github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #2792] Wiki: Frequently Asked Questions #1747

New issue
Closed
opened 2026-05-05 08:24:57 -06:00 by gitea-mirror · 46 comments
gitea-mirror commented 2026-05-05 08:24:57 -06:00
Owner
Copy link

Originally created by @matu3ba on GitHub (Jun 22, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2792

The text on support/FAQ is an ideal candidate to for the wiki.

Edit:

New FAQ page here: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions

Originally created by @matu3ba on GitHub (Jun 22, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2792 The text on [support/FAQ](https://firejail.wordpress.com/support/) is an ideal candidate to for the wiki. Edit: New FAQ page here: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions
gitea-mirror 2026-05-05 08:24:57 -06:00
  • closed this issue
  • added the
    wiki
         label
gitea-mirror commented 2026-05-05 08:25:01 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jun 22, 2019):

content to add for FAQ: #1385, #2046, #2387
[TODO:review]

<!-- gh-comment-id:504614698 --> @matu3ba commented on GitHub (Jun 22, 2019): content to add for FAQ: #1385, #2046, #2387 [TODO:review]
gitea-mirror commented 2026-05-05 08:25:02 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jun 22, 2019):

(keyword "help" and "tip", searching for open issues)
Tips to add for FAQ: #404, #1652
GUI stuff: #2707
[mark as outdated]

<!-- gh-comment-id:504615235 --> @matu3ba commented on GitHub (Jun 22, 2019): <strike>(keyword "help" and "tip", searching for open issues) Tips to add for FAQ: #404, #1652 GUI stuff: #2707</strike> [mark as outdated]
gitea-mirror commented 2026-05-05 08:25:03 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 22, 2019):

more to add:

<!-- gh-comment-id:504640889 --> @rusty-snake commented on GitHub (Jun 22, 2019): more to add: * https://github.com/netblue30/firejail/projects/1 (some points are better for a new page or for create a profile) * (not all) https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion * (not all) https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation * #2795
gitea-mirror commented 2026-05-05 08:25:03 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 22, 2019):

done

I started translating the FAQ to Markdown: https://gist.github.com/rusty-snake/3b62c4c433320415dee6f1f836887d5f

EDIT: I also add some comments (<!--TODO:) about the content.

<!-- gh-comment-id:504647226 --> @rusty-snake commented on GitHub (Jun 22, 2019): <details><summary>done</summary> I started translating the FAQ to Markdown: https://gist.github.com/rusty-snake/3b62c4c433320415dee6f1f836887d5f EDIT: I also add some comments (`<!--TODO:`) about the content. </details>
gitea-mirror commented 2026-05-05 08:25:04 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 23, 2019):

Note: Update the FAQ link in the README when this is Finish. done

<!-- gh-comment-id:504727829 --> @rusty-snake commented on GitHub (Jun 23, 2019): ~Note: Update the FAQ link in the README when this is Finish.~ done
gitea-mirror commented 2026-05-05 08:25:04 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 24, 2019):

I'll move it in the wiki today!

<!-- gh-comment-id:505009382 --> @netblue30 commented on GitHub (Jun 24, 2019): I'll move it in the wiki today!
gitea-mirror commented 2026-05-05 08:25:04 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 24, 2019):

New wiki page, thanks @rusty-snake, start editing! I'm not sure what I'll do with the one on the web page, probably I'll redirect it to wiki.

<!-- gh-comment-id:505036562 --> @netblue30 commented on GitHub (Jun 24, 2019): New wiki [page](https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions), thanks @rusty-snake, start editing! I'm not sure what I'll do with the one on the web page, probably I'll redirect it to wiki.
gitea-mirror commented 2026-05-05 08:25:05 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 24, 2019):

