github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3096] running virt-manager within firejail #1940

New issue

Closed

opened 2026-05-05 08:36:30 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 08:36:30 -06:00

Owner

Originally created by @Rosika2 on GitHub (Dec 25, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3096

Hello,

I noticed that there´s a virtualbox.profile for firejail. That´s nice but I use qemu/kvm with virt-manager. Yet there´s no profile for that one.

So I tried
firejail virt-manager
which uses the default.profile.
But this doesn´t work as the GUI produces an error message like so:

"Unable to connect to libvirt qemu.///system. Make sure that libvirtd is running".

After that I tried
firejail --noprofile virt-manager
This command is successful and I can run my VM (BodhiLinux) without any problems.

My question is:
What do I have to change within the default.profile to make firejail realize that libvirtd is already running.
So that I don´t have to use the "--noprofile"-option.

Thanks in advance for your help.

Greetings.
Rosika

P.S.:

my system: Linux/Lubuntu 18.04.3 LTS, 64-bit
firejail: version 0.9.60

Originally created by @Rosika2 on GitHub (Dec 25, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/3096 Hello, I noticed that there´s a virtualbox.profile for firejail. That´s nice but I use _qemu/kvm_ with **virt-manager.** Yet there´s no profile for that one. So I tried `firejail virt-manager` which uses the default.profile. But this doesn´t work as the GUI produces an error message like so: "Unable to connect to libvirt qemu.///system. Make sure that libvirtd is running". After that I tried `firejail --noprofile virt-manager` This command is successful and I can run my VM (BodhiLinux) without any problems. My question is: What do I have to change within the default.profile to make firejail realize that libvirtd is already running. So that I don´t have to use the "--noprofile"-option. Thanks in advance for your help. Greetings. Rosika P.S.: my system: Linux/Lubuntu 18.04.3 LTS, 64-bit firejail: version 0.9.60

gitea-mirror

2026-05-05 08:36:30 -06:00

closed this issue
added the
question_old
label

gitea-mirror commented

2026-05-05 08:36:32 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 25, 2019):

There are also two other profile that are closer to virt-manager that the virtualbox profile:
https://github.com/netblue30/firejail/blob/master/etc/qemu-launcher.profile
https://github.com/netblue30/firejail/blob/master/etc/qemu-system-x86_64.profile

If we ignore all comments in the default profile, we come to this profile. I comment all line where I think that they may cause the issue. Can you copy this to a file (e.g. virt-manager.default.profile) and start virt-manager with firejail --profile=virt-manager.default.profile. Then uncomment line for line to see which line is it.

#include disable-common.inc
include disable-passwdmgr.inc
#include disable-programs.inc
#caps.drop all
netfilter
#nonewprivs
#noroot
#protocol unix,inet,inet6
#seccomp

@rusty-snake commented on GitHub (Dec 25, 2019): There are also two other profile that are closer to virt-manager that the virtualbox profile: https://github.com/netblue30/firejail/blob/master/etc/qemu-launcher.profile https://github.com/netblue30/firejail/blob/master/etc/qemu-system-x86_64.profile If we ignore all comments in the default profile, we come to this profile. I comment all line where I think that they may cause the issue. Can you copy this to a file (e.g. virt-manager.default.profile) and start virt-manager with `firejail --profile=virt-manager.default.profile`. Then uncomment line for line to see which line is it. ``` #include disable-common.inc include disable-passwdmgr.inc #include disable-programs.inc #caps.drop all netfilter #nonewprivs #noroot #protocol unix,inet,inet6 #seccomp ```

gitea-mirror commented

2026-05-05 08:36:33 -06:00

Author

Owner

@Rosika2 commented on GitHub (Dec 26, 2019):

@rusty-snake :

Hello and thank you for your response and help.

First of all I tried qemu-launcher.profile and qemu-system-x86_64.profile. I just wanted to know if they worked by any chance. Yet they didn´t. Neither did virtualbox.profile.

So I went on doing what you suggested.
1.) I copied the contents of the default.profile to the newly created virt-manager.default.profile, taking over the comments from the list you provided.
2.) I uncommented line for line to find out the responsible one.

It turned out that it´s noroot. Noroot must stay commented for virt-manager to realize that libvirtd is running.
So that´s it.

Thank you again so much for your help, especially at Christmas time. I appreciate it very much.
Happy holidays and many greetings.

Rosika

@Rosika2 commented on GitHub (Dec 26, 2019): @rusty-snake : Hello and thank you for your response and help. First of all I tried _qemu-launcher.profile_ and _qemu-system-x86_64.profile_. I just wanted to know if they worked by any chance. Yet they didn´t. Neither did _virtualbox.profile_. So I went on doing what you suggested. 1.) I copied the contents of the _default.profile_ to the newly created _virt-manager.default.profile_, taking over the comments from the list you provided. 2.) I uncommented line for line to find out the responsible one. It turned out that it´s `noroot`. Noroot must stay commented for virt-manager to realize that libvirtd is running. So that´s it. Thank you again so much for your help, especially at Christmas time. I appreciate it very much. Happy holidays and many greetings. Rosika

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1940

No description provided.

Rows
Columns