[GH-ISSUE #2330] Can't get Libreoffice to start on Kbuntu 18.04 #1557

New issue

Closed

opened 2026-05-05 08:13:00 -06:00 by gitea-mirror · 26 comments

gitea-mirror commented 2026-05-05 08:13:00 -06:00

Owner

Copy link

Originally created by @BCOH on GitHub (Jan 7, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2330

I have tried all patches and profile modifications but Libreoffice will still not load. Any help would be appreciated. I am by no means a Firejail expert or Linux expert.

Thanks
Brian

ser@user:~/firejail$ firejail --apparmor libreoffice
Reading profile /etc/firejail/libreoffice.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 20071, child pid 20072
Child process initialized in 77.83 ms
Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features
LibreOffice(19)/kdeui (kdelibs): Session bus not found
To circumvent this problem try the following command (with Linux and bash)
export $(dbus-launch)

Parent is shutting down, bye...
or
user@user:~/firejail$ firejail --ignore=seccomp --ignore=protocol libreoffice %U
Reading profile /etc/firejail/libreoffice.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 20453, child pid 20454
Child process initialized in 75.07 ms
Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features
LibreOffice(19)/kdeui (kdelibs): Session bus not found
To circumvent this problem try the following command (with Linux and bash)
export $(dbus-launch)

Parent is shutting down, bye..

Or
user@user:~/firejail$ firejail libreoffice
Reading profile /etc/firejail/libreoffice.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 20521, child pid 20522
Child process initialized in 71.17 ms
Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features
LibreOffice(19)/kdeui (kdelibs): Session bus not found
To circumvent this problem try the following command (with Linux and bash)
export $(dbus-launch)

Parent is shutting down, bye...

Originally created by @BCOH on GitHub (Jan 7, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2330 I have tried all patches and profile modifications but Libreoffice will still not load. Any help would be appreciated. I am by no means a Firejail expert or Linux expert. Thanks Brian ser@user:~/firejail$ firejail --apparmor libreoffice Reading profile /etc/firejail/libreoffice.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 20071, child pid 20072 Child process initialized in 77.83 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features LibreOffice(19)/kdeui (kdelibs): Session bus not found To circumvent this problem try the following command (with Linux and bash) export $(dbus-launch) Parent is shutting down, bye... or user@user:~/firejail$ firejail --ignore=seccomp --ignore=protocol libreoffice %U Reading profile /etc/firejail/libreoffice.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 20453, child pid 20454 Child process initialized in 75.07 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features LibreOffice(19)/kdeui (kdelibs): Session bus not found To circumvent this problem try the following command (with Linux and bash) export $(dbus-launch) Parent is shutting down, bye.. Or user@user:~/firejail$ firejail libreoffice Reading profile /etc/firejail/libreoffice.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 20521, child pid 20522 Child process initialized in 71.17 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features LibreOffice(19)/kdeui (kdelibs): Session bus not found To circumvent this problem try the following command (with Linux and bash) export $(dbus-launch) Parent is shutting down, bye...

gitea-mirror closed this issue 2026-05-05 08:13:01 -06:00

gitea-mirror commented 2026-05-05 08:13:03 -06:00

Author

Owner

Copy link

@Vincent43 commented on GitHub (Jan 7, 2019):

How did you installed firejail?
Please show which firejail, firejail --version and /usr/bin/firejail --version output.
Maybe you can try if firejail --ignore=nodbus libreoffice works.

