github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3389] Zeal profile not working #2129

New issue
Closed
opened 2026-05-05 08:48:29 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 08:48:29 -06:00
Owner
Copy link

Originally created by @OndrejMalek on GitHub (Apr 29, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3389

Describe the bug
firejail zeal does not display window or anything

Behavior change on disabling firejail
Zeal show up. But doesnot remember docsets

$ firejail --noprofile zeal
Parent pid 17556, child pid 17557
Child process initialized in 9.53 ms
qt5ct: using qt5ct plugin
Qt: Session management error: None of the authentication protocols specified are supported
zeal.core.applicationsingleton: Singleton ID: GNxAletmknejwIs_KXZiYaAzw9OzTsTq2ggd_l64LPQ
zeal.core.applicationsingleton: Starting as a primary instance. (PID: 6)
qt5ct: D-Bus global menu: no
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
qt5ct: D-Bus system tray: no
inotify_add_watch("/home/malekon/.config/qt5ct") failed: "No such file or directory"

Parent is shutting down, bye...

To Reproduce
firejail zeal

Desktop (please complete the following information):

$ lsb_release -a && echo "" && firejail --version
No LSB modules are available.
Distributor ID:	LinuxMint
Description:	Linux Mint 19 Tara
Release:	19
Codename:	tara

firejail version 0.9.62

Compile time support:
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Additional context

$ apt show zeal
Package: zeal
Version: 1:0.6.1-3ppa1~bionic1

Checklist

  • The upstream profile (and redirect profile if exists) have no changes fixing it.
debug output ``` 23:22:26 malekon@malekon:~ $ firejail --debug zeal > zeal.debug Reading profile /etc/firejail/zeal.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0 parsed as 0 Parent pid 17770, child pid 17771 Warning fcopy: skipping /etc/alternatives/orbd.1.gz, cannot find inode Warning fcopy: skipping /etc/alternatives/orbd, cannot find inode Warning fcopy: skipping /etc/alternatives/tnameserv.1.gz, cannot find inode Warning fcopy: skipping /etc/alternatives/servertool, cannot find inode Warning fcopy: skipping /etc/alternatives/tnameserv, cannot find inode Warning fcopy: skipping /etc/alternatives/servertool.1.gz, cannot find inode Warning: file /etc/crypto-policies not found. Warning: skipping crypto-policies for private /etc Warning: file /etc/locale not found. Warning: skipping locale for private /etc Warning: file /etc/locale.conf not found. Warning: skipping locale.conf for private /etc Warning: file /etc/pango not found. Warning: skipping pango for private /etc Warning: file /etc/Trolltech.conf not found. Warning: skipping Trolltech.conf for private /etc Warning fcopy: skipping /etc/xdg/menus/cinnamon-applications-merged, cannot find inode Warning fcopy: skipping /etc/xdg/menus/debian-menu.menu, cannot find inode Private /etc installed in 41.60 ms 1 program installed in 2.81 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Debug 423: new_name #/home/malekon/.config/firejail#, whitelist Debug 531: fname #/home/malekon/.config/firejail#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/Zeal#, whitelist Debug 531: fname #/home/malekon/.config/Zeal#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.cache/Zeal#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/Zeal#, whitelist Debug 531: fname #/home/malekon/.local/share/Zeal#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.XCompose#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.asoundrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/ibus#, whitelist Debug 531: fname #/home/malekon/.config/ibus#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/mimeapps.list#, whitelist Debug 531: fname #/home/malekon/.config/mimeapps.list#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/pkcs11#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/user-dirs.dirs#, whitelist Debug 531: fname #/home/malekon/.config/user-dirs.dirs#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.drirc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.icons#, whitelist Debug 531: fname #/home/malekon/.icons#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.local/share/applications#, whitelist Debug 531: fname #/home/malekon/.local/share/applications#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.local/share/icons#, whitelist Debug 531: fname #/home/malekon/.local/share/icons#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.local/share/mime#, whitelist Debug 531: fname #/home/malekon/.local/share/mime#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.mime.types#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/dconf#, whitelist Debug 531: fname #/home/malekon/.config/dconf#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.cache/fontconfig#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/fontconfig#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fontconfig#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts.conf#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts.conf.d#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts.d#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/fonts#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.pangorc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/gtk-2.0#, whitelist Debug 531: fname #/home/malekon/.config/gtk-2.0#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/gtk-3.0#, whitelist Debug 531: fname #/home/malekon/.config/gtk-3.0#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gnome2#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gnome2-private#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gtk-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gtkrc-2.0#, whitelist Debug 531: fname #/home/malekon/.gtkrc-2.0#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.kde/share/config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/themes#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.themes#, whitelist Debug 531: fname #/home/malekon/.themes#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.cache/kioexec/krun#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/Kvantum#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/Trolltech.conf#, whitelist Debug 531: fname #/home/malekon/.config/Trolltech.conf#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/qt5ct#, whitelist Debug 531: fname #/home/malekon/.config/qt5ct#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.kde/share/config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/oxygenrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/icons#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/oxygenrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/icons#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/qt5ct#, whitelist realpath: No such file or directory Debug 423: new_name #/var/lib/dbus#, whitelist Debug 423: new_name #/var/lib/menu-xdg#, whitelist realpath: No such file or directory Debug 423: new_name #/var/cache/fontconfig#, whitelist Debug 423: new_name #/var/tmp#, whitelist Debug 423: new_name #/var/run#, whitelist Debug 423: new_name #/var/lock#, whitelist Debug 423: new_name #/tmp/.X11-unix#, whitelist Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Blacklist violations are logged to syslog DISPLAY=:0 parsed as 0 Child process initialized in 113.19 ms qt5ct: using qt5ct plugin Qt: Session management error: None of the authentication protocols specified are supported /home/malekon/.gtkrc-2.0:1: Unable to find include file: ".gtkrc-xfce" zeal.core.applicationsingleton: Singleton ID: GNxAletmknejwIs_KXZiYaAzw9OzTsTq2ggd_l64LPQ zeal.core.applicationsingleton: Starting as a primary instance. (PID: 33) qt5ct: D-Bus global menu: no libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile qt5ct: D-Bus system tray: no ^C Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...