done
<!-- gh-comment-id:505077856 --> @rusty-snake commented on GitHub (Jun 24, 2019): <details><summary>done</summary> - [x] TODOs I noted in https://gist.githubusercontent.com/rusty-snake/3b62c4c433320415dee6f1f836887d5f/raw/6b3f8cada23e8fa839f239d774c3329e441a7d3c/FAQ.md 1. > **Firefox crashing on Netflix, AMDGPU PRO, Nvidia closed source drivers** > ``` > Example: >$ firejail --allow-debuggers --ignore=seccomp --ignore=protocol firefox --no-remote >``` :ballot_box_with_check: Should we add `--ignore=noroot` `--ignore=nonewprivs` … ? 2. > **How do I run two instances of Firefox?** > Then, start the second sandbox: > ``` > $ firejail --private firefox --no-remote > ``` :ballot_box_with_check: TODO: `--private` will lose everything, consider an other solution: * ~`--private=~/second-ff`~ * `firejail firefox -P "SecondFFprofile" --no-remote` SecondFFprofile must first be created on about:profiles 3. > > The best way to handle the command line switch is to place it in a > custom profile in `~/.config/firejail` file in your home directory. > Create a `vlc.profile` text file in this directory, with the following content: > ``` > $ cat ~/.config/firejail/vlc.profile > include /etc/firejail/vlc.profile > net none > ``` :ballot_box_with_check: Consider using vlc.local - [x] > Patched security profiles for are available for Firejail versions 0.9.38.x (LST) and 0.9.52. **You can find them in our profile fixes section.** Another option is to install Firejail 0.9.54. Add a link, maybe we should also add/move the instruction. * https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#firefox-60-problems * https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#libreoffice-on-ubuntu-1804 - [x] `"s/–/--/g"` </details>
gitea-mirror commented 2026-05-05 08:25:05 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 24, 2019):

@rusty-snake - go for it!

<!-- gh-comment-id:505108886 --> @netblue30 commented on GitHub (Jun 24, 2019): @rusty-snake - go for it!
gitea-mirror commented 2026-05-05 08:25:06 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Jun 25, 2019):

For the PulseAudio FAQ https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#pulseaudio-7080-issue it says

It affects among others Arch, Ubuntu 16.04 and Mint users. This problem was fixed PulseAudio version 9.0.

Since this issue is only present for pulseaudio 7 or 8, and currently on Arch pulseaudio is at version 12.2, any reason to leave Arch in the list?

<!-- gh-comment-id:505279753 --> @Fred-Barclay commented on GitHub (Jun 25, 2019): For the PulseAudio FAQ https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#pulseaudio-7080-issue it says > It affects among others **Arch**, Ubuntu 16.04 and Mint users. This problem was fixed PulseAudio version 9.0. Since this issue is only present for pulseaudio 7 or 8, and currently on Arch pulseaudio is at version 12.2, any reason to leave Arch in the list?
gitea-mirror commented 2026-05-05 08:25:06 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 26, 2019):

Arch removed from PulseAudio issue!

<!-- gh-comment-id:505966100 --> @netblue30 commented on GitHub (Jun 26, 2019): Arch removed from PulseAudio issue!
gitea-mirror commented 2026-05-05 08:25:07 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jun 27, 2019):

#404 defines improved strace hint, which belongs to the guide and does not make sense to seperate
#1652 is a gnome guide for xephyr, does anybody use that frequently/is that not already discussed in a guide?
#2707 used a reference to overlayfs, which is described in another guide

<!-- gh-comment-id:506099692 --> @matu3ba commented on GitHub (Jun 27, 2019): <strike>#404 defines improved strace hint, which belongs to the guide and does not make sense to seperate #1652 is a gnome guide for xephyr, does anybody use that frequently/is that not already discussed in a guide? #2707 used a reference to overlayfs, which is described in another guide</strike>
gitea-mirror commented 2026-05-05 08:25:07 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jun 27, 2019):

@rusty-snake https://github.com/netblue30/firejail/projects/1 explains several things. Do you want me to write some tests on that for explanation?
I do not get exactly what the use cases are and would likely write maybe 1 sentence to each functionality.
Regarding https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation would it maybe not easier to tag them as FAQ or hint a proper searching for the user on github?
Copy-pasting loads of text for uncertain gain does not look super interesting to me.

