[GH-ISSUE #2812] Error: no suitable firefox executable found

gitea-mirror commented

2026-05-05 08:26:07 -06:00

Owner

Originally created by @mahilkita on GitHub (Jun 30, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2812

I just installed firejail - the install ran smoothly - however I do not have firefox in my root directory but rather in home/david/opt - thus when running david@Liberation:~$ firejail firefox I get this 👍

Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 10419, child pid 10420
Blacklist violations are logged to syslog
Child process initialized in 106.24 ms
Error: no suitable firefox executable found

Parent is shutting down, bye...

Firejail needs to search the home dir for programmes like Tor and Thunderbird and Firefox anyway what config file do I need to edit to tell firejail where firefox is

email me at skipper@gbenet.com

Thanks

David

Originally created by @mahilkita on GitHub (Jun 30, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2812 I just installed firejail - the install ran smoothly - however I do not have firefox in my root directory but rather in home/david/opt - thus when running david@Liberation:~$ firejail firefox I get this :+1: Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 10419, child pid 10420 Blacklist violations are logged to syslog Child process initialized in 106.24 ms Error: no suitable firefox executable found Parent is shutting down, bye... Firejail needs to search the home dir for programmes like Tor and Thunderbird and Firefox anyway what config file do I need to edit to tell firejail where firefox is email me at skipper@gbenet.com Thanks David

gitea-mirror

2026-05-05 08:26:07 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 08:26:10 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Jun 30, 2019):

you can try putting the following in ~/.config/firejail/firefox.local

ignore noexec ${HOME}
whitelist ${HOME}/opt/firefox

similar can be done for thunderbird

for a workaround for TBB you can use torbrowser-launcher instead

@SkewedZeppelin commented on GitHub (Jun 30, 2019): you can try putting the following in `~/.config/firejail/firefox.local` ``` ignore noexec ${HOME} whitelist ${HOME}/opt/firefox ``` similar can be done for thunderbird for a workaround for TBB you can use torbrowser-launcher instead

gitea-mirror commented

2026-05-05 08:26:11 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 30, 2019):

more instructions for the TBB:
https://github.com/netblue30/firejail/wiki/Sandboxing-Binary-Software#tor-browser-home-install
https://github.com/rusty-snake/firejailed-tor-browser

@rusty-snake commented on GitHub (Jun 30, 2019): more instructions for the TBB: https://github.com/netblue30/firejail/wiki/Sandboxing-Binary-Software#tor-browser-home-install https://github.com/rusty-snake/firejailed-tor-browser

gitea-mirror commented

2026-05-05 08:26:12 -06:00

Author

Owner

@matu3ba commented on GitHub (Jul 8, 2019):

@mahilkita Did this solve your problems?
@rusty-snake Is the manual in your first link not sufficient? I did link to that in the FAQ.

@matu3ba commented on GitHub (Jul 8, 2019): @mahilkita Did this solve your problems? @rusty-snake Is the manual in your first link not sufficient? I did link to that in the FAQ.

gitea-mirror commented

2026-05-05 08:26:13 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 8, 2019):

Is the manual in your first link not sufficient?

Yes, but my repo is a little bit older then the wiki and it trys to be as strict as possible.

@rusty-snake commented on GitHub (Jul 8, 2019): > Is the manual in your first link not sufficient? Yes, but my repo is a little bit older then the wiki and it trys to be as strict as possible.

gitea-mirror commented

2026-05-05 08:26:14 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 20, 2019):

@mahilkita I'm closing here due to inactivity, please fell free to reopen if you still have this issue.

@rusty-snake commented on GitHub (Aug 20, 2019): @mahilkita I'm closing here due to inactivity, please fell free to reopen if you still have this issue.

gitea-mirror commented

2026-05-05 08:26:15 -06:00

Author

Owner

@svc88 commented on GitHub (Mar 30, 2020):

you can try putting the following in ~/.config/firejail/firefox.local
ignore noexec ${HOME}
whitelist ${HOME}/opt/firefox
similar can be done for thunderbird

for a workaround for TBB you can use torbrowser-launcher instead

To this date, shouldnt there be a noblacklist as well now? Like so:

noblacklist ${HOME}/opt/firefox
ignore noexec ${HOME}
whitelist ${HOME}/opt/firefox

@svc88 commented on GitHub (Mar 30, 2020): > you can try putting the following in `~/.config/firejail/firefox.local` > > ``` > ignore noexec ${HOME} > whitelist ${HOME}/opt/firefox > ``` > > similar can be done for thunderbird > > for a workaround for TBB you can use torbrowser-launcher instead To this date, shouldnt there be a noblacklist as well now? Like so: ``` noblacklist ${HOME}/opt/firefox ignore noexec ${HOME} whitelist ${HOME}/opt/firefox ```

gitea-mirror commented

2026-05-05 08:26:15 -06:00

Author

Owner

@rusty-snake commented on GitHub (Mar 31, 2020):

@svc88 we never blacklist ${HOME}/opt/firefox (nor ${HOME}/opt).

@rusty-snake commented on GitHub (Mar 31, 2020): @svc88 we never blacklist `${HOME}/opt/firefox` (nor `${HOME}/opt`).

gitea-mirror commented

2026-05-05 08:26:15 -06:00

Author

Owner

@rakor commented on GitHub (May 31, 2022):

I have the same issue running on debian stable.
firejail version 0.9.64.4

Also having installed the latest firefox in ~/opt/firefox.
I tried to put the lines in ~/.config/firejail/firefox.local but it does still not work telling me:

Warning: networking feature is disabled in Firejail configuration file
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 395639, child pid 395642
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 150.06 ms
Exec failed with error: Permission denied

Parent is shutting down, bye...