</details>

I have tried

firejail
--whitelist=/home/malekon/.gtkrc-2.0
--whitelist=/home/malekon/.gtkrc-xfce
--whitelist=/home/malekon/.config/qt5ct
--whitelist=/home/malekon/.cache/Zeal
--whitelist=/home/malekon/.config/Zeal
--whitelist=/home/malekon/.cache/Zeal/Zeal
--whitelist=/home/malekon/.local/share/Zeal
--whitelist=/home/malekon/.local/share/Zeal/Zeal
--debug zeal

still no UI
[firejail_zeal_whitelist_zeal_paths.txt](https://github.com/netblue30/firejail/files/4554762/firejail_zeal_whitelist_zeal_paths.txt)
Originally created by @OndrejMalek on GitHub (Apr 29, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3389 **Describe the bug** ```firejail zeal``` does not display window or anything **Behavior change on disabling firejail** Zeal show up. But doesnot remember docsets ``` $ firejail --noprofile zeal Parent pid 17556, child pid 17557 Child process initialized in 9.53 ms qt5ct: using qt5ct plugin Qt: Session management error: None of the authentication protocols specified are supported zeal.core.applicationsingleton: Singleton ID: GNxAletmknejwIs_KXZiYaAzw9OzTsTq2ggd_l64LPQ zeal.core.applicationsingleton: Starting as a primary instance. (PID: 6) qt5ct: D-Bus global menu: no libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile qt5ct: D-Bus system tray: no inotify_add_watch("/home/malekon/.config/qt5ct") failed: "No such file or directory" Parent is shutting down, bye... ``` **To Reproduce** ``` firejail zeal``` **Desktop (please complete the following information):** ``` $ lsb_release -a && echo "" && firejail --version No LSB modules are available. Distributor ID: LinuxMint Description: Linux Mint 19 Tara Release: 19 Codename: tara firejail version 0.9.62 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` **Additional context** ``` $ apt show zeal Package: zeal Version: 1:0.6.1-3ppa1~bionic1 ``` **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. <details><summary> debug output </summary> ``` 23:22:26 malekon@malekon:~ $ firejail --debug zeal > zeal.debug Reading profile /etc/firejail/zeal.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0 parsed as 0 Parent pid 17770, child pid 17771 Warning fcopy: skipping /etc/alternatives/orbd.1.gz, cannot find inode Warning fcopy: skipping /etc/alternatives/orbd, cannot find inode Warning fcopy: skipping /etc/alternatives/tnameserv.1.gz, cannot find inode Warning fcopy: skipping /etc/alternatives/servertool, cannot find inode Warning fcopy: skipping /etc/alternatives/tnameserv, cannot find inode Warning fcopy: skipping /etc/alternatives/servertool.1.gz, cannot find inode Warning: file /etc/crypto-policies not found. Warning: skipping crypto-policies for private /etc Warning: file /etc/locale not found. Warning: skipping locale for private /etc Warning: file /etc/locale.conf not found. Warning: skipping locale.conf for private /etc Warning: file /etc/pango not found. Warning: skipping pango for private /etc Warning: file /etc/Trolltech.conf not found. Warning: skipping Trolltech.conf for private /etc Warning fcopy: skipping /etc/xdg/menus/cinnamon-applications-merged, cannot find inode Warning fcopy: skipping /etc/xdg/menus/debian-menu.menu, cannot find inode Private /etc installed in 41.60 ms 1 program installed in 2.81 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Debug 423: new_name #/home/malekon/.config/firejail#, whitelist Debug 531: fname #/home/malekon/.config/firejail#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/Zeal#, whitelist Debug 531: fname #/home/malekon/.config/Zeal#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.cache/Zeal#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/Zeal#, whitelist Debug 531: fname #/home/malekon/.local/share/Zeal#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.XCompose#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.asoundrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/ibus#, whitelist Debug 531: fname #/home/malekon/.config/ibus#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/mimeapps.list#, whitelist Debug 531: fname #/home/malekon/.config/mimeapps.list#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/pkcs11#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/user-dirs.dirs#, whitelist Debug 531: fname #/home/malekon/.config/user-dirs.dirs#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.drirc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.icons#, whitelist Debug 531: fname #/home/malekon/.icons#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.local/share/applications#, whitelist