github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3311] Teams and Firefox #2078

New issue

Closed

opened 2026-05-05 08:44:45 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 08:44:45 -06:00

Owner

Originally created by @derba on GitHub (Apr 1, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3311

I am using Firejail master of 31-03-2020, 4747e0ed7f on Fedora 31.

1. Joining meetings.
I receive invitations to MS Teams-based meetings in mail. I read my mails in Firefox. When I click on a meeting link "Launch Application" dialog pops up with MS Teams as an option.
If I run Firefox in Firejail (with the profile shipped with Firejail), then I cannot join that meeting. Probably Teams app does not get the indication from Firefox. If I run Firefox without Firejail then that works.

2. Opening links
In Teams chat there may be links. If I run Teams in Firejail (with the profile shipped with Firejail) then a new Firefox instance is opened and that cannot reach the net. Probably cannot read its settings, including proxy settings. Actually it cannot open Preferences or about:config either.

Is there any kind of solution to these, even if just in theory?

Originally created by @derba on GitHub (Apr 1, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3311 I am using Firejail master of 31-03-2020, 4747e0ed7f1d9e39974a1c5a5900db47ab1423aa on Fedora 31. **1. Joining meetings.** I receive invitations to MS Teams-based meetings in mail. I read my mails in Firefox. When I click on a meeting link "Launch Application" dialog pops up with MS Teams as an option. If I run Firefox in Firejail (with the profile shipped with Firejail), then I cannot join that meeting. Probably Teams app does not get the indication from Firefox. If I run Firefox without Firejail then that works. **2. Opening links** In Teams chat there may be links. If I run Teams in Firejail (with the profile shipped with Firejail) then a new Firefox instance is opened and that cannot reach the net. Probably cannot read its settings, including proxy settings. Actually it cannot open Preferences or about:config either. Is there any kind of solution to these, even if just in theory?

gitea-mirror closed this issue

2026-05-05 08:44:46 -06:00

gitea-mirror commented

2026-05-05 08:44:48 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 1, 2020):

assuming you installed teams native (and not with flatpak) then you can try the profile below (merge of teams.profile, electron.profile, firefox.profile and firefox-common.profile). save it under ~/.config/firejail and change your teams/firefox.desktop files to Execute firejail --profile=teams_and_firefox.profile teams/firefox. Maybe you need to add join-or-start.

teams_and_firefox.profile

include globals.local

?BROWSER_ALLOW_DRM: ignore noexec ${HOME}

noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.config/Microsoft
noblacklist ${HOME}/.config/teams
noblacklist ${HOME}/.local/share/pki
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.pki

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc

mkdir ${HOME}/.cache/mozilla/firefox
mkdir ${HOME}/.config/Microsoft
mkdir ${HOME}/.config/teams
mkdir ${HOME}/.local/share/pki
mkdir ${HOME}/.mozilla
mkdir ${HOME}/.pki
whitelist ${DOWNLOADS}
whitelist ${HOME}/.cache/mozilla/firefox
whitelist ${HOME}/.config/Microsoft
whitelist ${HOME}/.config/teams
whitelist ${HOME}/.local/share/pki
whitelist ${HOME}/.mozilla
whitelist ${HOME}/.pki
include whitelist-common.inc
include whitelist-var-common.inc

apparmor
caps.drop all
netfilter
nodbus
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
protocol unix,inet,inet6,netlink
seccomp !chroot
shell none

disable-mnt
private-cache
private-dev
private-tmp

@rusty-snake commented on GitHub (Apr 1, 2020): assuming you installed teams native (and not with flatpak) then you can try the profile below (merge of teams.profile, electron.profile, firefox.profile and firefox-common.profile). save it under ~/.config/firejail and change your teams/firefox.desktop files to `Exec`ute `firejail --profile=teams_and_firefox.profile teams/firefox`. Maybe you need to add join-or-start. teams_and_firefox.profile ``` include globals.local ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.config/Microsoft noblacklist ${HOME}/.config/teams noblacklist ${HOME}/.local/share/pki noblacklist ${HOME}/.mozilla noblacklist ${HOME}/.pki include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-programs.inc mkdir ${HOME}/.cache/mozilla/firefox mkdir ${HOME}/.config/Microsoft mkdir ${HOME}/.config/teams mkdir ${HOME}/.local/share/pki mkdir ${HOME}/.mozilla mkdir ${HOME}/.pki whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/mozilla/firefox whitelist ${HOME}/.config/Microsoft whitelist ${HOME}/.config/teams whitelist ${HOME}/.local/share/pki whitelist ${HOME}/.mozilla whitelist ${HOME}/.pki include whitelist-common.inc include whitelist-var-common.inc apparmor caps.drop all netfilter nodbus nodvd nogroups nonewprivs noroot notv nou2f protocol unix,inet,inet6,netlink seccomp !chroot shell none disable-mnt private-cache private-dev private-tmp ```

gitea-mirror commented

2026-05-05 08:44:48 -06:00

Author

Owner

@derba commented on GitHub (Apr 2, 2020):

@rusty-snake thank you. I just symlinked the new profile to teams/firefox.desktop. Works like charm.
The question arises what concept would be fine for Firejail, as the browser is like an OS, launching Teams, Zoom, LibreOffice, etc.

@derba commented on GitHub (Apr 2, 2020): @rusty-snake thank you. I just symlinked the new profile to teams/firefox.desktop. Works like charm. The question arises what concept would be fine for Firejail, as the browser is like an OS, launching Teams, Zoom, LibreOffice, etc.

gitea-mirror commented

2026-05-05 08:44:49 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 3, 2020):

In general you should prefer copying links/open document from file-managers.

@rusty-snake commented on GitHub (Apr 3, 2020): In general you should prefer copying links/open document from file-managers.

gitea-mirror commented

2026-05-05 08:44:50 -06:00

Author

Owner

@derba commented on GitHub (Apr 6, 2020):

Yes, that is what I usually do.
And when I need to attach a document (e.g. odt) in a web app then I copy that to Downloads, so that Firefox be able to access it. (Hard linking is not that easy using GUI. I hope copy-on-write avoids real writes.) And then delete that copy.

@derba commented on GitHub (Apr 6, 2020): Yes, that is what I usually do. And when I need to attach a document (e.g. odt) in a web app then I copy that to Downloads, so that Firefox be able to access it. (Hard linking is not that easy using GUI. I hope copy-on-write avoids real writes.) And then delete that copy.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2078

No description provided.

Rows
Columns