github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2376] Automatic renaming of sandbox is unexpected #1582

New issue

Closed

opened 2026-05-05 08:14:23 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 08:14:23 -06:00

Owner

Originally created by @reinerh on GitHub (Jan 29, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2376

A Debian user got bitten by the automatic renaming of sandboxes, when one with the intended name already exists: https://bugs.debian.org/920768

This behaviour is currently not documented in the manpage.
But it's also questionable if firejail should behave that way at all.
If the user explicitely requests a sandbox with name 'firefox', he expects one with that name (not 'firefox-1'). If it's not possible to provide this name, maybe it's better to not start at all, so the user can investigate.

Originally created by @reinerh on GitHub (Jan 29, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2376 A Debian user got bitten by the automatic renaming of sandboxes, when one with the intended name already exists: https://bugs.debian.org/920768 This behaviour is currently not documented in the manpage. But it's also questionable if firejail should behave that way at all. If the user explicitely requests a sandbox with name 'firefox', he expects one with that name (not 'firefox-1'). If it's not possible to provide this name, maybe it's better to not start at all, so the user can investigate.

gitea-mirror

2026-05-05 08:14:23 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 08:14:26 -06:00

Author

Owner

@netblue30 commented on GitHub (Jan 31, 2019):

In the zsh script posted on Debian mail list (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920768#77), it looks like Vincent is trying to make sure there is only one instance of Firefox running in the system. The script checks "firejail --list" and then runs "firejail --name" or "firejail --join", depending on what --list returned.

The same "single instance" functionality is already implemented in Firefox. Firefox does it by default, unless --no-remote flag is used on Firefox command line. I would let Firefox do it, and modify the script to simply start the sandbox:

#!/usr/bin/zsh

exec firejail --name=browser --env=BROWSER=firefox-esr firefox-esr "$@"

I will add a description for the --name changing in the man page, and also bring in a flag in /etc/firejail/firejail.config to disable the --name changing functionality (similar to the cgroup from a few days ago).

@netblue30 commented on GitHub (Jan 31, 2019): In the zsh script posted on Debian mail list (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920768#77), it looks like Vincent is trying to make sure there is only one instance of Firefox running in the system. The script checks "firejail --list" and then runs "firejail --name" or "firejail --join", depending on what --list returned. The same "single instance" functionality is already implemented in Firefox. Firefox does it by default, unless --no-remote flag is used on Firefox command line. I would let Firefox do it, and modify the script to simply start the sandbox: ````` #!/usr/bin/zsh exec firejail --name=browser --env=BROWSER=firefox-esr firefox-esr "$@" ````` I will add a description for the --name changing in the man page, and also bring in a flag in /etc/firejail/firejail.config to disable the --name changing functionality (similar to the cgroup from a few days ago).

gitea-mirror commented

2026-05-05 08:14:27 -06:00

Author

Owner

@reinerh commented on GitHub (Jan 31, 2019):

The same "single instance" functionality is already implemented in Firefox. Firefox does it by default, unless --no-remote flag is used on Firefox command line. I would let Firefox do it, and modify the script to simply start the sandbox:

He described that the problem occured only sometimes, and when he is restarting firefox.
I think there is some race condition, so Firefox's "single instance" functionality does not work always:

Firefox 1 is shutting down
While firejail cleans up, Firefox 2 is spawned
firejail for Firefox 2 notices that there is already a jail (which is currently cleaning up), and renames it to -1.
Firefox 1 and the jail is completely gone
Firefox 2 continues starting up; it's single instance check no longer finds another firefox

@reinerh commented on GitHub (Jan 31, 2019): > The same "single instance" functionality is already implemented in Firefox. Firefox does it by default, unless --no-remote flag is used on Firefox command line. I would let Firefox do it, and modify the script to simply start the sandbox: He described that the problem occured only sometimes, and when he is restarting firefox. I think there is some race condition, so Firefox's "single instance" functionality does not work always: - Firefox 1 is shutting down - While firejail cleans up, Firefox 2 is spawned - firejail for Firefox 2 notices that there is already a jail (which is currently cleaning up), and renames it to -1. - Firefox 1 and the jail is completely gone - Firefox 2 continues starting up; it's single instance check no longer finds another firefox

gitea-mirror commented

2026-05-05 08:14:28 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Jan 31, 2019):

@reinerh I have seen Firefox most of all programs linger after quitting and only going away after a pkill -9 firefox, most often when running under Nouveau.

@SkewedZeppelin commented on GitHub (Jan 31, 2019): @reinerh I have seen Firefox most of all programs linger after quitting and only going away after a `pkill -9 firefox`, most often when running under Nouveau.

gitea-mirror commented

2026-05-05 08:14:29 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 1, 2019):

I also see Firefox linger after closing the browser window, sometimes I need to do pkill -9 to really shut it down. This is what I have in commit f79d62c1ea

name-change yes/no flag in /etc/firejail/firejail.config file
simplify/speed up the name change scheme: if a sandbox is already there, use name-PID for the new sandbox
man pages

I think setting "name-change no" will fix the problem, unless firefox is locked and a pkill -9 is needed.

@netblue30 commented on GitHub (Feb 1, 2019): I also see Firefox linger after closing the browser window, sometimes I need to do pkill -9 to really shut it down. This is what I have in commit https://github.com/netblue30/firejail/commit/f79d62c1ea8a951fc757346dc3015ee4b009e52b * name-change yes/no flag in /etc/firejail/firejail.config file * simplify/speed up the name change scheme: if a sandbox is already there, use name-PID for the new sandbox * man pages I think setting "name-change no" will fix the problem, unless firefox is locked and a pkill -9 is needed.

gitea-mirror commented

2026-05-05 08:14:29 -06:00

Author

Owner

@reinerh commented on GitHub (Feb 8, 2019):

Thanks!

@reinerh commented on GitHub (Feb 8, 2019): Thanks!

gitea-mirror referenced this issue

2026-05-05 10:12:22 -06:00

[PR #1582] [MERGED] Add profile for gnome-ring #4026

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1582

No description provided.

Rows
Columns