github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3240] "firejail --appimage": does it really need to be executable? #2034

New issue

Closed

opened 2026-05-05 08:42:18 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 08:42:18 -06:00

Owner

Originally created by @Rosika2 on GitHub (Feb 23, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3240

----- not an issue per se, rather a question -----

Hello,

I´ve got a question concerning setting the executable bit in appimages.

I know firejail has appimage support and I´m glad to use it.
As far as appimages are concerned it says:

Before you can run an AppImage, you need to make it executable. This is a Linux security feature [...]

(https://discourse.appimage.org/t/how-to-run-an-appimage/80 )

Yet I DIDN´T do this for Cool-Retro-Term-1.1.1-x86_64.AppImage (https://appimage.github.io/Cool_Retro_Term/ )

On this very site it says:

If you want to restrict what Cool_Retro_Term can do on your system, you can run the AppImage in a sandbox like Firejail. This is entirely optional and currently needs to be configured by the user.

So I ran it in firejail using the command
firejail --appimage ./Cool-Retro-Term-1.1.1-x86_64.AppImage
and the programme runs perfectly.

So has it something to do with firejail itself that I really don´t need to make the appimage executable?
And if so why is that?

Thanks in advance for your help.

Greetings.
Rosika

P.S.:
system: Linux/Lubuntu 18.04.4 LTS, 64bit

Originally created by @Rosika2 on GitHub (Feb 23, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3240 ----- not an issue per se, rather a question ----- Hello, I´ve got a question concerning setting the executable bit in **appimages**. I know firejail has appimage support and I´m glad to use it. As far as appimages are concerned it says: > Before you can run an AppImage, you need to make it executable. This is a Linux security feature [...] (https://discourse.appimage.org/t/how-to-run-an-appimage/80 ) Yet I DIDN´T do this for Cool-Retro-Term-1.1.1-x86_64.AppImage (https://appimage.github.io/Cool_Retro_Term/ ) On this very site it says: > If you want to restrict what Cool_Retro_Term can do on your system, you can run the AppImage in a sandbox like Firejail. This is entirely optional and currently needs to be configured by the user. So I ran it in firejail using the command `firejail --appimage ./Cool-Retro-Term-1.1.1-x86_64.AppImage` and the programme runs perfectly. So has it something to do with firejail itself that I really don´t need to make the appimage executable? And if so why is that? Thanks in advance for your help. Greetings. Rosika P.S.: system: Linux/Lubuntu 18.04.4 LTS, 64bit

gitea-mirror

2026-05-05 08:42:18 -06:00

closed this issue
added the
question_old
label

gitea-mirror commented

2026-05-05 08:42:21 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 24, 2020):

Usually you need to make it executable because you want to execute the .AppImage file. AFAIK firejail extract the appimage to /run/firejail/appimage and then execute the AppRun (entry-point of AI).

@rusty-snake commented on GitHub (Feb 24, 2020): Usually you need to make it executable because you want to execute the .AppImage file. AFAIK firejail extract the appimage to /run/firejail/appimage and then execute the AppRun (entry-point of AI).

gitea-mirror commented

2026-05-05 08:42:22 -06:00

Author

Owner

@Rosika2 commented on GitHub (Feb 24, 2020):

@rusty-snake:
Hi and thank you for pointing out that matter.
So you´re perfectly right. I just ran my Cool-Retro-Term-1.1.1-x86_64.AppImage and looked up the permissions:

rosika@rosika-Lenovo-H520e /r/f/a/.a/u/bin> pwd
/run/firejail/appimage/.appimage-3882/usr/bin
rosika@rosika-Lenovo-H520e /r/f/a/.a/u/bin> ll
insgesamt 1,7M
-rwxrwxr-x 1 root root 1,7M Jan 19  2019 cool-retro-term*
-rw-rw-r-- 1 root root  146 Jan 19  2019 qt.conf

So firejail sees to it that the respective appimage becomes executable in /run/firejail/appimage/.appimage-3882/usr/bin . Very impressive.

So what it comes down to is that I don´t have to make the orignal appimage file executable when running it in firejail.

Thanks a lot for your help.
Greetings.
Rosika

@Rosika2 commented on GitHub (Feb 24, 2020): @rusty-snake: Hi and thank you for pointing out that matter. So you´re perfectly right. I just ran my `Cool-Retro-Term-1.1.1-x86_64.AppImage` and looked up the permissions: ``` rosika@rosika-Lenovo-H520e /r/f/a/.a/u/bin> pwd /run/firejail/appimage/.appimage-3882/usr/bin rosika@rosika-Lenovo-H520e /r/f/a/.a/u/bin> ll insgesamt 1,7M -rwxrwxr-x 1 root root 1,7M Jan 19 2019 cool-retro-term* -rw-rw-r-- 1 root root 146 Jan 19 2019 qt.conf ``` So firejail sees to it that the respective appimage becomes executable in _/run/firejail/appimage/.appimage-3882/usr/bin_ . Very impressive. So what it comes down to is that I don´t have to make the orignal appimage file executable when running it in firejail. Thanks a lot for your help. Greetings. Rosika

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2034

No description provided.

Rows
Columns