<!-- gh-comment-id:451941993 --> @Vincent43 commented on GitHub (Jan 7, 2019): How did you installed `firejail`? Please show `which firejail`, `firejail --version` and `/usr/bin/firejail --version` output. Maybe you can try if `firejail --ignore=nodbus libreoffice` works.

gitea-mirror commented 2026-05-05 08:13:03 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 7, 2019):

user@user:~$ firejail --ignore=nodbus libreoffice

Reading profile /usr/local/etc/firejail/libreoffice.profile

Reading profile /usr/local/etc/firejail/disable-common.inc

Reading profile /usr/local/etc/firejail/disable-devel.inc

Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc

Reading profile /usr/local/etc/firejail/disable-programs.inc

Reading profile /usr/local/etc/firejail/whitelist-var-common.inc

Parent pid 15805, child pid 15806

Blacklist violations are logged to syslog

Child process initialized in 97.32 ms

Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any addit
ional sandboxing features

Warning: failed to launch javaldx - java may not function correctly

ERROR 4 forking process

Parent is shutting down, bye...

user@user:~$ firejail --version

firejail version 0.9.57

Compile time support:

    - AppArmor support is disabled

    - AppImage support is enabled

    - chroot support is enabled

    - file and directory whitelisting support is enabled

    - file transfer support is enabled

    - networking support is enabled

    - overlayfs support is enabled

    - private-home support is enabled

    - seccomp-bpf support is enabled

    - user namespace support is enabled

    - X11 sandboxing support is enabled

user@user:~$

On Mon, 2019-01-07 at 05:55 -0800, Vincent43 wrote:

Please show firejail --version output.

Maybe you can try if firejail --ignore=nodbus libreoffice works.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5
5493e4bb","name":"GitHub"},"entity":{"external_key":"github/netblue30
/firejail","title":"netblue30/firejail","subtitle":"GitHub
repository","main_image_url":"
https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open
in GitHub","url":"
https://github.com/netblue30/firejail"}},"updates":{"snippets":[{"icon":"PERSON","message":"@Vincent43
in #2330: Please show firejail --version output.\r\nMaybe you can
try if firejail --ignore=nodbus libreoffice
works."}],"action":{"name":"View Issue","url":"
https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993
"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "
https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993
",
"url": "
https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993
",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]

<!-- gh-comment-id:451945038 --> @BCOH commented on GitHub (Jan 7, 2019): user@user:~$ firejail --ignore=nodbus libreoffice Reading profile /usr/local/etc/firejail/libreoffice.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/whitelist-var-common.inc Parent pid 15805, child pid 15806 Blacklist violations are logged to syslog Child process initialized in 97.32 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any addit ional sandboxing features Warning: failed to launch javaldx - java may not function correctly ERROR 4 forking process Parent is shutting down, bye... user@user:~$ firejail --version firejail version 0.9.57 Compile time support: - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled user@user:~$ On Mon, 2019-01-07 at 05:55 -0800, Vincent43 wrote: > Please show firejail --version output. > > Maybe you can try if firejail --ignore=nodbus libreoffice works. > > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub, or mute the thread. > > {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 > 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/netblue30 > /firejail","title":"netblue30/firejail","subtitle":"GitHub > repository","main_image_url":" > https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open > in GitHub","url":" > https://github.com/netblue30/firejail"}},"updates":{"snippets":[{"icon":"PERSON","message":"@Vincent43 > in #2330: Please show `firejail --version` output.\r\nMaybe you can > try if `firejail --ignore=nodbus libreoffice` > works."}],"action":{"name":"View Issue","url":" > https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993 > "}}} > [ > { > "@context": "http://schema.org", > "@type": "EmailMessage", > "potentialAction": { > "@type": "ViewAction", > "target": " > https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993 > ", > "url": " > https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993 > ", > "name": "View Issue" > }, > "description": "View this Issue on GitHub", > "publisher": { > "@type": "Organization", > "name": "GitHub", > "url": "https://github.com" > } > } > ]

gitea-mirror commented 2026-05-05 08:13:04 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 8, 2019):

I updated after discovering the issue.

firejail version 0.9.57

Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled

<!-- gh-comment-id:452506901 --> @BCOH commented on GitHub (Jan 8, 2019): I updated after discovering the issue. firejail version 0.9.57 Compile time support: - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled

gitea-mirror commented 2026-05-05 08:13:04 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 8, 2019):

firejail --ignore=nodbus libreoffice
Reading profile /usr/local/etc/firejail/libreoffice.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Parent pid 16220, child pid 16221
Blacklist violations are logged to syslog
Child process initialized in 103.80 ms
Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features
Warning: failed to launch javaldx - java may not function correctly
ERROR 4 forking process

Parent is shutting down, bye..