<!-- gh-comment-id:506101359 --> @matu3ba commented on GitHub (Jun 27, 2019): @rusty-snake https://github.com/netblue30/firejail/projects/1 explains several things. Do you want me to write some tests on that for explanation? I do not get exactly what the use cases are and would likely write maybe 1 sentence to each functionality. Regarding https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation would it maybe not easier to tag them as FAQ or hint a proper searching for the user on github? Copy-pasting loads of text for uncertain gain does not look super interesting to me.
gitea-mirror commented 2026-05-05 08:25:07 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 27, 2019):

https://github.com/netblue30/firejail/projects/1 explains several things

I think only the Usage section is good for the FAQ, the other are better for a own page.

https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation

that was rather meant that if you have time / energy you can go through it to see which of them are suitable

#404 Found. 🤣

<!-- gh-comment-id:506211150 --> @rusty-snake commented on GitHub (Jun 27, 2019): > https://github.com/netblue30/firejail/projects/1 explains several things I think only the Usage section is good for the FAQ, the other are better for a own page. > https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation that was rather meant that if you have time / energy you can go through it to see which of them are suitable *** #404 Found. :rofl:
gitea-mirror commented 2026-05-05 08:25:08 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jun 27, 2019):

> > https://github.com/netblue30/firejail/projects/1 explains several things

I think only the Usage section is good for the FAQ, the other are better for a own page.

Will look into that.

https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation

 > that was rather meant that if you have time / energy you can go through it to see which of them are suitable > I did request a search option for duplicates in github and will do it by that means. Aside hopefully soon the related options are searchable/usable to group issues.

#404 Found. rofl

xD

<!-- gh-comment-id:506331019 --> @matu3ba commented on GitHub (Jun 27, 2019): <strike> > > https://github.com/netblue30/firejail/projects/1 explains several things > > I think only the Usage section is good for the FAQ, the other are better for a own page. > Will look into that. > > https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation > </strike> > that was rather meant that if you have time / energy you can go through it to see which of them are suitable > I did request a search option for duplicates in github and will do it by that means. Aside hopefully soon the related options are searchable/usable to group issues. > #404 Found. rofl xD
gitea-mirror commented 2026-05-05 08:25:08 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jun 27, 2019):

@netblue30
What do you want to do with all the questions/comments on the support page?
Are there tools for extracting the comments and importing them into another github repo?
Or do you think it is even worth the effort?

<!-- gh-comment-id:506425508 --> @matu3ba commented on GitHub (Jun 27, 2019): @netblue30 What do you want to do with all the questions/comments on the support page? Are there tools for extracting the comments and importing them into another github repo? Or do you think it is even worth the effort?
gitea-mirror commented 2026-05-05 08:25:09 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jun 27, 2019):

@rusty-snake I was thinking of explaining one profile, but after a while I realized
that it is more useful to integrate that into the profile creation (for the part Usage).

So the overall idea is to change name of "Wiki: creating profile" to "Wiki: Usage and Profiles".
I have several duplicate stuff already and generally the shell parameters are quite the same as the profile options.
dirty idea thingy to be integrated:
https://gist.github.com/matu3ba/2fe10dc599d1f0671a23cce8aeb0a975
What do you think?

<!-- gh-comment-id:506446718 --> @matu3ba commented on GitHub (Jun 27, 2019): @rusty-snake I was thinking of explaining one profile, but after a while I realized that it is more useful to integrate that into the profile creation (for the part Usage). So the overall idea is to **change name of "Wiki: creating profile" to "Wiki: Usage and Profiles"**. I have several duplicate stuff already and generally the shell parameters are quite the same as the profile options. dirty idea thingy to be integrated: https://gist.github.com/matu3ba/2fe10dc599d1f0671a23cce8aeb0a975 What do you think?
gitea-mirror commented 2026-05-05 08:25:09 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 27, 2019):

i think that creating profiles should contain all information that makes writing your own profiles easier, so what about spliting a small usage out of your Idea and add it to FAQ and the rest to Creating profiels

<!-- gh-comment-id:506469437 --> @rusty-snake commented on GitHub (Jun 27, 2019): i think that creating profiles should contain all information that makes writing your own profiles easier, so what about spliting a small usage out of your Idea and add it to FAQ and the rest to Creating profiels
gitea-mirror commented 2026-05-05 08:25:09 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 28, 2019):

What do you want to do with all the questions/comments on the support page?

Maybe we can extract some of the questions/solutions they come up with, but other than that is not worth the trouble importing them.

<!-- gh-comment-id:506559259 --> @netblue30 commented on GitHub (Jun 28, 2019): > What do you want to do with all the questions/comments on the support page? Maybe we can extract some of the questions/solutions they come up with, but other than that is not worth the trouble importing them.
gitea-mirror commented 2026-05-05 08:25:10 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 30, 2019):

https://github.com/netblue30/firejail/issues/2812

Quite a common question, I'll added to the FAQ.