Debug 531: fname #/home/malekon/.local/share/applications#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.local/share/icons#, whitelist Debug 531: fname #/home/malekon/.local/share/icons#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.local/share/mime#, whitelist Debug 531: fname #/home/malekon/.local/share/mime#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.mime.types#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/dconf#, whitelist Debug 531: fname #/home/malekon/.config/dconf#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.cache/fontconfig#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/fontconfig#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fontconfig#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts.conf#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts.conf.d#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.fonts.d#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/fonts#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.pangorc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/gtk-2.0#, whitelist Debug 531: fname #/home/malekon/.config/gtk-2.0#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/gtk-3.0#, whitelist Debug 531: fname #/home/malekon/.config/gtk-3.0#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gnome2#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gnome2-private#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gtk-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.gtkrc-2.0#, whitelist Debug 531: fname #/home/malekon/.gtkrc-2.0#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.kde/share/config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/themes#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.themes#, whitelist Debug 531: fname #/home/malekon/.themes#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.cache/kioexec/krun#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/Kvantum#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/Trolltech.conf#, whitelist Debug 531: fname #/home/malekon/.config/Trolltech.conf#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.config/qt5ct#, whitelist Debug 531: fname #/home/malekon/.config/qt5ct#, cfg.homedir #/home/malekon# Debug 423: new_name #/home/malekon/.kde/share/config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/config/oxygenrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde/share/icons#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/config/oxygenrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.kde4/share/icons#, whitelist realpath: No such file or directory Debug 423: new_name #/home/malekon/.local/share/qt5ct#, whitelist realpath: No such file or directory Debug 423: new_name #/var/lib/dbus#, whitelist Debug 423: new_name #/var/lib/menu-xdg#, whitelist realpath: No such file or directory Debug 423: new_name #/var/cache/fontconfig#, whitelist Debug 423: new_name #/var/tmp#, whitelist Debug 423: new_name #/var/run#, whitelist Debug 423: new_name #/var/lock#, whitelist Debug 423: new_name #/tmp/.X11-unix#, whitelist Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Blacklist violations are logged to syslog DISPLAY=:0 parsed as 0 Child process initialized in 113.19 ms qt5ct: using qt5ct plugin Qt: Session management error: None of the authentication protocols specified are supported /home/malekon/.gtkrc-2.0:1: Unable to find include file: ".gtkrc-xfce" zeal.core.applicationsingleton: Singleton ID: GNxAletmknejwIs_KXZiYaAzw9OzTsTq2ggd_l64LPQ zeal.core.applicationsingleton: Starting as a primary instance. (PID: 33) qt5ct: D-Bus global menu: no libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile qt5ct: D-Bus system tray: no ^C Parent received signal 2, shutting down the child process... Child received signal 2, shutting down the sandbox... Parent is shutting down, bye... ``` </details> I have tried ``` firejail \ --whitelist=/home/malekon/.gtkrc-2.0 \ --whitelist=/home/malekon/.gtkrc-xfce \ --whitelist=/home/malekon/.config/qt5ct \ --whitelist=/home/malekon/.cache/Zeal \ --whitelist=/home/malekon/.config/Zeal \ --whitelist=/home/malekon/.cache/Zeal/Zeal \ --whitelist=/home/malekon/.local/share/Zeal \ --whitelist=/home/malekon/.local/share/Zeal/Zeal \ --debug zeal ``` still no UI [firejail_zeal_whitelist_zeal_paths.txt](https://github.com/netblue30/firejail/files/4554762/firejail_zeal_whitelist_zeal_paths.txt)
gitea-mirror 2026-05-05 08:48:29 -06:00
gitea-mirror commented 2026-05-05 08:48:32 -06:00
Author
Owner
Copy link

