github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2393] thunderbird startup problems with firejail #1594

New issue

Closed

opened 2026-05-05 08:15:04 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 08:15:04 -06:00

Owner

Originally created by @pahhur on GitHub (Feb 8, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2393

firejail --version: firejail version 0.9.52
Mint 19.1, 64b, 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
firejail package "firejail version 0.9.52-2"
thunderbird --version: Thunderbird 60.4.0
thunderbird works without firejail, or with firejail --noprofile

Apparently, Mint 19.1/Ubuntu/Debian (whoever is responsible for the .deb package) did not provide profiles for firefox and thunderbird

dpkg -L firejail | grep /etc/firejail

/etc/firejail
/etc/firejail/default.profile
/etc/firejail/disable-common.inc
/etc/firejail/disable-devel.inc
/etc/firejail/disable-passwdmgr.inc
/etc/firejail/disable-programs.inc
/etc/firejail/firejail.config
/etc/firejail/login.users
/etc/firejail/nolocal.net
/etc/firejail/server.profile
/etc/firejail/tcpserver.net
/etc/firejail/webserver.net
/etc/firejail/whitelist-common.inc
/etc/firejail/whitelist-var-common.inc

which lead to the fact that neither firefox nor thunderbird were starting out-of-the-box with firejail.
I copied your firefox.profile from here, and it worked. Then I also copied the thunderbird.profile from 19 days ago (https://github.com/netblue30/firejail/blob/master/etc/thunderbird.profile), but that one did not work.

Without thunderbird.profile, firejail thunderbird opens a "choose user profile" window, which indicates that thunderbird did/does not find its configuration.

With your thunderbird.profile, firejail thunderbird just claims

$ firejail thunderbird
Reading profile /etc/firejail/thunderbird.profile
Error: cannot access profile file
$

on the command line without opening a window. The thunderbird.profile is
accessible to the current user (-rw-r--r--), so I guessed thunderbird claims that it cannot
read its own profile file. However, it is the firefox.profile it cannot read, as the strace output shows us

stat("firefox.profile/", 0x7ffc7085cc10) = -1 ENOENT (No such file or directory)
access("firefox.profile", R_OK)         = -1 ENOENT (No such file or directory)
write(2, "Error: cannot access profile fil"..., 34) = 34

/etc/firejail/firefox.profile has also -rw-r--r--

I deleted the include firefox.profile at the end of the thunderbird.profile, and firejail thunderbird started.

Q1 What was the purpose of including firefox.profile at the end of thunderbird.profile, and what do i have to do to get the intended behaviour?

Q2 Even though thunderbird starts up now, it claims that

TESTING warning: noblacklist /home/x/.cache/thunderbird not matched by a proper blacklist command in disable*.inc
TESTING warning: noblacklist /home/x/.gnupg not matched by a proper blacklist command in disable*.inc
TESTING warning: noblacklist /home/x/.thunderbird not matched by a proper blacklist command in disable*.inc

So, what has to be done to fix this?

Thanks

Originally created by @pahhur on GitHub (Feb 8, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2393 firejail --version: firejail version 0.9.52 Mint 19.1, 64b, 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux firejail package "firejail version 0.9.52-2" thunderbird --version: Thunderbird 60.4.0 thunderbird works without firejail, or with firejail --noprofile ---- Apparently, Mint 19.1/Ubuntu/Debian (whoever is responsible for the .deb package) did not provide profiles for firefox and thunderbird dpkg -L firejail | grep /etc/firejail ``` /etc/firejail /etc/firejail/default.profile /etc/firejail/disable-common.inc /etc/firejail/disable-devel.inc /etc/firejail/disable-passwdmgr.inc /etc/firejail/disable-programs.inc /etc/firejail/firejail.config /etc/firejail/login.users /etc/firejail/nolocal.net /etc/firejail/server.profile /etc/firejail/tcpserver.net /etc/firejail/webserver.net /etc/firejail/whitelist-common.inc /etc/firejail/whitelist-var-common.inc ``` which lead to the fact that neither firefox nor thunderbird were starting out-of-the-box with firejail. I copied your firefox.profile from here, and it worked. Then I also copied the thunderbird.profile from 19 days ago (https://github.com/netblue30/firejail/blob/master/etc/thunderbird.profile), but that one did not work. Without thunderbird.profile, _firejail thunderbird_ opens a "choose user profile" window, which indicates that thunderbird did/does not find its configuration. With your thunderbird.profile, _firejail thunderbird_ just claims ``` $ firejail thunderbird Reading profile /etc/firejail/thunderbird.profile Error: cannot access profile file $ ``` on the command line without opening a window. The thunderbird.profile is accessible to the current user (-rw-r--r--), so I guessed thunderbird claims that it cannot read its own profile file. However, it is the firefox.profile it cannot read, as the strace output shows us ``` stat("firefox.profile/", 0x7ffc7085cc10) = -1 ENOENT (No such file or directory) access("firefox.profile", R_OK) = -1 ENOENT (No such file or directory) write(2, "Error: cannot access profile fil"..., 34) = 34 ``` /etc/firejail/firefox.profile has also -rw-r--r-- I deleted the **include firefox.profile** at the end of the thunderbird.profile, and _firejail thunderbird_ started. Q1 What was the purpose of including firefox.profile at the end of thunderbird.profile, and what do i have to do to get the intended behaviour? Q2 Even though thunderbird starts up now, it claims that TESTING warning: noblacklist /home/x/.cache/thunderbird not matched by a proper blacklist command in disable*.inc TESTING warning: noblacklist /home/x/.gnupg not matched by a proper blacklist command in disable*.inc TESTING warning: noblacklist /home/x/.thunderbird not matched by a proper blacklist command in disable*.inc So, what has to be done to fix this? Thanks

gitea-mirror closed this issue

2026-05-05 08:15:05 -06:00

gitea-mirror commented

2026-05-05 08:15:07 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Feb 8, 2019):