<!-- gh-comment-id:507049867 --> @netblue30 commented on GitHub (Jun 30, 2019): https://github.com/netblue30/firejail/issues/2812 Quite a common question, I'll added to the FAQ.
gitea-mirror commented 2026-05-05 08:25:10 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 1, 2019):

>

more to add:

* https://github.com/netblue30/firejail/projects/1 (some points are better for a new page or for create a profile)

I did write the usage to the Wiki:Create profile in #2748.
Could you elaborate which points are useful to explicitly mention besides the README.md regarding the command line?

* (not all)

TODO-list
FAQ questions
Symlink fixing (installation path in /usr/local ie #1995, #2629
Apparmor activation/deactivation/integration testing #1987,
Allowing specific profiles #2097,
Whitelist and Blacklist bugs?`#2419

maybe (User could easily search for that in FAQ)/other place might be better
Running inside Docker not supported #1956,
#404 defines improved strace hint, which belongs to the guide and does not make sense to seperate
#1652 is a gnome guide for xephyr, does anybody use that frequently/is that not already discussed in a guide?

[Mark as outdated]

<!-- gh-comment-id:507237911 --> @matu3ba commented on GitHub (Jul 1, 2019): <strike>> > > more to add: > > * https://github.com/netblue30/firejail/projects/1 (some points are better for a new page or for create a profile) I did write the usage to the Wiki:Create profile in #2748. Could you elaborate which points are useful to explicitly mention besides the README.md regarding the command line? > > * (not all) - [ ] https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion > TODO-list FAQ questions Symlink fixing (installation path in /usr/local ie #1995, #2629 Apparmor activation/deactivation/integration testing #1987, Allowing specific profiles #2097, Whitelist and Blacklist bugs?`#2419 maybe (User could easily search for that in FAQ)/other place might be better Running inside Docker not supported #1956, #404 defines improved strace hint, which belongs to the guide and does not make sense to seperate #1652 is a gnome guide for xephyr, does anybody use that frequently/is that not already discussed in a guide? </strike> [Mark as outdated]
gitea-mirror commented 2026-05-05 08:25:11 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 1, 2019):

> * (not all) https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation > > * #2795 TODO: #2812 tor browser fix, should be already done, but I do not see that (yet) #2795 firefox mailto, #1718 mailto for chromium, #2579 #692 adding information of incompability of running firejail inside docker (no virtualization as goal of firejail) #2291 apparmor local customizations (fixing apparmor) #1521 root permission crash/using firejail on root users server (seperate guideline?) #833 read-only well known inconsistency, #402 #158

maybe (elsewhere)
#2480 is related to read-only (missing tests and documentation)
#1569 whitelist blacklist discussion
#593 cgroup guideline
#1600 wlan interfaces with firejail guideline?

[Mark as outdated]

<!-- gh-comment-id:507280847 --> @matu3ba commented on GitHub (Jul 1, 2019): <strike> > * (not all) https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation > > * #2795 TODO: #2812 tor browser fix, should be already done, but I do not see that (yet) #2795 firefox mailto, #1718 mailto for chromium, #2579 #692 adding information of incompability of running firejail inside docker (no virtualization as goal of firejail) #2291 apparmor local customizations (fixing apparmor) #1521 root permission crash/using firejail on root users server (seperate guideline?) #833 read-only well known inconsistency, #402 #158 maybe (elsewhere) #2480 is related to read-only (missing tests and documentation) #1569 whitelist blacklist discussion #593 cgroup guideline #1600 wlan interfaces with firejail guideline? </strike> [Mark as outdated]
gitea-mirror commented 2026-05-05 08:25:11 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Jul 1, 2019):

$ firejail --allow-debuggers --ignore=seccomp --ignore=protocol --ignore=noroot --ignore=nogroups --ignore=nonewprivs firefox --no-remote

I don't like recommending this, nor have I seen it necessary. Where is it from?

