[GH-ISSUE #2433] Use Firejail as shell - shutdown issue #1616

New issue

Open

opened 2026-05-05 08:16:23 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 08:16:23 -06:00

Owner

Originally created by @gaellalire on GitHub (Feb 20, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2433

When we use Firejail to launch background job and then exit the bash session Firejail is waiting all background jobs to finish before exiting.

SSHd is waiting for Firejail which is waiting for all its children.

I think following method could work :

Firejail-Launcher launch Firejail
SSHd is waiting for Firejail-Launcher
Firejail-Launcher is waiting only on its first grand child (bash by default)
Firejail is still waiting for all its children

When the first grand child exit, Firejail-Launcher will exit and SSHd will stop the connection. But Firejail will continue to run while there is at least one child of bash which run.

Originally created by @gaellalire on GitHub (Feb 20, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2433 When we use Firejail to launch background job and then exit the bash session Firejail is waiting all background jobs to finish before exiting. SSHd is waiting for Firejail which is waiting for all its children. I think following method could work : - Firejail-Launcher launch Firejail - SSHd is waiting for Firejail-Launcher - Firejail-Launcher is waiting only on its first grand child (bash by default) - Firejail is still waiting for all its children When the first grand child exit, Firejail-Launcher will exit and SSHd will stop the connection. But Firejail will continue to run while there is at least one child of bash which run.

gitea-mirror commented

2026-05-05 08:16:25 -06:00

Author

Owner

@gaellalire commented on GitHub (Dec 19, 2019):

@rusty-snake this ticket is nothing like #3042 and probably not like #2786 .
When initial process finishes I don't want its children to be killed.
When initial process finishes I want firejail to die so SSHd will stop the connection.

But if firejail die children of initial process will not work.
That why I proposed to separate firejail-launcher from firejail

SSHd (pid:1, wait:2) -> firejail-launcher (pid:2, wait:4) -> firejail (pid:3, wait:all children) -> initial process (pid:4) -> sub process (pid:5)

When pid 4 die, pid 2 will stop.
Because their parent die, pid 5 and pid 3 will have their grand parent as parent.
So we will get

SSHd (pid:1) -> firejail (pid:3, wait:all children) -> sub process (pid:5)

And when all children of pid 3 die, pid 3 will die too

SSHd (pid:1)

@gaellalire commented on GitHub (Dec 19, 2019): @rusty-snake this ticket is nothing like #3042 and probably not like #2786 . When initial process finishes I don't want its children to be killed. When initial process finishes I want firejail to die so SSHd will stop the connection. But if firejail die children of initial process will not work. That why I proposed to separate firejail-launcher from firejail ``` SSHd (pid:1, wait:2) -> firejail-launcher (pid:2, wait:4) -> firejail (pid:3, wait:all children) -> initial process (pid:4) -> sub process (pid:5) ``` When pid 4 die, pid 2 will stop. Because their parent die, pid 5 and pid 3 will have their grand parent as parent. So we will get ``` SSHd (pid:1) -> firejail (pid:3, wait:all children) -> sub process (pid:5) ``` And when all children of pid 3 die, pid 3 will die too ``` SSHd (pid:1) ```

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1616

No description provided.

Rows
Columns