github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2997] Visual Studio Code not working under Archlinux #1878

New issue

Closed

opened 2026-05-05 08:32:42 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 08:32:42 -06:00

Owner

Originally created by @StarPicard on GitHub (Oct 13, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2997

Hi,

Visual Studio Code won't start up at all under Archlinux.

firejail version 0.9.60

Compile time support:
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

This is the output at startup:

Reading profile /etc/firejail/code.profile
Reading profile /etc/firejail/globals.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-passwdmgr.local
Reading profile /etc/firejail/disable-programs.inc
Parent pid 4538, child pid 4539
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 56.81 ms

Tried both commands recommended at #2946 .

My globals.local is the following:
apparmor

My code.profile is:

# Firejail profile for Visual Studio Code
# This file is overwritten after every install/update
# Persistent local customizations
include code.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.cargo/config
noblacklist ${HOME}/.cargo/registry
noblacklist ${HOME}/.config/Code
noblacklist ${HOME}/.config/Code - OSS
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.pythonrc.py
noblacklist ${HOME}/.vscode
noblacklist ${HOME}/.vscode-oss

include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc

caps.drop all
net none
netfilter
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp
shell none

private-cache
private-dev
private-tmp

# Disabling noexec ${HOME} for now since it will
# probably interfere with running some programmes
# in VS Code
# noexec ${HOME}
noexec /tmp

Originally created by @StarPicard on GitHub (Oct 13, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2997 Hi, Visual Studio Code won't start up at all under Archlinux. ``` firejail version 0.9.60 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` ``` This is the output at startup: Reading profile /etc/firejail/code.profile Reading profile /etc/firejail/globals.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-passwdmgr.local Reading profile /etc/firejail/disable-programs.inc Parent pid 4538, child pid 4539 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized in 56.81 ms ``` Tried both commands recommended at #2946 . My globals.local is the following: `apparmor` My code.profile is: ``` # Firejail profile for Visual Studio Code # This file is overwritten after every install/update # Persistent local customizations include code.local # Persistent global definitions include globals.local noblacklist ${HOME}/.cargo/config noblacklist ${HOME}/.cargo/registry noblacklist ${HOME}/.config/Code noblacklist ${HOME}/.config/Code - OSS noblacklist ${HOME}/.config/git noblacklist ${HOME}/.gitconfig noblacklist ${HOME}/.git-credentials noblacklist ${HOME}/.pythonrc.py noblacklist ${HOME}/.vscode noblacklist ${HOME}/.vscode-oss include disable-common.inc include disable-passwdmgr.inc include disable-programs.inc caps.drop all net none netfilter nodvd nogroups nonewprivs noroot nosound notv nou2f novideo protocol unix,inet,inet6,netlink seccomp shell none private-cache private-dev private-tmp # Disabling noexec ${HOME} for now since it will # probably interfere with running some programmes # in VS Code # noexec ${HOME} noexec /tmp ```

gitea-mirror

2026-05-05 08:32:42 -06:00

closed this issue
added the
invalid

information_old
labels

gitea-mirror commented

2026-05-05 08:32:46 -06:00

Author

Owner

@corecontingency commented on GitHub (Oct 14, 2019):

Have you tried removing apparmor from globals.local? Apparmor can break several programs. Either that or remove

include globals.local

from the VSC profile.

@corecontingency commented on GitHub (Oct 14, 2019): Have you tried removing `apparmor` from `globals.local`? Apparmor can break several programs. Either that or remove include globals.local from the VSC profile.

gitea-mirror commented

2026-05-05 08:32:47 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 14, 2019):

Or add ignore apparmor to code.local.

@rusty-snake commented on GitHub (Oct 14, 2019): Or add `ignore apparmor` to `code.local`.

gitea-mirror commented

2026-05-05 08:32:49 -06:00

Author

Owner

@StarPicard commented on GitHub (Oct 14, 2019):

Thank you!
It works.

@StarPicard commented on GitHub (Oct 14, 2019): Thank you! It works.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1878

No description provided.

Rows
Columns