github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2317] Cherrytree should not connect to any network #1544

New issue

Closed

opened 2026-05-05 08:12:22 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 08:12:22 -06:00

Owner

Originally created by @tinmanx on GitHub (Dec 25, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2317

I tried posting an issue earlier but something went wrong, so im re-posting this.

as said in the title, cherrytree should not use the network.
It should not have these:
protocol unix,inet,inet6,netlink
netfilter

Instead it should have this:
net none

I have already tried opening cherrytree with these changes but i do not see anywhere in the terminal where it should say something like Could not open network socket

Am i not supposed to get some kind of evidence showing that the network socket is closed? I also tried it with --net=none in the command.

Originally created by @tinmanx on GitHub (Dec 25, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2317 I tried posting an issue earlier but something went wrong, so im re-posting this. as said in the title, cherrytree should not use the network. It should not have these: `protocol unix,inet,inet6,netlink` `netfilter` Instead it should have this: `net none` I have already tried opening cherrytree with these changes but i do not see anywhere in the terminal where it _should_ say something like `Could not open network socket` Am i not supposed to get some kind of evidence showing that the network socket is closed? I also tried it with `--net=none` in the command.

gitea-mirror closed this issue

2026-05-05 08:12:23 -06:00

gitea-mirror commented

2026-05-05 08:12:25 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Dec 25, 2018):

I just skimmed through its documentation and don't see it needing network access.
I've pushed a commit 28a7d0bcf2 that makes your changes.

@SkewedZeppelin commented on GitHub (Dec 25, 2018): I just skimmed through its documentation and don't see it needing network access. I've pushed a commit 28a7d0bcf202ba9e567d6797f3954e3f5bb25483 that makes your changes.

gitea-mirror commented

2026-05-05 08:12:26 -06:00

Author

Owner

@tinmanx commented on GitHub (Dec 26, 2018):

thanks @SkewedZeppelin
I just have an question/issue regarding running cherrytree (using my own profile with the new changes you have done in the commit)
Ive noticed a high cpu usage after a while after running cherrytree.

I have the portable version of cherrytree and i also wanted to log any and all errors to a text file so this is my cmd:
firejail --profile="/media/USB/Profiles/cherrytree.profile" "cherrytree-0.38.6/cherrytree" 2>&1 | ts >> "$Log" &

Is this the correct way of running this with logging it with timestamps?
Its been opening and running fine, why do i have high cpu usage after a while? (i see lots of kworkers opening up)
If i had to run it firejail --profile="/media/USB/Profiles/cherrytree.profile" "cherrytree-0.38.6/cherrytree" without a log, it still doesn't shut down the parent once it opens it up. Shouldnt this and any app shutdown the parent when it opens the sandbox?

Im trying to understand this. Would appreciate your feedback @SkewedZeppelin

@tinmanx commented on GitHub (Dec 26, 2018): thanks @SkewedZeppelin I just have an question/issue regarding running cherrytree (using my own profile with the new changes you have done in the commit) Ive noticed a high cpu usage after a while after running cherrytree. I have the portable version of cherrytree and i also wanted to log any and all errors to a text file so this is my cmd: `firejail --profile="/media/USB/Profiles/cherrytree.profile" "cherrytree-0.38.6/cherrytree" 2>&1 | ts >> "$Log" &` 1. Is this the correct way of running this with logging it with timestamps? 2. Its been opening and running fine, why do i have high cpu usage after a while? (i see lots of kworkers opening up) 3. If i had to run it `firejail --profile="/media/USB/Profiles/cherrytree.profile" "cherrytree-0.38.6/cherrytree"` without a log, it still doesn't shut down the parent once it opens it up. Shouldnt this and any app shutdown the parent when it opens the sandbox? Im trying to understand this. Would appreciate your feedback @SkewedZeppelin

gitea-mirror referenced this issue

2026-05-05 10:12:11 -06:00

[PR #1544] [MERGED] localhost mail fix for mutt #4013

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1544

No description provided.

Rows
Columns