@OndrejMalek commented on GitHub (Apr 29, 2020):

This works:

firejail \
--whitelist=${HOME}/.config/qt5ct \
--whitelist=${HOME}/.cache/Zeal \
--whitelist=${HOME}/.config/Zeal \
--whitelist=${HOME}/.local/share/Zeal \
--debug \
--noprofile zeal
<!-- gh-comment-id:621492236 --> @OndrejMalek commented on GitHub (Apr 29, 2020): This works: ``` firejail \ --whitelist=${HOME}/.config/qt5ct \ --whitelist=${HOME}/.cache/Zeal \ --whitelist=${HOME}/.config/Zeal \ --whitelist=${HOME}/.local/share/Zeal \ --debug \ --noprofile zeal ```
gitea-mirror commented 2026-05-05 08:48:33 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Apr 30, 2020):

Anything in the syslog?

<!-- gh-comment-id:621649072 --> @rusty-snake commented on GitHub (Apr 30, 2020): Anything in the syslog?
gitea-mirror commented 2026-05-05 08:48:34 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Apr 30, 2020):

I just installed zeal on Arch and briefly tested the profile. Zeal needs netlink and mdwe breaks it. Also, ${HOME}/.config/qt5ct and ${HOME}/.local/share/qt5ct are already whitelisted in whitelist-common.inc, which gets included, so those shouldn't be an issue. Downloading docsets worked just fine and they were still there after a restart.

Try adding the below options to your local override ${HOME}/.config/firejail/zeal.profile and try again please. Depending on your workflow/preferences there could be other options that need to be added, but let's start out by trying to get basic functionality working okay?

mkdir ${HOME}/.config/qt5ct

protocol unix,inet,inet6,netlink

ignore memory-deny-write-execute
<!-- gh-comment-id:621663458 --> @ghost commented on GitHub (Apr 30, 2020): I just installed zeal on Arch and **briefly** tested the profile. Zeal needs _netlink_ and _mdwe_ breaks it. Also, ${HOME}/.config/qt5ct and ${HOME}/.local/share/qt5ct are already whitelisted in whitelist-common.inc, which gets included, so those shouldn't be an issue. Downloading docsets worked just fine and they were still there after a restart. Try adding the below options to your local override ${HOME}/.config/firejail/zeal.profile and try again please. Depending on your workflow/preferences there could be other options that need to be added, but let's start out by trying to get basic functionality working okay? ``` mkdir ${HOME}/.config/qt5ct protocol unix,inet,inet6,netlink ignore memory-deny-write-execute ```
gitea-mirror commented 2026-05-05 08:48:35 -06:00
Author
Owner
Copy link