<!-- gh-comment-id:452507080 --> @BCOH commented on GitHub (Jan 8, 2019): firejail --ignore=nodbus libreoffice Reading profile /usr/local/etc/firejail/libreoffice.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/whitelist-var-common.inc Parent pid 16220, child pid 16221 Blacklist violations are logged to syslog Child process initialized in 103.80 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features Warning: failed to launch javaldx - java may not function correctly ERROR 4 forking process Parent is shutting down, bye..

gitea-mirror commented 2026-05-05 08:13:05 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Jan 9, 2019):

Please try

firejail --ignore=nodbus /usr/bin/libreoffice

<!-- gh-comment-id:452508787 --> @SkewedZeppelin commented on GitHub (Jan 9, 2019): Please try ```sh firejail --ignore=nodbus /usr/bin/libreoffice ```

gitea-mirror commented 2026-05-05 08:13:05 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 9, 2019):

firejail --ignore=nodbus /usr/bin/libreoffice
Reading profile /usr/local/etc/firejail/libreoffice.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Parent pid 24718, child pid 24719
Blacklist violations are logged to syslog
Child process initialized in 107.06 ms
Warning: failed to launch javaldx - java may not function correctly
ERROR 4 forking process

Parent is shutting down, bye...

<!-- gh-comment-id:452551054 --> @BCOH commented on GitHub (Jan 9, 2019): firejail --ignore=nodbus /usr/bin/libreoffice Reading profile /usr/local/etc/firejail/libreoffice.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/whitelist-var-common.inc Parent pid 24718, child pid 24719 Blacklist violations are logged to syslog Child process initialized in 107.06 ms Warning: failed to launch javaldx - java may not function correctly ERROR 4 forking process Parent is shutting down, bye...

gitea-mirror commented 2026-05-05 08:13:05 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 9, 2019):

Current FIREJAIL Libreoffice profile

# Firejail profile for libreoffice
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/libreoffice.local
# Persistent global definitions
include /etc/firejail/globals.local

noblacklist ${HOME}/.java
noblacklist /usr/local/sbin
noblacklist ${HOME}/.config/libreoffice

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

include /etc/firejail/whitelist-var-common.inc

caps.drop all
machine-id
netfilter
nodvd
nogroups
#nonewprivs
noroot
notv
#protocol unix,inet,inet6
#seccomp
shell none
#tracelog

private-dev
private-tmp

noexec ${HOME}
noexec /tmp

<!-- gh-comment-id:452552026 --> @BCOH commented on GitHub (Jan 9, 2019): Current FIREJAIL Libreoffice profile ``` # Firejail profile for libreoffice # This file is overwritten after every install/update # Persistent local customizations include /etc/firejail/libreoffice.local # Persistent global definitions include /etc/firejail/globals.local noblacklist ${HOME}/.java noblacklist /usr/local/sbin noblacklist ${HOME}/.config/libreoffice include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc include /etc/firejail/whitelist-var-common.inc caps.drop all machine-id netfilter nodvd nogroups #nonewprivs noroot notv #protocol unix,inet,inet6 #seccomp shell none #tracelog private-dev private-tmp noexec ${HOME} noexec /tmp ```

gitea-mirror commented 2026-05-05 08:13:07 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Jan 9, 2019):

Eh, are you using the proprietary NVIDIA drivers?
See #1703

<!-- gh-comment-id:452567920 --> @SkewedZeppelin commented on GitHub (Jan 9, 2019): Eh, are you using the proprietary NVIDIA drivers? See #1703

gitea-mirror commented 2026-05-05 08:13:07 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 9, 2019):

I am using the NVIDIA driver that was supplied by the OS.
NVIDIA driver metapackage from nvidia-drive-390 (recommended Driver)

On Tue, 2019-01-08 at 20:27 -0800, SkewedZeppelin wrote:

