github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2657] Dropbox will not start with default profile Kubuntu Ubunutu 18.10 firejail version 0.9.54 #1674

New issue

Closed

opened 2026-05-05 08:19:11 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 08:19:11 -06:00

Owner

Originally created by @Mothsdroyp on GitHub (Apr 17, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2657

Dropbox will not start after sudo firecfg on Kubuntu Ubunut 18.10 firejail version 0.9.54.

It seems that the error is due to in the supplied profile below the "include /etc/firejail/disable-interpreters.inc". Dropbox needs python to run as far as I can tell.

I edited the profile supplied with the firejail version simply by commenting out the include interpreters line and placing the edited profile in ~/.config/firejail/dropbox.profile

I am unsure if this is the optimal solution, but it seems to work for the time being!

# Firejail profile for dropbox
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/dropbox.local
# Persistent global definitions
include /etc/firejail/globals.local

noblacklist ${HOME}/.config/autostart
noblacklist ${HOME}/.dropbox
noblacklist ${HOME}/.dropbox-dist

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
# COMMENTED OUT THE DISABLE-INTERPRETERS.INC TO GET DROPBOX TO WORK
# include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

mkdir ${HOME}/.dropbox
mkdir ${HOME}/.dropbox-dist
mkdir ${HOME}/Dropbox
mkfile ${HOME}/.config/autostart/dropbox.desktop
whitelist ${HOME}/.config/autostart/dropbox.desktop
whitelist ${HOME}/.dropbox
whitelist ${HOME}/.dropbox-dist
whitelist ${HOME}/Dropbox
include /etc/firejail/whitelist-common.inc

caps.drop all
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
shell none

private-dev
private-tmp

noexec /tmp

Originally created by @Mothsdroyp on GitHub (Apr 17, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2657 Dropbox will not start after sudo firecfg on Kubuntu Ubunut 18.10 firejail version 0.9.54. It seems that the error is due to in the supplied profile below the "include /etc/firejail/disable-interpreters.inc". Dropbox needs python to run as far as I can tell. I edited the profile supplied with the firejail version simply by commenting out the include interpreters line and placing the edited profile in ~/.config/firejail/dropbox.profile I am unsure if this is the optimal solution, but it seems to work for the time being! ``` # Firejail profile for dropbox # This file is overwritten after every install/update # Persistent local customizations include /etc/firejail/dropbox.local # Persistent global definitions include /etc/firejail/globals.local noblacklist ${HOME}/.config/autostart noblacklist ${HOME}/.dropbox noblacklist ${HOME}/.dropbox-dist include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc # COMMENTED OUT THE DISABLE-INTERPRETERS.INC TO GET DROPBOX TO WORK # include /etc/firejail/disable-interpreters.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc mkdir ${HOME}/.dropbox mkdir ${HOME}/.dropbox-dist mkdir ${HOME}/Dropbox mkfile ${HOME}/.config/autostart/dropbox.desktop whitelist ${HOME}/.config/autostart/dropbox.desktop whitelist ${HOME}/.dropbox whitelist ${HOME}/.dropbox-dist whitelist ${HOME}/Dropbox include /etc/firejail/whitelist-common.inc caps.drop all netfilter no3d nodvd nogroups nonewprivs noroot nosound notv novideo protocol unix,inet,inet6 seccomp shell none private-dev private-tmp noexec /tmp ```

gitea-mirror

2026-05-05 08:19:11 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 08:19:15 -06:00

Author

Owner

@Mothsdroyp commented on GitHub (Apr 17, 2019):

Sorry about the unusual text size in part of the bug report -- unsure why that happened

@Mothsdroyp commented on GitHub (Apr 17, 2019): Sorry about the unusual text size in part of the bug report -- unsure why that happened

gitea-mirror commented

2026-05-05 08:19:16 -06:00

Author

Owner

@ghost commented on GitHub (Apr 17, 2019):

I edited the profile supplied with the firejail version simply by commenting out the include interpreters line and placing the edited profile in ~/.config/firejail/dropbox.profile