I deleted the include firefox.profile at the end of the thunderbird.profile, and firejail thunderbird started.

you shouldn't do that

Q1 What was the purpose of including firefox.profile at the end of thunderbird.profile, and what do i have to do to get the intended behaviour?

firefox is included because thunderbird and firefox are similar enough (same base)
without it you loose a lot of the restrictions set by it

Q2 Even though thunderbird starts up now, it claims that

you are missing core firejail files

So, what has to be done to fix this?

your install is broken due to various reasons

you need to:

apt remove firejail
rm -rf /etc/firejail
apt install firejail firejail-profiles

@SkewedZeppelin commented on GitHub (Feb 8, 2019): > I deleted the include firefox.profile at the end of the thunderbird.profile, and firejail thunderbird started. you shouldn't do that > Q1 What was the purpose of including firefox.profile at the end of thunderbird.profile, and what do i have to do to get the intended behaviour? firefox is included because thunderbird and firefox are similar enough (same base) without it you loose a lot of the restrictions set by it > Q2 Even though thunderbird starts up now, it claims that you are missing core firejail files > So, what has to be done to fix this? your install is broken due to various reasons you need to: ```sh apt remove firejail rm -rf /etc/firejail apt install firejail firejail-profiles ```

gitea-mirror commented

2026-05-05 08:15:08 -06:00

Author

Owner

@pahhur commented on GitHub (Feb 9, 2019):

your install is broken due to various reasons

Well actually, this is a brand new installation. It seems that the distribution did install firejail by default, but firejail-profiles was forgotten.

But removing was not so easy, as you said ;) With your instructions, the apt system did not install the directory correctly. The package system claimed that it was installed, but /etc/firejail was empty.

So, it needed an apt purge firejail and a reboot ;) to fix that, and a copy of the firefox.profile (+gedit.profile +libreoffice.profile) from your 0.9.52 directory.

Thanks

@pahhur commented on GitHub (Feb 9, 2019): >>your install is broken due to various reasons Well actually, this is a brand new installation. It seems that the distribution did install firejail by default, but firejail-profiles was forgotten. But removing was not so easy, as you said ;) With your instructions, the apt system did not install the directory correctly. The package system claimed that it was installed, but /etc/firejail was empty. So, it needed an **apt purge firejail** and a reboot ;) to fix that, and a copy of the firefox.profile (+gedit.profile +libreoffice.profile) from your 0.9.52 directory. Thanks

gitea-mirror commented

2026-05-05 08:15:09 -06:00

Author

Owner

@curiosity-seeker commented on GitHub (Feb 12, 2019):

@pahhur : Firejail 0.9.52 is completely obsolete. You should really try the new version 0.9.58.2 which has many fixes implemented including profile changes for Firefox and Thunderbird.

@curiosity-seeker commented on GitHub (Feb 12, 2019): @pahhur : Firejail 0.9.52 is completely obsolete. You should really try the new version 0.9.58.2 which has many fixes implemented including profile changes for Firefox and Thunderbird.

gitea-mirror commented

2026-05-05 08:15:10 -06:00

Author

Owner

@PalinuroSec commented on GitHub (Feb 14, 2019):

we fixed it in parrot by enabling ignore nodbus which was commented by default

@PalinuroSec commented on GitHub (Feb 14, 2019): we fixed it in parrot by enabling `ignore nodbus` which was commented by default

gitea-mirror commented

2026-05-05 08:15:10 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Feb 18, 2019):

@pahhur Couple of things:

firejail-profiles is intentionally separate and not depended on by firejail because there may be cases where you don't need all of the provided profiles (see this Debian bug).
The firejail package does recommend installing the firejail-profiles (take a look at the output of aptitude show firejail), again as a result of that bug.
As other commenters have said, 0.9.52 is quite obsolete. Debian backports has 0.9.56 for Stretch.
Don't manually download and install profiles to the system directory. Install the firejail and firejail-profiles packages and install any custom/updated profiles either to /usr/local/etc/firejail or ~/.config/firejail.

I'm going to close this issue since the proper solution to your problem has already been mentioned multiple times. If you have further questions related to this, please re-open.

@chiraag-nataraj commented on GitHub (Feb 18, 2019): @pahhur Couple of things: 1. `firejail-profiles` is _intentionally_ separate and not depended on by `firejail` because there may be cases where you don't need all of the provided profiles (see [this Debian bug](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850273)). 2. The `firejail` package _does_ *recommend* installing the `firejail-profiles` (take a look at the output of `aptitude show firejail`), again as a result of that bug. 3. As other commenters have said, `0.9.52` is _quite_ obsolete. Debian backports has `0.9.56` for Stretch. 4. Don't manually download and install profiles to the _system_ directory. Install the `firejail` and `firejail-profiles` packages and install any custom/updated profiles either to `/usr/local/etc/firejail` or `~/.config/firejail`. I'm going to close this issue since the proper solution to your problem has already been mentioned multiple times. If you have further questions related to this, please re-open.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1594

No description provided.

Rows
Columns