Eh, are you using the proprietary NVIDIA drivers?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5
5493e4bb","name":"GitHub"},"entity":{"external_key":"github/netblue30
/firejail","title":"netblue30/firejail","subtitle":"GitHub
repository","main_image_url":"
https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open
in GitHub","url":"
https://github.com/netblue30/firejail"}},"updates":{"snippets":[{"icon":"PERSON","message":"@SkewedZeppelin
in #2330: Eh, are you using the proprietary NVIDIA
drivers?"}],"action":{"name":"View Issue","url":"
https://github.com/netblue30/firejail/issues/2330#issuecomment-452567920
"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "
https://github.com/netblue30/firejail/issues/2330#issuecomment-452567920
",
"url": "
https://github.com/netblue30/firejail/issues/2330#issuecomment-452567920
",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]

<!-- gh-comment-id:452669030 --> @BCOH commented on GitHub (Jan 9, 2019): I am using the NVIDIA driver that was supplied by the OS. NVIDIA driver metapackage from nvidia-drive-390 (recommended Driver) On Tue, 2019-01-08 at 20:27 -0800, SkewedZeppelin wrote: > Eh, are you using the proprietary NVIDIA drivers? > > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub, or mute the thread. > > {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 > 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/netblue30 > /firejail","title":"netblue30/firejail","subtitle":"GitHub > repository","main_image_url":" > https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open > in GitHub","url":" > https://github.com/netblue30/firejail"}},"updates":{"snippets":[{"icon":"PERSON","message":"@SkewedZeppelin > in #2330: Eh, are you using the proprietary NVIDIA > drivers?"}],"action":{"name":"View Issue","url":" > https://github.com/netblue30/firejail/issues/2330#issuecomment-452567920 > "}}} > [ > { > "@context": "http://schema.org", > "@type": "EmailMessage", > "potentialAction": { > "@type": "ViewAction", > "target": " > https://github.com/netblue30/firejail/issues/2330#issuecomment-452567920 > ", > "url": " > https://github.com/netblue30/firejail/issues/2330#issuecomment-452567920 > ", > "name": "View Issue" > }, > "description": "View this Issue on GitHub", > "publisher": { > "@type": "Organization", > "name": "GitHub", > "url": "https://github.com" > } > } > ]

gitea-mirror commented 2026-05-05 08:13:08 -06:00

Author

Owner

Copy link

@ashfaqnisar commented on GitHub (Jan 13, 2019):

I am having the same problem, were you able to solve the problem.

<!-- gh-comment-id:453805182 --> @ashfaqnisar commented on GitHub (Jan 13, 2019): I am having the same problem, were you able to solve the problem.

gitea-mirror commented 2026-05-05 08:13:08 -06:00

Author

Owner

Copy link

@ashfaqnisar commented on GitHub (Jan 13, 2019):

I am able to run the libreoffice as an root user with firejail

<!-- gh-comment-id:453806108 --> @ashfaqnisar commented on GitHub (Jan 13, 2019): I am able to run the **libreoffice** as an **root user** with **firejail**

gitea-mirror commented 2026-05-05 08:13:08 -06:00

Author

Owner

Copy link

@Vincent43 commented on GitHub (Jan 13, 2019):

I am able to run the libreoffice as an root user with firejail

This is terrible idea. Please don't do that.

<!-- gh-comment-id:453826553 --> @Vincent43 commented on GitHub (Jan 13, 2019): > I am able to run the **libreoffice** as an **root user** with **firejail** This is terrible idea. Please don't do that.

gitea-mirror commented 2026-05-05 08:13:09 -06:00

Author

Owner

Copy link

@ashfaqnisar commented on GitHub (Jan 13, 2019):

I am able to run the libreoffice as an root user with firejail

This is terrible idea. Please don't do that.

But why is that a terrible idea

<!-- gh-comment-id:453826847 --> @ashfaqnisar commented on GitHub (Jan 13, 2019): > > I am able to run the **libreoffice** as an **root user** with **firejail** > > This is terrible idea. Please don't do that. But why is that a terrible idea

gitea-mirror commented 2026-05-05 08:13:09 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 13, 2019):

Ashfaq

You should never run Libreoffice as root! This will allow any Malicious content FULL access to your system.