When you name the file ~/.config/firejail/dropbox.local instead, firejail is smart enough to automatically pick up any options in there and will use them to override whatever is in the system-wide /etc/firejail/dropbox.profile. By naming it with a .profile suffix under your ${HOME} dir, you're actually replacing the one in /etc/firejail and you will have to track potential changes to the profile yourself. To avoid all that, you can tackle the python problem in a ~/.config/firejail/dropbox.local file while leaving the rest intact:

# Allow python (disabled by disable-interpreters.inc)
noblacklist ${PATH}/python2*
noblacklist ${PATH}/python3*
noblacklist /usr/lib/python2*
noblacklist /usr/lib/python3*
noblacklist /usr/local/lib/python2*
noblacklist /usr/local/lib/python3*

That will override what's in /etc/firejail/disable-interpreters.inc more selectively, no need to comment it out completely. It still keeps unneeded interpreters inaccessable, which is considered safer/more secure/less insecure depending on who you ask 😄

Sorry about the unusual text size in part of the bug report -- unsure why that happened

Use the toolbar options just above the input box to avoid copy-pasted code to mess with the styling.

@ghost commented on GitHub (Apr 17, 2019): > I edited the profile supplied with the firejail version simply by commenting out the include interpreters line and placing the edited profile in ~/.config/firejail/dropbox.profile When you name the file ~/.config/firejail/dropbox`.local` instead, firejail is smart enough to automatically pick up any options in there and will use them to override whatever is in the system-wide /etc/firejail/dropbox`.profile`. By naming it with a .profile suffix under your ${HOME} dir, you're actually replacing the one in /etc/firejail and you will have to track potential changes to the profile yourself. To avoid all that, you can tackle the python problem in a ~/.config/firejail/dropbox.local file while leaving the rest intact: ``` # Allow python (disabled by disable-interpreters.inc) noblacklist ${PATH}/python2* noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* noblacklist /usr/local/lib/python2* noblacklist /usr/local/lib/python3* ``` That will override what's in /etc/firejail/disable-interpreters.inc more selectively, no need to comment it out completely. It still keeps unneeded interpreters inaccessable, which is considered safer/more secure/less insecure depending on who you ask :smile: > Sorry about the unusual text size in part of the bug report -- unsure why that happened Use the toolbar options just above the input box to avoid copy-pasted code to mess with the styling.

gitea-mirror commented

2026-05-05 08:19:17 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 21, 2019):

This seems to have been resolved, so I'll go ahead and close this. @Mothsdroyp, please feel free to re-open if you have more questions.

@chiraag-nataraj commented on GitHub (May 21, 2019): This seems to have been resolved, so I'll go ahead and close this. @Mothsdroyp, please feel free to re-open if you have more questions.

gitea-mirror commented

2026-05-05 08:19:18 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 21, 2019):

Should we modify the shipped dropbox profile to not blacklist python2 or whatever?

@chiraag-nataraj commented on GitHub (May 21, 2019): Should we modify the shipped dropbox profile to not blacklist python2 or whatever?

gitea-mirror commented

2026-05-05 08:19:19 -06:00

Author

Owner

@Mothsdroyp commented on GitHub (Apr 22, 2020):

The following lines are also needed in addition to the above noblacklist {HOME}/.dropbox* and noblacklist {HOME}/Dropbox* is also needed.

With these additional lines firejail provides excellent security by preventing inadvertent sharing / uploading of files

@Mothsdroyp commented on GitHub (Apr 22, 2020): The following lines are also needed in addition to the above noblacklist {HOME}/.dropbox* and noblacklist {HOME}/Dropbox* is also needed. With these additional lines firejail provides excellent security by preventing inadvertent sharing / uploading of files

gitea-mirror commented

2026-05-05 08:19:20 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 22, 2020):

noblacklist ${HOME}/Dropbox* is not needed because there is no blacklist ${HOME}/Dropbox*.

@rusty-snake commented on GitHub (Apr 22, 2020): `noblacklist ${HOME}/Dropbox*` is not needed because there is no `blacklist ${HOME}/Dropbox*`.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1674

No description provided.

Rows
Columns