<!-- gh-comment-id:507288146 --> @SkewedZeppelin commented on GitHub (Jul 1, 2019): > `$ firejail --allow-debuggers --ignore=seccomp --ignore=protocol --ignore=noroot --ignore=nogroups --ignore=nonewprivs firefox --no-remote` I don't like recommending this, nor have I seen it necessary. Where is it from?
gitea-mirror commented 2026-05-05 08:25:11 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 1, 2019):

@SkewedZeppelin from the wordpress FAQ.

line 135: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions/_compare/edf31690da5d6fe123482a3b7d21aef013f53b54

I add only --ignore=noroot --ignore=nogroups --ignore=nonewprivs.

<!-- gh-comment-id:507288895 --> @rusty-snake commented on GitHub (Jul 1, 2019): @SkewedZeppelin from the wordpress FAQ. line 135: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions/_compare/edf31690da5d6fe123482a3b7d21aef013f53b54 I add only `--ignore=noroot --ignore=nogroups --ignore=nonewprivs`.
gitea-mirror commented 2026-05-05 08:25:12 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 1, 2019):

FAQ killing process
ip tables filter (better guideline, no FAQ)
Did you identify any further useful FAQs?

[Mark as Outdated]

<!-- gh-comment-id:507290665 --> @matu3ba commented on GitHub (Jul 1, 2019): <strike>[FAQ killing process](https://firejail.wordpress.com/support/comment-page-1/#comment-288) [ip tables filter (better guideline, no FAQ)](https://firejail.wordpress.com/support/comment-page-1/#comment-293) Did you identify any further useful FAQs? </strike> [Mark as Outdated]
gitea-mirror commented 2026-05-05 08:25:12 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Jul 1, 2019):

Netflix (Widevine CDM) should only need browser-allow-drm yes.
The only time ptrace is used with with Widevine CDM under Chromium in certain edge cases iirc.

and I thought ignore noroot was all that was needed for NVIDIA proprietary drivers?

I haven't tested AMDGPU PRO in a while but I don't think it uses any SUID binaries like the NVIDIA ones, so it can be removed from there.

<!-- gh-comment-id:507290766 --> @SkewedZeppelin commented on GitHub (Jul 1, 2019): Netflix (Widevine CDM) should only need `browser-allow-drm yes`. The only time ptrace is used with with Widevine CDM under Chromium in certain edge cases iirc. and I thought `ignore noroot` was all that was needed for NVIDIA proprietary drivers? I haven't tested AMDGPU PRO in a while but I don't think it uses any SUID binaries like the NVIDIA ones, so it can be removed from there.
gitea-mirror commented 2026-05-05 08:25:13 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 2, 2019):

Last update of tasks 2019-07-02
Last update of work 2019-07-08
FAQ
information
#2812 tor browser fix
#2795 firefox mailto, #1718 mailto for chromium,
#2579 #692 adding information of incompability of running firejail inside docker (no virtualization as goal of firejail)
#2291 apparmor local customizations (fixing apparmor)
#833 read-only well known inconsistency, #402 #158
#1521 root permission crash/using firejail on root users server ((new) server guideline, hint)

question
Apparmor activation/deactivation/integration testing #1987
Symlink fixing (installation path in /usr/local ie #1995, #2629 [common problem]
Allowing specific profiles #2097
Whitelist and Blacklist bugs? #2419

elsewhere
information
#2480 is related to read-only
#1569 whitelist blacklist discussion [add infos to profiles]
#593 cgroup guideline [new guideline]
#1600 wlan interfaces with firejail [new guideline]

questions
Running inside Docker not supported #1956,
#404 defines improved strace hint [add infos to guideline or/and move guideline from website]
#1652 is a gnome guide for xephyr [??? lately no bug requests on xephyr]

FAQ killing process [addition of example to FAQ?]
ip tables filter (better guideline, no FAQ) [new/better guideline]

Outdated and apparmor should be sufficiently explained in man page.