No I still have the issue, it has not been solved.

B

On Jan 13, 2019, at 7:46 AM, Ashfaq Nisar notifications@github.com wrote:

I am able to run the libreoffice as an root user with firejail

This is terrible idea. Please don't do that.

But why is that a terrible idea

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

<!-- gh-comment-id:453839936 --> @BCOH commented on GitHub (Jan 13, 2019): Ashfaq You should never run Libreoffice as root! This will allow any Malicious content FULL access to your system. No I still have the issue, it has not been solved. B > On Jan 13, 2019, at 7:46 AM, Ashfaq Nisar <notifications@github.com> wrote: > > I am able to run the libreoffice as an root user with firejail > > This is terrible idea. Please don't do that. > > But why is that a terrible idea > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub, or mute the thread.

gitea-mirror commented 2026-05-05 08:13:09 -06:00

Author

Owner

Copy link

@ashfaqnisar commented on GitHub (Jan 13, 2019):

Thanks for the heads up, I didn't know this and I was running every application in root mode.

Ashfaq You should never run Libreoffice as root! This will allow any Malicious content FULL access to your system. No I still have the issue, it has not been solved. B
…
On Jan 13, 2019, at 7:46 AM, Ashfaq Nisar @.***> wrote: I am able to run the libreoffice as an root user with firejail This is terrible idea. Please don't do that. But why is that a terrible idea — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

<!-- gh-comment-id:453841884 --> @ashfaqnisar commented on GitHub (Jan 13, 2019): Thanks for the heads up, I didn't know this and I was running every application in root mode. > Ashfaq You should never run Libreoffice as root! This will allow any Malicious content FULL access to your system. No I still have the issue, it has not been solved. B > […](#) > On Jan 13, 2019, at 7:46 AM, Ashfaq Nisar ***@***.***> wrote: I am able to run the libreoffice as an root user with firejail This is terrible idea. Please don't do that. But why is that a terrible idea — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

gitea-mirror commented 2026-05-05 08:13:10 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Jan 13, 2019):

@ashfaqnisar Please, please, please don't run applications as root unless you have to. It ends up breaking all privilege separation mechanisms. Basically, if you run something as root, it can access anything and do anything on your system. This is not true if you're running as an ordinary user (for example, try doing cat /etc/shadow versus sudo cat /etc/shadow - the first one fails because your regular user doesn't have access to that file while root does).

Indeed, Windows used to have a lot more problems precisely because they encouraged everyone to start things as the administrative user (equivalent of root in unix-land), which meant if you made a mistake, your whole computer was at risk.

/endrant

@BCOH I noticed in the first couple of things you posted that you got the warning that an existing sandbox was detected. Do you know why that was happening?

<!-- gh-comment-id:453861415 --> @chiraag-nataraj commented on GitHub (Jan 13, 2019): @ashfaqnisar Please, please, _please_ don't run applications as root unless you _have_ to. It ends up breaking all privilege separation mechanisms. Basically, if you run something as root, it can access anything and do anything on your system. This is _not_ true if you're running as an ordinary user (for example, try doing `cat /etc/shadow` versus `sudo cat /etc/shadow` - the first one fails because your regular user doesn't have access to that file while root does). Indeed, Windows used to have a lot more problems _precisely_ because they encouraged everyone to start things as the administrative user (equivalent of root in unix-land), which meant if you made a mistake, your whole computer was at risk. `/endrant` @BCOH I noticed in the first couple of things you posted that you got the warning that an existing sandbox was detected. Do you know why that was happening?

gitea-mirror commented 2026-05-05 08:13:10 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jan 13, 2019):

@BCOH if no you can try firejail --list before and after starting LO.