@rakor commented on GitHub (May 31, 2022): I have the same issue running on debian stable. firejail version 0.9.64.4 Also having installed the latest firefox in ~/opt/firefox. I tried to put the lines in ~/.config/firejail/firefox.local but it does still not work telling me: ``` Warning: networking feature is disabled in Firejail configuration file Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 395639, child pid 395642 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 150.06 ms Exec failed with error: Permission denied Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 08:26:16 -06:00

Author

Owner

@ghost commented on GitHub (May 31, 2022):

@rakor The project recommends to use the backports packages on Debian stable. Please upgrade your Firejail setup and try again.

@ghost commented on GitHub (May 31, 2022): @rakor The project [recommends](https://github.com/netblue30/firejail#debian) to use the [backports](https://packages.debian.org/bullseye-backports/firejail) packages on Debian stable. Please upgrade your Firejail setup and try again.

gitea-mirror commented

2026-05-05 08:26:16 -06:00

Author

Owner

@rakor commented on GitHub (May 31, 2022):

Hi @glitsj16. Thanks for your help. I found the issue is apparmor. If I also add ignore apparmor to the firefox.local it is running. Btw. the same occures on Debian testing (firejail version 0.9.68).
I only don't understand the difference to the firefox-esr, that is installed using the official repository, which runs smooth just by firejail firefox. I don't have knowledge of apparmor, but in /etc/apparmor.d I could not find any firefox-profile. But as said, I never did anything with apparmor.
Is it less secure, running it with ignore apparmor ?!

@rakor commented on GitHub (May 31, 2022): Hi @glitsj16. Thanks for your help. I found the issue is apparmor. If I also add `ignore apparmor` to the firefox.local it is running. Btw. the same occures on Debian testing (firejail version 0.9.68). I only don't understand the difference to the firefox-esr, that is installed using the official repository, which runs smooth just by `firejail firefox`. I don't have knowledge of apparmor, but in `/etc/apparmor.d` I could not find any firefox-profile. But as said, I never did anything with apparmor. Is it less secure, running it with `ignore apparmor` ?!

gitea-mirror commented

2026-05-05 08:26:17 -06:00

Author

Owner

@rusty-snake commented on GitHub (May 31, 2022):

The reason why apparmor only breaks firefox in ~ but not firefox-esr in /usr/bin is that apparmor restricts execution of programs to a few well-known directories.
fab6225687/etc/apparmor/firejail-default (L88-L98)

You can allow firefox in firejail-local
fab6225687/etc/apparmor/firejail-local (L4-L18)

@rusty-snake commented on GitHub (May 31, 2022): The reason why `apparmor` only breaks firefox in ~ but not firefox-esr in /usr/bin is that apparmor restricts execution of programs to a few well-known directories. https://github.com/netblue30/firejail/blob/fab622568775dd4b3d17231e9f0d48cf598cfb4e/etc/apparmor/firejail-default#L88-L98 You can allow firefox in firejail-local https://github.com/netblue30/firejail/blob/fab622568775dd4b3d17231e9f0d48cf598cfb4e/etc/apparmor/firejail-local#L4-L18

gitea-mirror commented

2026-05-05 08:26:17 -06:00

Author

Owner

@ghost commented on GitHub (Jun 1, 2022):

@rakor

Is it less secure, running it with ignore apparmor ?!

That's up for debate. Personally I have been using Firejail and AppArmor in tandem for quite a while and feel OK with that combination. I did create AA profiles for most of the apps/daemons I use on my system, which took some time and effort. For other opinions 'out (t)here' on this topic: see e.g. #4786, #4522.

I never did anything with apparmor

If you are unsure whether AA is properly configured/functioning on your system it might be informational to read https://wiki.archlinux.org/title/Apparmor. And if you decide to not use it with Firejail there's a switch in /etc/firejail/firejail.config you can set, which is easier than having to create individual overrides. You'll need to change the default (enabled):

[...]
# Enable AppArmor functionality, default enabled.
apparmor no
[...]

@ghost commented on GitHub (Jun 1, 2022): @rakor > Is it less secure, running it with ignore apparmor ?! That's up for debate. Personally I have been using Firejail and AppArmor in tandem for quite a while and feel OK with that combination. I did create AA profiles for most of the apps/daemons I use on my system, which took some time and effort. For other opinions 'out (t)here' on this topic: see e.g. #4786, #4522. > I never did anything with apparmor If you are unsure whether AA is properly configured/functioning on your system it might be informational to read https://wiki.archlinux.org/title/Apparmor. And if you decide to _not_ use it with Firejail there's a switch in `/etc/firejail/firejail.config` you can set, which is easier than having to create individual overrides. You'll need to change the default (enabled): ``` [...] # Enable AppArmor functionality, default enabled. apparmor no [...] ```

gitea-mirror referenced this issue

2026-05-05 10:13:04 -06:00

[PR #1762] [MERGED] add localtime to private-etc to make qtox show correct time #4062

Rows
Columns

[GH-ISSUE #2812] Error: no suitable firefox executable found #1762