<!-- gh-comment-id:507656581 --> @matu3ba commented on GitHub (Jul 2, 2019): Last update of tasks 2019-07-02 Last update of work 2019-07-08 **FAQ** information <strike>#2812 tor browser fix</strike> <strike>#2795 firefox mailto, #1718 mailto for chromium</strike>, <strike>#2579 #692 adding information of incompability of running firejail inside docker (no virtualization as goal of firejail)</strike> <strike>#2291 apparmor local customizations (fixing apparmor)</strike> <strike>#833 read-only well known inconsistency, #402 #158 </strike> <strike>#1521 root permission crash/using firejail on root users server (**(new) server guideline**, hint)</strike> question <strike>Apparmor activation/deactivation/integration testing #1987 </strike> <strike>Symlink fixing (installation path in /usr/local ie #1995, #2629 [**common problem**] Allowing specific profiles #2097 Whitelist and Blacklist bugs? #2419 </strike> **elsewhere** information <strike>#2480 is related to read-only #1569 whitelist blacklist discussion [add infos to profiles] #593 cgroup guideline [**new guideline**] #1600 wlan interfaces with firejail [**new guideline**]</strike> questions <strike>Running inside Docker not supported #1956, #404 defines improved strace hint [add infos to **guideline** or/and move guideline from website] #1652 is a gnome guide for xephyr [**???** lately no bug requests on xephyr] [FAQ killing process](https://firejail.wordpress.com/support/comment-page-1/#comment-288) [addition of example to FAQ?] [ip tables filter (better guideline, no FAQ)](https://firejail.wordpress.com/support/comment-page-1/#comment-293) [**new/better guideline**]</strike> Outdated and apparmor should be sufficiently explained in man page.
gitea-mirror commented 2026-05-05 08:25:13 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 8, 2019):

Last update of tasks 2019-07-02
Last update of work 2019-07-09

Common problem
1.Symlink fixing(installation path in /usr/local #1995 #2629
2. whitelist and blacklist #2419 whitelist-blacklist discussion #1569
3. allowing specific profiles #2097

Guidelines

  1. server #1521
  2. cgroup #593
  3. wlan interfaces #1600, ip tables filter
  4. strace #404
  5. Xephyr ??? #1652
<!-- gh-comment-id:509188575 --> @matu3ba commented on GitHub (Jul 8, 2019): Last update of tasks 2019-07-02 Last update of work 2019-07-09 **Common problem** <strike>1.Symlink fixing(installation path in /usr/local #1995 #2629 2. whitelist and blacklist #2419 whitelist-blacklist discussion #1569 3. allowing specific profiles #2097</strike> **Guidelines** <strike> 1. server #1521 2. cgroup #593 3. wlan interfaces #1600, [ip tables filter](https://firejail.wordpress.com/support/comment-page-1/#comment-293) 4. strace #404 5. Xephyr ??? #1652 </strike>
gitea-mirror commented 2026-05-05 08:25:14 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Jul 8, 2019):

Can we please not use the hide/resolve comment feature?
I know it can be handy, but evil GitHub prevents non-logged in users from reading hidden comments (even ones that aren't spam and are simply outdated/resolved) for whatever crazy reason.

Commenting here since this issue has the most hidden comments.

<!-- gh-comment-id:509324524 --> @SkewedZeppelin commented on GitHub (Jul 8, 2019): Can we please not use the hide/resolve comment feature? I know it can be handy, but evil GitHub prevents non-logged in users from reading hidden comments (even ones that aren't spam and are simply outdated/resolved) for whatever crazy reason. Commenting here since this issue has the most hidden comments.
gitea-mirror commented 2026-05-05 08:25:14 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 9, 2019):

@SkewedZeppelin

Summary ```js const x = 1 ```

explained in here could be used or can you think of a better way?
I dont like the need to write the annoying tags, so I requested a github functionality for this.

<!-- gh-comment-id:509627763 --> @matu3ba commented on GitHub (Jul 9, 2019): @SkewedZeppelin <details> <summary>Summary</summary> ```js const x = 1 ``` </details> explained in [here](https://github.com/dear-github/dear-github/issues/166#issuecomment-322367328) could be used or can you think of a better way? I dont like the need to write the annoying tags, so I requested a github functionality for this.
gitea-mirror commented 2026-05-05 08:25:14 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 9, 2019):

@matu3ba

I dont like the need to write the annoying tags, so I requested a github functionality for this.

Easyer: GH allow all users to show the comments.

@SkewedZeppelin OK, that's real evil from GH. I will not use it for now, but one questions. Do you mean that also for the profile request issue or just for the wiki issues?

