github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

.X11-unix into a chroot? #1707

New issue

Closed

opened 2026-05-05 08:21:52 -06:00 by gitea-mirror · 9 comments

gitea-mirror commented

2026-05-05 08:21:52 -06:00

Owner

Originally created by @dandelionred on GitHub (May 20, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2711

I debootstrapped ubuntu 19.04 into /nas/chroot/disco and installed smplayer inside.

Running this

firejail --noprofile --chroot=/nas/chroot/disco smplayer

I get this

...
qt.qpa.xcb: could not connect to display :0
...

As a dirty fix I set up such bind

sudo mount --bind /tmp /nas/chroot/disco/tmp

and chrooted smplayer can start now.

Is there some native to firejail way to pass /tmp/.X11-unix into a chroot?

Btw I run xorg with -nolisten local so there is no abstract socket. Hence /tmp/.X11-unix is the only way to X.

Originally created by @dandelionred on GitHub (May 20, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2711 I debootstrapped ubuntu 19.04 into /nas/chroot/disco and installed smplayer inside. Running this ``` firejail --noprofile --chroot=/nas/chroot/disco smplayer ``` I get this ``` ... qt.qpa.xcb: could not connect to display :0 ... ``` As a dirty fix I set up such bind ``` sudo mount --bind /tmp /nas/chroot/disco/tmp ``` and chrooted smplayer can start now. <br> Is there some **native to firejail** way to pass /tmp/.X11-unix into a chroot? <br> Btw I run xorg with `-nolisten local` so there is no abstract socket. Hence /tmp/.X11-unix is the only way to X.

gitea-mirror

2026-05-05 08:21:52 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 08:21:55 -06:00

Author

Owner

@smitsohu commented on GitHub (May 20, 2019):

Setting an environment variable FIREJAIL_X11 should work.

@smitsohu commented on GitHub (May 20, 2019): Setting an environment variable `FIREJAIL_X11` should work.

gitea-mirror commented

2026-05-05 08:21:57 -06:00

Author

Owner

@dandelionred commented on GitHub (May 20, 2019):

Setting an environment variable FIREJAIL_X11 should work.

I'm not sure how to use it

$ FIREJAIL_X11=1 firejail --noprofile --chroot=/nas/chroot/disco smplayer
Error: cannot find /tmp/.X11-unix in chroot directory

@dandelionred commented on GitHub (May 20, 2019): > Setting an environment variable `FIREJAIL_X11` should work. I'm not sure how to use it ``` $ FIREJAIL_X11=1 firejail --noprofile --chroot=/nas/chroot/disco smplayer Error: cannot find /tmp/.X11-unix in chroot directory ```

gitea-mirror commented

2026-05-05 08:21:57 -06:00

Author

Owner

@smitsohu commented on GitHub (May 20, 2019):

You need to create an empty /tmp/.X11-unix directory as mount point first.

@smitsohu commented on GitHub (May 20, 2019): You need to create an empty `/tmp/.X11-unix` directory as mount point first.

gitea-mirror commented

2026-05-05 08:21:58 -06:00

Author

Owner

@dandelionred commented on GitHub (May 20, 2019):

Thanks, it works now.

Mby the FIREJAIL_X11 tip should be added to https://firejail.wordpress.com/documentation-2/x11-guide/ ?

@dandelionred commented on GitHub (May 20, 2019): Thanks, it works now. Mby the FIREJAIL_X11 tip should be added to https://firejail.wordpress.com/documentation-2/x11-guide/ ?

gitea-mirror commented

2026-05-05 08:21:59 -06:00

Author

Owner

@smitsohu commented on GitHub (May 20, 2019):

To be honest, FIREJAIL_X11 is quite a dirty solution itself.

In the moment Firejail doesn't help too much in setting up the chroot, but this also means it will not get in your way too much. I think what you described in the original post is "the correct way" actually.

@smitsohu commented on GitHub (May 20, 2019): To be honest, `FIREJAIL_X11` is quite a dirty solution itself. In the moment Firejail doesn't help too much in setting up the chroot, but this also means it will not get in your way too much. I think what you described in the original post is "the correct way" actually.

gitea-mirror commented

2026-05-05 08:22:00 -06:00

Author

Owner

@dandelionred commented on GitHub (May 20, 2019):

KK, got it.

@dandelionred commented on GitHub (May 20, 2019): KK, got it.

gitea-mirror commented

2026-05-05 08:22:00 -06:00

Author

Owner

@smitsohu commented on GitHub (May 21, 2019):

A last note:

Don't set FIREJAIL_X11 to yes, any other value will work just fine.

@smitsohu commented on GitHub (May 21, 2019): A last note: Don't set `FIREJAIL_X11` to `yes`, any other value will work just fine.

gitea-mirror commented

2026-05-05 08:22:00 -06:00

Author

Owner

@dandelionred commented on GitHub (May 21, 2019):

@smitsohu What is wrong with FIREJAIL_X11=yes?

@dandelionred commented on GitHub (May 21, 2019): @smitsohu What is wrong with FIREJAIL_X11=yes?

gitea-mirror commented

2026-05-05 08:22:01 -06:00

Author

Owner

@smitsohu commented on GitHub (May 21, 2019):

@dandelionred FIREJAIL_X11=yes is used internally to indicate that an --x* option has been parsed; setting it to a value other than yes navigates around possible issues.

Did I already mention it is dirty? 😄

@smitsohu commented on GitHub (May 21, 2019): @dandelionred FIREJAIL_X11=yes is used internally to indicate that an `--x*` option has been parsed; setting it to a value other than yes navigates around possible issues. Did I already mention it is dirty? :smile:

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1707

No description provided.

Rows
Columns