<!-- gh-comment-id:453862205 --> @rusty-snake commented on GitHub (Jan 13, 2019): @BCOH if no you can try `firejail --list` before and after starting LO.

gitea-mirror commented 2026-05-05 08:13:10 -06:00

Author

Owner

Copy link

@ashfaqnisar commented on GitHub (Jan 13, 2019):

@ashfaqnisar Please, please, please don't run applications as root unless you have to. It ends up breaking all privilege separation mechanisms. Basically, if you run something as root, it can access anything and do anything on your system. This is not true if you're running as an ordinary user (for example, try doing cat /etc/shadow versus sudo cat /etc/shadow - the first one fails because your regular user doesn't have access to that file while root does).

Indeed, Windows used to have a lot more problems precisely because they encouraged everyone to start things as the administrative user (equivalent of root in unix-land), which meant if you made a mistake, your whole computer was at risk.

/endrant

@BCOH I noticed in the first couple of things you posted that you got the warning that an existing sandbox was detected. Do you know why that was happening?

Thank you very much, From now on, i will keep that in mind.

<!-- gh-comment-id:453862611 --> @ashfaqnisar commented on GitHub (Jan 13, 2019): > @ashfaqnisar Please, please, _please_ don't run applications as root unless you _have_ to. It ends up breaking all privilege separation mechanisms. Basically, if you run something as root, it can access anything and do anything on your system. This is _not_ true if you're running as an ordinary user (for example, try doing `cat /etc/shadow` versus `sudo cat /etc/shadow` - the first one fails because your regular user doesn't have access to that file while root does). > > Indeed, Windows used to have a lot more problems _precisely_ because they encouraged everyone to start things as the administrative user (equivalent of root in unix-land), which meant if you made a mistake, your whole computer was at risk. > > `/endrant` > > @BCOH I noticed in the first couple of things you posted that you got the warning that an existing sandbox was detected. Do you know why that was happening? Thank you very much, From now on, i will keep that in mind.

gitea-mirror commented 2026-05-05 08:13:11 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 13, 2019):

rusty-snakefirejail --list

2572:user::/usr/bin/firejail /usr/bin/evolution
3002:user::/usr/bin/firejail /usr/bin/keepassx
3067:user::/usr/local/bin/firejail --ignore=seccomp --ignore=protocol
firefox -no-remote

Not sure what you mean by before and after loading LO. I receive the
same results either way.

Vincent43
irejail --version

firejail version 0.9.57

Compile time support:

    - AppArmor support is disabled

    - AppImage support is enabled

    - chroot support is enabled

    - file and directory whitelisting support is enabled

    - file transfer support is enabled

    - networking support is enabled

    - overlayfs support is enabled

    - private-home support is enabled

    - seccomp-bpf support is enabled

    - user namespace support is enabled

    - X11 sandboxing support is enabled

firejail --ignore=nodbus libreoffice

Reading profile /usr/local/etc/firejail/libreoffice.profile

Reading profile /usr/local/etc/firejail/disable-common.inc

Reading profile /usr/local/etc/firejail/disable-devel.inc

Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc

Reading profile /usr/local/etc/firejail/disable-programs.inc

Reading profile /usr/local/etc/firejail/whitelist-var-common.inc

Parent pid 4539, child pid 4540

Blacklist violations are logged to syslog

Child process initialized in 84.76 ms

Warning: an existing sandbox was detected. /usr/bin/libreoffice will
run without any additional sandboxing fe
atures

Warning: failed to launch javaldx - java may not function correctly

ERROR 4 forking process

Parent is shutting down, bye...