<!-- gh-comment-id:509631566 --> @rusty-snake commented on GitHub (Jul 9, 2019): @matu3ba > I dont like the need to write the annoying tags, so I requested a github functionality for this. Easyer: GH allow all users to show the comments. @SkewedZeppelin OK, that's real evil from GH. I will not use it for now, but one questions. Do you mean that also for the profile request issue or just for the wiki issues?
gitea-mirror commented 2026-05-05 08:25:15 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 9, 2019):

TODO
1.allowing specific profiles #2097
2. LD_PRELOAD, once finished

<!-- gh-comment-id:509665760 --> @matu3ba commented on GitHub (Jul 9, 2019): **TODO** 1.allowing specific profiles #2097 2. LD_PRELOAD, once finished
gitea-mirror commented 2026-05-05 08:25:15 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 11, 2019):

@matu3ba I don't really understand what your new "A program does not start with firejail" point is about. starts the program fine, but not in firejail or firejail breaks the program from starting.

<!-- gh-comment-id:510622161 --> @rusty-snake commented on GitHub (Jul 11, 2019): @matu3ba I don't really understand what your new "A program does not start with firejail" point is about. starts the program fine, but not in firejail or firejail breaks the program from starting.
gitea-mirror commented 2026-05-05 08:25:16 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Jul 13, 2019):

@rusty-snake It is the description of the problem.
Do you have a better idea how to reformulate?
Or shall I leave it out?

<!-- gh-comment-id:511070082 --> @matu3ba commented on GitHub (Jul 13, 2019): @rusty-snake It is the description of the problem. Do you have a better idea how to reformulate? Or shall I leave it out?
gitea-mirror commented 2026-05-05 08:25:16 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 13, 2019):

firejail --list does not show the running program to be inside a firejail sandbox.

  1. There is no firejail profile

@matu3ba that makes no sense, becausefirejail PROGRAM_WITHOUT_PROFILE will load the default profile.

<!-- gh-comment-id:511105261 --> @rusty-snake commented on GitHub (Jul 13, 2019): > `firejail --list` does not show the running program to be inside a firejail sandbox. > 1. There is no firejail profile @matu3ba that makes no sense, because`firejail PROGRAM_WITHOUT_PROFILE` will load the default profile.
gitea-mirror commented 2026-05-05 08:25:17 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Sep 9, 2019):

#2953
#2880

<!-- gh-comment-id:529497695 --> @rusty-snake commented on GitHub (Sep 9, 2019): ~#2953~ #2880
gitea-mirror commented 2026-05-05 08:25:17 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 25, 2020):

#3173
#3185

<!-- gh-comment-id:578403370 --> @rusty-snake commented on GitHub (Jan 25, 2020): #3173 #3185
gitea-mirror commented 2026-05-05 08:25:18 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Apr 10, 2020):

#3224 zombies
#3100 common signalling problems in applications

<!-- gh-comment-id:611817816 --> @matu3ba commented on GitHub (Apr 10, 2020): #3224 zombies #3100 common signalling problems in applications
gitea-mirror commented 2026-05-05 08:25:18 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 9, 2020):

@NetSysFire

- First make sure you have run `sudo firecfg`.
+ First make sure you have run `firecfg` as root.

There is a huge difference between running firecfg as root and sudo firecfg:
firecfg does only perform a desktop-file fix-up if it is started with sudo.

IMHO: The explicit note for firejail /opt/foo/bar was easier for unskilled users.

<!-- gh-comment-id:655920863 --> @rusty-snake commented on GitHub (Jul 9, 2020): @NetSysFire ```diff - First make sure you have run `sudo firecfg`. + First make sure you have run `firecfg` as root. ``` There is a huge difference between running `firecfg` as root and `sudo firecfg`: firecfg does only perform a desktop-file fix-up if it is started with sudo. IMHO: The explicit note for `firejail /opt/foo/bar` was easier for unskilled users.
gitea-mirror commented 2026-05-05 08:25:18 -06:00
Author
Owner
Copy link

@NetSysFire commented on GitHub (Jul 31, 2020):

For some reason I did not see this.
Fixed: a45691b053...bc30985c2e

<!-- gh-comment-id:666915318 --> @NetSysFire commented on GitHub (Jul 31, 2020): For some reason I did not see this. Fixed: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions/_compare/a45691b053a8e7431dd4574b0c426c6b4eb85de3...bc30985c2ee1e2d65dce375652757c687a317dd3
gitea-mirror commented 2026-05-05 08:25:19 -06:00
Author
Owner
Copy link

@NetSysFire commented on GitHub (Aug 16, 2020):

I made some relatively small changes to the page.

