github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2404] How to enable list command by firejailed program (jedit) #1601

New issue

Closed

opened 2026-05-05 08:15:25 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 08:15:25 -06:00

Owner

Originally created by @stillsw on GitHub (Feb 14, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2404

Hi, firstly thanks for Firejail, I've used it happily for years already on my old linux system. I'm now setting up a new distro and glad to find Firejail is in the main repo (manjaro archlinux). I have a couple of teething troubles though, previously I only firejailed thunderbird and web browers, now I'm attempting to firejail most of the programs I use on a daily basis.

There's no profile pre-made for jedit, so I copied the geany profile as a starting point. The problem I'm having is that although the program does start and lays itself out to open the last used files, they don't actually show. When I attempt to open a file from the menu I see an IO operation error saying "Cannot list directory". I figured something in the setup prevents commands like ls under the covers, but even if I comment out every blacklist and directive in the profile, I still can't get past this... so I wonder if there's a whitelisting type directive needed to allow jedit to open folders to view them? I know jedit is java based, so I whitelisted ~/.java (as android-studio.profile does), but that didn't change anything.

Another side issue , I hope it's ok to add to the same post:
Both Thunderbird and Chromium start up with a message to set them as the default client, (Thunderbird shows a System Integration dialog, Chromium a warning that it's not the default browser), setting them as default never seems to survive to the next invocation. Is there a directory that needs to be whitelisted for this?

[EDIT: to be exact, the Thunderbird dialog provides a "skip integration" option and a "set default" option. I saw when using --debug that it needed access to ~/.local/share/applications so I whitelisted that, clicking set default shows this in the debug:

** (thunderbird:11): WARNING **: 14:59:03.018: Cannot set application as default for URI scheme (mailto): Can’t create user desktop file /home/myuser/.local/share/applications/userapp-Thunderbird-5NT7WZ.desktop
JavaScript error: chrome://messenger/content/systemIntegrationDialog.js, line 144: NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIShellService.setDefaultClient]

and preceding these messages (before pressing any option), this message appears:
** (thunderbird:11): CRITICAL **: 14:58:36.759: Failed to get connection to xfconfd: Unknown or unsupported transport “DBUS_SESSION_BUS_ADDRESS=unix” for address “DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus”

]

Many thanks for all help! I've looked in firejail man pages and all through the issues here, but can't find anything to fix these issues.

Originally created by @stillsw on GitHub (Feb 14, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2404 Hi, firstly thanks for Firejail, I've used it happily for years already on my old linux system. I'm now setting up a new distro and glad to find Firejail is in the main repo (manjaro archlinux). I have a couple of teething troubles though, previously I only firejailed thunderbird and web browers, now I'm attempting to firejail most of the programs I use on a daily basis. There's no profile pre-made for jedit, so I copied the geany profile as a starting point. The problem I'm having is that although the program does start and lays itself out to open the last used files, they don't actually show. When I attempt to open a file from the menu I see an IO operation error saying "Cannot list directory". I figured something in the setup prevents commands like ls under the covers, but even if I comment out every blacklist and directive in the profile, I still can't get past this... so I wonder if there's a whitelisting type directive needed to allow jedit to open folders to view them? I know jedit is java based, so I whitelisted ~/.java (as android-studio.profile does), but that didn't change anything. Another side issue , I hope it's ok to add to the same post: Both Thunderbird and Chromium start up with a message to set them as the default client, (Thunderbird shows a System Integration dialog, Chromium a warning that it's not the default browser), setting them as default never seems to survive to the next invocation. Is there a directory that needs to be whitelisted for this? [EDIT: to be exact, the Thunderbird dialog provides a "skip integration" option and a "set default" option. I saw when using --debug that it needed access to ~/.local/share/applications so I whitelisted that, clicking set default shows this in the debug: ``` ** (thunderbird:11): WARNING **: 14:59:03.018: Cannot set application as default for URI scheme (mailto): Can’t create user desktop file /home/myuser/.local/share/applications/userapp-Thunderbird-5NT7WZ.desktop JavaScript error: chrome://messenger/content/systemIntegrationDialog.js, line 144: NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIShellService.setDefaultClient] and preceding these messages (before pressing any option), this message appears: ** (thunderbird:11): CRITICAL **: 14:58:36.759: Failed to get connection to xfconfd: Unknown or unsupported transport “DBUS_SESSION_BUS_ADDRESS=unix” for address “DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus” ``` ] Many thanks for all help! I've looked in firejail man pages and all through the issues here, but can't find anything to fix these issues.

gitea-mirror closed this issue

2026-05-05 08:15:25 -06:00

gitea-mirror commented

2026-05-05 08:15:28 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Feb 15, 2019):

I know jedit is java based, so I whitelisted ~/.java (as android-studio.profile does), but that didn't change anything.

by whitelisting you denied access to everything else, for a text editor program you'd want to use only blacklists and no whitelists.

Another side issue , I hope it's ok to add to the same post:
Both Thunderbird and Chromium start up with a message to set them as the default client, (Thunderbird shows a System Integration dialog, Chromium a warning that it's not the default browser), setting them as default never seems to survive to the next invocation. Is there a directory that needs to be whitelisted for this?

That is expected, there is an issue somewhere that details it more, but the workaround is just to disable the "check if x is default on startup" options.

@SkewedZeppelin commented on GitHub (Feb 15, 2019): > I know jedit is java based, so I whitelisted ~/.java (as android-studio.profile does), but that didn't change anything. by whitelisting you denied access to everything else, for a text editor program you'd want to use only blacklists and no whitelists. > Another side issue , I hope it's ok to add to the same post: Both Thunderbird and Chromium start up with a message to set them as the default client, (Thunderbird shows a System Integration dialog, Chromium a warning that it's not the default browser), setting them as default never seems to survive to the next invocation. Is there a directory that needs to be whitelisted for this? That is expected, there is an issue somewhere that details it more, but the workaround is just to disable the "check if x is default on startup" options.

gitea-mirror commented

2026-05-05 08:15:28 -06:00

Author

Owner

@stillsw commented on GitHub (Feb 16, 2019):

Ah, yes now it's working... I didn't realise that whitelisting had that effect.... good to know!

Thanks for the help!

@stillsw commented on GitHub (Feb 16, 2019): Ah, yes now it's working... I didn't realise that whitelisting had that effect.... good to know! Thanks for the help!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1601

No description provided.

Rows
Columns