Still fails when running Fails again with "firejail --ignore=nodbus
libreoffice"

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5
5493e4bb","name":"GitHub"},"entity":{"external_key":"github/netblue30
/firejail","title":"netblue30/firejail","subtitle":"GitHub
repository","main_image_url":"
https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open
in GitHub","url":"
https://github.com/netblue30/firejail"}},"updates":{"snippets":[{"icon":"PERSON","message":"@Vincent43
in #2330: Please show firejail --version output.\r\nMaybe you can
try if firejail --ignore=nodbus libreoffice
works."}],"action":{"name":"View Issue","url":"
https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993
"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "
https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993
",
"url": "
https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993
",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]

<!-- gh-comment-id:453875536 --> @BCOH commented on GitHub (Jan 13, 2019): rusty-snakefirejail --list 2572:user::/usr/bin/firejail /usr/bin/evolution 3002:user::/usr/bin/firejail /usr/bin/keepassx 3067:user::/usr/local/bin/firejail --ignore=seccomp --ignore=protocol firefox -no-remote Not sure what you mean by before and after loading LO. I receive the same results either way. Vincent43 irejail --version firejail version 0.9.57 Compile time support: - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled firejail --ignore=nodbus libreoffice Reading profile /usr/local/etc/firejail/libreoffice.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/whitelist-var-common.inc Parent pid 4539, child pid 4540 Blacklist violations are logged to syslog Child process initialized in 84.76 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing fe atures Warning: failed to launch javaldx - java may not function correctly ERROR 4 forking process Parent is shutting down, bye... Still fails when running Fails again with "firejail --ignore=nodbus libreoffice" > > > {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 > 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/netblue30 > /firejail","title":"netblue30/firejail","subtitle":"GitHub > repository","main_image_url":" > https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open > in GitHub","url":" > https://github.com/netblue30/firejail"}},"updates":{"snippets":[{"icon":"PERSON","message":"@Vincent43 > in #2330: Please show `firejail --version` output.\r\nMaybe you can > try if `firejail --ignore=nodbus libreoffice` > works."}],"action":{"name":"View Issue","url":" > https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993 > "}}} > [ > { > "@context": "http://schema.org", > "@type": "EmailMessage", > "potentialAction": { > "@type": "ViewAction", > "target": " > https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993 > ", > "url": " > https://github.com/netblue30/firejail/issues/2330#issuecomment-451941993 > ", > "name": "View Issue" > }, > "description": "View this Issue on GitHub", > "publisher": { > "@type": "Organization", > "name": "GitHub", > "url": "https://github.com" > } > } > ]

gitea-mirror commented 2026-05-05 08:13:11 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Jan 13, 2019):

@BCOH
make ~/.config/firejail/libreoffice.local with the following contents

ignore noroot

then try firejail /usr/bin/libreoffice

also try https://github.com/netblue30/firejail/issues/1771#issuecomment-364498909 if you are having trouble with other profiles too

@chiraag-nataraj

existing sandbox was detected

firecfg was probably already run

<!-- gh-comment-id:453876371 --> @SkewedZeppelin commented on GitHub (Jan 13, 2019): @BCOH make ~/.config/firejail/libreoffice.local with the following contents ``` ignore noroot ``` then try `firejail /usr/bin/libreoffice` also try https://github.com/netblue30/firejail/issues/1771#issuecomment-364498909 if you are having trouble with other profiles too @chiraag-nataraj > existing sandbox was detected firecfg was probably already run

gitea-mirror commented 2026-05-05 08:13:12 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Jan 14, 2019):

@SkewedZeppelin Right, and that might have something to do with the problem. That's why I'm trying to figure out if there's some usage error going on (possibly on top of whatever other errors might be going on with the profile).

<!-- gh-comment-id:453878708 --> @chiraag-nataraj commented on GitHub (Jan 14, 2019): @SkewedZeppelin Right, and that might have something to do with the problem. That's why I'm trying to figure out if there's some usage error going on (possibly on top of whatever other errors might be going on with the profile).

gitea-mirror commented 2026-05-05 08:13:12 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 29, 2019):

OK I've backed myself into a situation and I need to use the application installed on this PC. I uninstalled AppArmor and Firejail here is the log entry in the system log:

blacklist violation - sandbox 15213, name libreoffice, exe soffice.bin, syscall mkdir, path /home/user/.nv

If this can't be resolved is there an uninstall script for firejail?