@OndrejMalek commented on GitHub (May 19, 2020):

@rusty-snake I am grepping but nothing relevant? How should I grep. I do sudo rg -C 5 firejail /var/log/kern*
@glitsj16 Thx, That almost works but still need to whitelist dirs by my self

mkdir ${HOME}/.config/qt5ct

protocol unix,inet,inet6,netlink

ignore memory-deny-write-execute

whitelist ${HOME}/.cache/Zeal
whitelist ${HOME}/.config/Zeal
whitelist ${HOME}/.local/share/Zeal # without this I can not see already stored docsets or perserve anything between app restarts.

whitelist ${HOME}/.config/qt5ct # without this there is different font size in UI - all Qt apps do this

I have tried uncomment all in /etc/firejail/zeal.profile, but still with no avail. It is whitelisted in /etc/firejail/whitelist-common.inc as you mentioned, But still fails. I don't use any symlinks in config paths. Seems like firejail bug.

<!-- gh-comment-id:630938049 --> @OndrejMalek commented on GitHub (May 19, 2020): @rusty-snake I am grepping but nothing relevant? How should I grep. I do `sudo rg -C 5 firejail /var/log/kern*` @glitsj16 Thx, That almost works but still need to whitelist dirs by my self ``` mkdir ${HOME}/.config/qt5ct protocol unix,inet,inet6,netlink ignore memory-deny-write-execute whitelist ${HOME}/.cache/Zeal whitelist ${HOME}/.config/Zeal whitelist ${HOME}/.local/share/Zeal # without this I can not see already stored docsets or perserve anything between app restarts. whitelist ${HOME}/.config/qt5ct # without this there is different font size in UI - all Qt apps do this ``` I have tried uncomment all in `/etc/firejail/zeal.profile`, but still with no avail. It is whitelisted in `/etc/firejail/whitelist-common.inc` as you mentioned, But still fails. I don't use any symlinks in config paths. Seems like firejail bug.
gitea-mirror commented 2026-05-05 08:48:36 -06:00
Author
Owner
Copy link

@OndrejMalek commented on GitHub (May 19, 2020):

OK installed from master 76127399a5
And it works out of the box without any local zeal.profile needed.

<!-- gh-comment-id:630949820 --> @OndrejMalek commented on GitHub (May 19, 2020): OK installed from master 76127399a5811a0b5ae3fffbd999bf22fba032e1 And it works out of the box without any local zeal.profile needed.
gitea-mirror commented 2026-05-05 08:48:38 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (May 19, 2020):

@OndrejMalek I see now where I tripped up. Instead of ${HOME}/.config/firejail/zeal.profile I should have stated ${HOME}/.config/firejail/zeal.local. Glad to hear you got things working as expected. Thanks for bringing this to our attention!

<!-- gh-comment-id:630951463 --> @ghost commented on GitHub (May 19, 2020): @OndrejMalek I see now where I tripped up. Instead of ${HOME}/.config/firejail/zeal.**profile** I should have stated ${HOME}/.config/firejail/zeal.**local**. Glad to hear you got things working as expected. Thanks for bringing this to our attention!
gitea-mirror commented 2026-05-05 08:48:38 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 21, 2020):

FWIW:

I am grepping but nothing relevant? How should I grep. I do sudo rg -C 5 firejail /var/log/kern*

(assuming your using systemd)

Open a terminal and start journalctl --follow, then start zeal and watch for messages.

seccomp violation are not logged by firejail, they are logged by auditd. Therefore you would need to grep at least for SECCOMP and firejail, but watching --follow is easier.

<!-- gh-comment-id:632186498 --> @rusty-snake commented on GitHub (May 21, 2020): FWIW: > I am grepping but nothing relevant? How should I grep. I do `sudo rg -C 5 firejail /var/log/kern*` (assuming your using systemd) Open a terminal and start `journalctl --follow`, then start zeal and watch for messages. seccomp violation are not logged by firejail, they are logged by auditd. Therefore you would need to grep at least for `SECCOMP` and `firejail`, but watching `--follow` is easier.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2129
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?