github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

dirname apparmor issue #1842

New issue

Closed

opened 2026-05-05 08:30:35 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 08:30:35 -06:00

Owner

Originally created by @adrelanos on GitHub (Sep 7, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2948

Tor Browser 8.5.5 with firejail and https://github.com/Whonix/apparmor-profile-torbrowser

Sep 07 03:42:10 host kernel: audit: type=1400 audit(1567827730.866:126): apparmor="DENIED" operation="exec" profile="/**/*-browser/Browser/firefox" name="/usr/local/bin/dirname" pid=15407 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

Does not happen without firejail.

There is no such file /usr/local/bin/dirname. There are no files in /usr/local/bin.

Why does firejail try to execute something form that folder? Avoidable? Could you fix that apparmor issue in a generic way somehow?

Perhaps similar solution as for https://github.com/netblue30/firejail/issues/2947?

Originally created by @adrelanos on GitHub (Sep 7, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2948 Tor Browser 8.5.5 with firejail and https://github.com/Whonix/apparmor-profile-torbrowser > Sep 07 03:42:10 host kernel: audit: type=1400 audit(1567827730.866:126): apparmor="DENIED" operation="exec" profile="/**/*-browser/Browser/firefox" name="/usr/local/bin/dirname" pid=15407 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Does not happen without firejail. There is no such file /usr/local/bin/dirname. There are no files in /usr/local/bin. Why does firejail try to execute something form that folder? Avoidable? Could you fix that apparmor issue in a generic way somehow? Perhaps similar solution as for https://github.com/netblue30/firejail/issues/2947?

gitea-mirror

2026-05-05 08:30:35 -06:00

closed this issue
added the
duplicate
label

gitea-mirror commented

2026-05-05 08:30:39 -06:00

Author

Owner

@Vincent43 commented on GitHub (Sep 7, 2019):

I don't know the reason of this specific issue but you may reconsider if it does make sense running app with both firejail and custom tailored AppArmor profile. It will get you troubles like that and security benefits will be mostly redundant.

@Vincent43 commented on GitHub (Sep 7, 2019): I don't know the reason of this specific issue but you may reconsider if it does make sense running app with both firejail and custom tailored AppArmor profile. It will get you troubles like that and security benefits will be mostly redundant.

gitea-mirror commented

2026-05-05 08:30:41 -06:00

Author

Owner

@adrelanos commented on GitHub (Sep 21, 2019):

Do you agree with this sentiment? @netblue30

@adrelanos commented on GitHub (Sep 21, 2019): Do you agree with this sentiment? @netblue30

gitea-mirror commented

2026-05-05 08:30:42 -06:00

Author

Owner

@Vincent43 commented on GitHub (Sep 21, 2019):

Why does firejail try to execute something form that folder? Avoidable? Could you fix that apparmor issue in a generic way somehow?

To clarify, /**/*-browser/Browser/firefox is your app AppArmor profile which blocks firejail execution. To fix it you would need to weaken this profile. This is exactly I pointed out in https://github.com/netblue30/firejail/issues/2947#issuecomment-529116717 . By trying to use both AppArmor app specific profile with firejail you decrease overall security, not improve it.

@Vincent43 commented on GitHub (Sep 21, 2019): > Why does firejail try to execute something form that folder? Avoidable? Could you fix that apparmor issue in a generic way somehow? To clarify, `/**/*-browser/Browser/firefox` is your app AppArmor profile which blocks firejail execution. To fix it you would need to weaken this profile. This is exactly I pointed out in https://github.com/netblue30/firejail/issues/2947#issuecomment-529116717 . By trying to use both AppArmor app specific profile with firejail you decrease overall security, not improve it.

gitea-mirror commented

2026-05-05 08:30:43 -06:00

Author

Owner

@Vincent43 commented on GitHub (Sep 22, 2019):

Closing as it's essentially duplicate of https://github.com/netblue30/firejail/issues/2947 and makes discussion fragmented.

@Vincent43 commented on GitHub (Sep 22, 2019): Closing as it's essentially duplicate of https://github.com/netblue30/firejail/issues/2947 and makes discussion fragmented.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1842

No description provided.

Rows
Columns