Thanks
Brian

<!-- gh-comment-id:458519065 --> @BCOH commented on GitHub (Jan 29, 2019): OK I've backed myself into a situation and I need to use the application installed on this PC. I uninstalled AppArmor and Firejail here is the log entry in the system log: blacklist violation - sandbox 15213, name libreoffice, exe soffice.bin, syscall mkdir, path /home/user/.nv If this can't be resolved is there an uninstall script for firejail? Thanks Brian

gitea-mirror commented 2026-05-05 08:13:12 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Jan 29, 2019):

Discovered all other apps appear to work as intended, e-mail, browsers, etc. With one exception bleach bit root no longer works. Errors with the same code are LibreOffice.

<!-- gh-comment-id:458559669 --> @BCOH commented on GitHub (Jan 29, 2019): Discovered all other apps appear to work as intended, e-mail, browsers, etc. With one exception bleach bit root no longer works. Errors with the same code are LibreOffice.

gitea-mirror commented 2026-05-05 08:13:13 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Jan 29, 2019):

@BCOH To get it running, one more thing you could try: firejail --apparmor --ignore=nodbus --ignore=noroot /usr/bin/libreoffice

To selectively disable firejail for libreoffice and bleachbit, open a terminal and run:
cd /usr/local/bin; sudo rm bleachbit libreoffice loffice soffice lodraw loimpress lobase lowriter lomath lofromtemplate loweb localc.
To stop all apps from starting in firejail automatically run sudo firecfg --clean

There is also sudo make uninstall to remove everything.

<!-- gh-comment-id:458582024 --> @smitsohu commented on GitHub (Jan 29, 2019): @BCOH To get it running, one more thing you could try: `firejail --apparmor --ignore=nodbus --ignore=noroot /usr/bin/libreoffice` To selectively disable firejail for libreoffice and bleachbit, open a terminal and run: `cd /usr/local/bin; sudo rm bleachbit libreoffice loffice soffice lodraw loimpress lobase lowriter lomath lofromtemplate loweb localc`. To stop _all_ apps from starting in firejail automatically run `sudo firecfg --clean` There is also `sudo make uninstall` to remove everything.

gitea-mirror commented 2026-05-05 08:13:13 -06:00

Author

Owner

Copy link

@matu3ba commented on GitHub (Mar 3, 2019):

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918499
In the latest update they seem to have fixed the issue, however that was not pushed to the package repo from 18.04. That was described as an issue with apparmor.
See for comparison the version number version numbers.
1:6.0.3-0ubuntu1 in repository and
1:6.1.4-4

I would thus suggest to close this.

<!-- gh-comment-id:469070675 --> @matu3ba commented on GitHub (Mar 3, 2019): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918499 In the latest update they seem to have fixed the issue, however that was not pushed to the package repo from 18.04. That was described as an issue with apparmor. See for comparison the version number version numbers. 1:6.0.3-0ubuntu1 in repository and 1:6.1.4-4 I would thus suggest to close this.

gitea-mirror commented 2026-05-05 08:13:14 -06:00

Author

Owner

Copy link

@BCOH commented on GitHub (Mar 3, 2019):

Agreed, thanks for all the help!

B

Sent from my iPhone

On Mar 3, 2019, at 5:17 PM, matu3ba notifications@github.com wrote:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918499
In the latest update they seem to have fixed the issue, however that was not pushed to the package repo ost 18.04. That was described as an issue with apparmor.
See for comparison the version number version numbers.
1:6.0.3-0ubuntu1 in repository and
1:6.1.4-4

I am therefore suggesting closing this.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

<!-- gh-comment-id:469071914 --> @BCOH commented on GitHub (Mar 3, 2019): Agreed, thanks for all the help! B Sent from my iPhone > On Mar 3, 2019, at 5:17 PM, matu3ba <notifications@github.com> wrote: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918499 > In the latest update they seem to have fixed the issue, however that was not pushed to the package repo ost 18.04. That was described as an issue with apparmor. > See for comparison the version number version numbers. > 1:6.0.3-0ubuntu1 in repository and > 1:6.1.4-4 > > I am therefore suggesting closing this. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub, or mute the thread.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1557

No description provided.