One thing that is still missing imo is a section or even a page on how to debug errors.

<!-- gh-comment-id:674471850 --> @NetSysFire commented on GitHub (Aug 16, 2020): I [made some relatively small changes](https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions/_compare/5efd5ff513d092c57808516c995d885662e18c85...a714619280e47e4915d5b7f715ab7314555b6f01) to the page. One thing that is still missing imo is a section or even a page on how to debug errors.
gitea-mirror commented 2026-05-05 08:25:19 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Aug 17, 2020):

@NetSysFire You find this here. Probably the name should be Debugging Tips instead of Developing Firejail renamed, since there was no activity on that wiki page for a long time

<!-- gh-comment-id:675123923 --> @matu3ba commented on GitHub (Aug 17, 2020): @NetSysFire You find this [here](https://github.com/netblue30/firejail/wiki/Debugging-Firejail). <strike>Probably the name should be **Debugging Tips** instead of **Developing Firejail**</strike> renamed, since there was no activity on that wiki page for a long time
gitea-mirror commented 2026-05-05 08:25:21 -06:00
Author
Owner
Copy link

@NetSysFire commented on GitHub (Aug 18, 2020):

This will not help the average user to debug common issues, like a broken profile. I would like to add something like this:

  • run it in your terminal if you have not done that already, the output may contain relevant errors
    • also try to increase the verbosity of the affected application because it may report that it can not access a specific file or directory
    • if it segfaults, check your syslog for audit messages which indicate a blocked syscall
  • try using the default profile (--profile=default)
  • use the --debug* arguments
  • ...

I will probably add this to the debugging page later but the list is not complete yet.

Hints on how to debug a specific error message would also be very useful. Error: proc 30891 cannot sync with peer: unexpected EOF for example is not that easy to understand.

<!-- gh-comment-id:675672798 --> @NetSysFire commented on GitHub (Aug 18, 2020): This will not help the average user to debug common issues, like a broken profile. I would like to add something like this: - run it in your terminal if you have not done that already, the output may contain relevant errors - also try to increase the verbosity of the affected application because it may report that it can not access a specific file or directory - if it segfaults, check your syslog for audit messages which indicate a blocked syscall - try using the default profile (`--profile=default`) - use the `--debug*` arguments - ... I will probably add this to the debugging page later but the list is not complete yet. Hints on how to debug a specific error message would also be very useful. `Error: proc 30891 cannot sync with peer: unexpected EOF` for example is not that easy to understand.
gitea-mirror commented 2026-05-05 08:25:21 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 24, 2020):

We need to change all the dbus stuff.

<!-- gh-comment-id:679259809 --> @rusty-snake commented on GitHub (Aug 24, 2020): We need to change all the dbus stuff.
gitea-mirror commented 2026-05-05 08:25:21 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Mar 5, 2021):

@SkewedZeppelin commented on Jul 8, 2019:

Can we please not use the hide/resolve comment feature?

I know it can be handy, but evil GitHub prevents non-logged in users from
reading hidden comments (even ones that aren't spam and are simply
outdated/resolved) for whatever crazy reason.

Commenting here since this issue has the most hidden comments.

The loginwall is very unfortunate indeed.

I just checked if it also affects Pull Request threads marked as "resolved",
and fortunately it doesn't.

<!-- gh-comment-id:791562705 --> @kmk3 commented on GitHub (Mar 5, 2021): @SkewedZeppelin commented on Jul 8, 2019: > Can we please not use the hide/resolve comment feature? > > I know it can be handy, but evil GitHub prevents non-logged in users from > reading hidden comments (even ones that aren't spam and are simply > outdated/resolved) for whatever crazy reason. > > Commenting here since this issue has the most hidden comments. The loginwall is very unfortunate indeed. I just checked if it also affects Pull Request threads marked as "resolved", and fortunately it doesn't.
gitea-mirror commented 2026-05-05 08:25:22 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2021):

https://github.com/netblue30/firejail/discussions/4446

<!-- gh-comment-id:892733312 --> @rusty-snake commented on GitHub (Aug 4, 2021): https://github.com/netblue30/firejail/discussions/4446
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1747
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?