apparmor="DENIED" operation="capable" profile="/usr/bin/updatedb" pid=16502 comm="updatedb" capability=1 capname="dac_override" type=AVC msg=audit(1533611783.599:221): apparmor="DENIED" operation="capable" profile="/usr/bin/locate" pid=16510 comm="locate" capability=6 capname="setgid" type=AVC msg=audit(1533612834.219:222): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=17559 comm="firejail" type=AVC msg=audit(1533613476.278:225): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=18157 comm="firejail" type=AVC msg=audit(1533613752.135:226): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=18776 comm="firejail" type=AVC msg=audit(1533614523.174:233): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=19444 comm="firejail" type=AVC msg=audit(1533686576.080:143): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=5155 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533686604.068:144): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=5173 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 ...... type=AVC msg=audit(1533773695.303:163): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/opera/opera" pid=8849 comm="opera" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533773857.415:170): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=8977 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533773965.691:171): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/opera/opera" pid=9077 comm="opera" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533773972.555:172): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=9091 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 .....

<!-- gh-comment-id:413025177 --> @uli13 commented on GitHub (Aug 14, 2018): @Vincent43 this is from my tumbleweed computer but I expect the same from my two Leap15 computers now as they have the same desktop version and all of them have apparmor hashed out. I deleted some repetitions of the same error message: `cat /var/log/audit/audit.log |grep -i denied type=AVC msg=audit(1533600566.298:184): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=10182 comm="firejail" ...... type=AVC msg=audit(1533611758.799:220): apparmor="DENIED" operation="capable" profile="/usr/bin/updatedb" pid=16502 comm="updatedb" capability=1 capname="dac_override" type=AVC msg=audit(1533611783.599:221): apparmor="DENIED" operation="capable" profile="/usr/bin/locate" pid=16510 comm="locate" capability=6 capname="setgid" type=AVC msg=audit(1533612834.219:222): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=17559 comm="firejail" type=AVC msg=audit(1533613476.278:225): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=18157 comm="firejail" type=AVC msg=audit(1533613752.135:226): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=18776 comm="firejail" type=AVC msg=audit(1533614523.174:233): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="firejail-default" pid=19444 comm="firejail" type=AVC msg=audit(1533686576.080:143): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=5155 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533686604.068:144): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=5173 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 ...... type=AVC msg=audit(1533773695.303:163): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/opera/opera" pid=8849 comm="opera" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533773857.415:170): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=8977 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533773965.691:171): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/opera/opera" pid=9077 comm="opera" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 type=AVC msg=audit(1533773972.555:172): apparmor="DENIED" operation="exec" profile="firejail-default" name="/usr/lib64/chromium/chromium" pid=9091 comm="chromium" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 .....`
gitea-mirror commented 2026-05-05 08:04:21 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Aug 14, 2018):

Thank you!

Can you try adding /usr/lib64/** ix, line to /etc/apparmor.d/local/firejail-local then exec systemctl restart apparmor or reboot and check if this fixed issue when apparmor is uncommented in firejail profiles?

<!-- gh-comment-id:413041131 --> @Vincent43 commented on GitHub (Aug 14, 2018): Thank you! Can you try adding `/usr/lib64/** ix,` line to `/etc/apparmor.d/local/firejail-local` then exec `systemctl restart apparmor` or reboot and check if this fixed issue when `apparmor` is uncommented in firejail profiles?
gitea-mirror commented 2026-05-05 08:04:22 -06:00
Author
Owner
Copy link

@uli13 commented on GitHub (Aug 15, 2018):

Excellent @Vincent43 I have now
`cat /etc/apparmor.d/local/firejail-local

#Site-specific additions and overrides for 'firejail-default'
/usr/lib64/** ix,`
and firefox and chromium work in firejail with apparmor uncommentied in chromium-common.profile and in firefox-common.profile. Thank you.

<!-- gh-comment-id:413057703 --> @uli13 commented on GitHub (Aug 15, 2018): Excellent @Vincent43 I have now `cat /etc/apparmor.d/local/firejail-local #Site-specific additions and overrides for 'firejail-default' /usr/lib64/** ix,` and firefox and chromium work in firejail with apparmor uncommentied in chromium-common.profile and in firefox-common.profile. Thank you.
gitea-mirror commented 2026-05-05 08:04:23 -06:00
Author
Owner
Copy link

@uli13 commented on GitHub (Aug 15, 2018):

previous comment was for Tumbleweed, I changed firejail-local (as @Vincent43 comment above) at the Leap15 computer and it works there as well with apparmor uncommented!

<!-- gh-comment-id:413060025 --> @uli13 commented on GitHub (Aug 15, 2018): previous comment was for Tumbleweed, I changed firejail-local (as @Vincent43 comment above) at the Leap15 computer and it works there as well with apparmor uncommented!
gitea-mirror commented 2026-05-05 08:04:23 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Aug 15, 2018):

This fixed in master with 43b215ea39

<!-- gh-comment-id:413173205 --> @Vincent43 commented on GitHub (Aug 15, 2018): This fixed in master with https://github.com/netblue30/firejail/commit/43b215ea3974244bd2fe982efe8f8d89d14f9e47
gitea-mirror commented 2026-05-05 08:04:24 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Aug 16, 2018):

@uli13 Did anything new happen? Why did you reopened this?

<!-- gh-comment-id:413525610 --> @Vincent43 commented on GitHub (Aug 16, 2018): @uli13 Did anything new happen? Why did you reopened this?
gitea-mirror commented 2026-05-05 08:04:25 -06:00
Author
Owner
Copy link

@uli13 commented on GitHub (Aug 16, 2018):

No, sorry I made a mistake and deleted the stupid comment again - that's why it was reopened. Everything working fine I close it again. Thank you for your help @Vincent43.

<!-- gh-comment-id:413704564 --> @uli13 commented on GitHub (Aug 16, 2018): No, sorry I made a mistake and deleted the stupid comment again - that's why it was reopened. Everything working fine I close it again. Thank you for your help @Vincent43.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1405
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?