github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3429] Firejail should report which profile it can't load in an include chain #2156

New issue
Closed
opened 2026-05-05 08:49:58 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 08:49:58 -06:00
Owner
Copy link

Originally created by @zupatisc on GitHub (May 22, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3429

Bug and expected behavior

  • When there is an error in a profile file that is included by an applications profile firejail will return "Error: cannot access profile file".
  • For me I had to remove all disable-* includes but there was never any hint from firejail as to what file it had problems reading, I think it should.

Reproduce
Steps to reproduce the behavior:
Other context about the problem like related errors to understand the problem.

  1. Create an rtorrent.profile in ~/.config/firejail
  2. Include rtorrent's profile found in /etc/firejail/
  3. Run in bash firejail rtorrent
  4. See error Error: cannot access profile file

Environment

  • Linux 5.6.12-artix1-1
  • firejail --version: 0.9.56

Additional context
I've had problems with the disable-* files and creating customizations for very long and with firejail build straight from git, the normal arch package and firejail-git and I suspect it's related this. I reinstalled using the -git AUR package just before creating this and made sure the files in /etc/firejail aren't old.

Originally created by @zupatisc on GitHub (May 22, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3429 **Bug and expected behavior** - When there is an error in a profile file that is included by an applications profile firejail will return "Error: cannot access profile file". - For me I had to remove all disable-* includes but there was never any hint from firejail as to what file it had problems reading, I think it should. **Reproduce** Steps to reproduce the behavior: Other context about the problem like related errors to understand the problem. 1. Create an rtorrent.profile in ~/.config/firejail 2. Include rtorrent's profile found in /etc/firejail/ 3. Run in bash `firejail rtorrent` 4. See error `Error: cannot access profile file` **Environment** - Linux 5.6.12-artix1-1 - firejail --version: 0.9.56 **Additional context** I've had problems with the disable-* files and creating customizations for very long and with firejail build straight from git, the normal arch package and firejail-git and I suspect it's related this. I reinstalled using the -git AUR package just before creating this and made sure the files in /etc/firejail aren't old.
gitea-mirror commented 2026-05-05 08:50:01 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 22, 2020):

I can not reproduce this (firejail-git). What exactly did you add to .config/firejail/rtorrent.profile?

$ echo "nclude rtorrent.profile" > .config/firejail/rtorrent.profile
$ firejail --debug --profile=rtorrent.profile true
Error: inaccessible profile file: rtorrent.profile
$ echo "include /etc/firejail/rtorrent.profile" > .config/firejail/rtorrent.profile
$ firejail --debug --profile=rtorrent.profile true                                 
Error: inaccessible profile file: rtorrent.profile

Looks like the profile is printed on master.

git grep "cannot access profile" src:
3d61f52d4d/src/firejail/profile.c (L1572-L1581)

<!-- gh-comment-id:632657601 --> @rusty-snake commented on GitHub (May 22, 2020): I can not reproduce this (firejail-git). What exactly did you add to .config/firejail/rtorrent.profile? ``` $ echo "nclude rtorrent.profile" > .config/firejail/rtorrent.profile $ firejail --debug --profile=rtorrent.profile true Error: inaccessible profile file: rtorrent.profile $ echo "include /etc/firejail/rtorrent.profile" > .config/firejail/rtorrent.profile $ firejail --debug --profile=rtorrent.profile true Error: inaccessible profile file: rtorrent.profile ``` --- Looks like the profile is printed on master. `git grep "cannot access profile" src`: https://github.com/netblue30/firejail/blob/3d61f52d4d9b0a54ae13981332df921dcc5409f8/src/firejail/profile.c#L1572-L1581
gitea-mirror commented 2026-05-05 08:50:02 -06:00
Author
Owner
Copy link

@zupatisc commented on GitHub (May 22, 2020):

The exact contents of ~/.config/firejail/rtorrent.profile are:

include /etc/firejail/rtorrent.profile

whitelist ${HOME}/Torrents
whitelist ${HOME}/.config/rtorrent
whitelist ${DOWNLOADS}

Odd that it should show the profile it encountered an error with but it really doesn't show it, only which profiles it could read. The standard profile works fine btw so maybe this has something to do with the relative directory to the files named for inclusion?

<!-- gh-comment-id:632901777 --> @zupatisc commented on GitHub (May 22, 2020): The exact contents of ~/.config/firejail/rtorrent.profile are: ``` include /etc/firejail/rtorrent.profile whitelist ${HOME}/Torrents whitelist ${HOME}/.config/rtorrent whitelist ${DOWNLOADS} ``` Odd that it should show the profile it encountered an error with but it really doesn't show it, only which profiles it could read. The standard profile works fine btw so maybe this has something to do with the relative directory to the files named for inclusion?
gitea-mirror commented 2026-05-05 08:50:03 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 22, 2020):

wfm:

$ echo "include /etc/firejail/rtorrent.profile" > .config/firejail/rtorrent.profile
$ firejail --profile=rtorrent true
<!-- gh-comment-id:632909064 --> @rusty-snake commented on GitHub (May 22, 2020): wfm: ``` $ echo "include /etc/firejail/rtorrent.profile" > .config/firejail/rtorrent.profile $ firejail --profile=rtorrent true ```
gitea-mirror commented 2026-05-05 08:50:04 -06:00
Author
Owner
Copy link

@zupatisc commented on GitHub (May 23, 2020):

No dice for me, I'll try firejail on a second install then, maybe it's just something sideways with this current one. Thanks for the quick responses anyway.

<!-- gh-comment-id:633040156 --> @zupatisc commented on GitHub (May 23, 2020): No dice for me, I'll try firejail on a second install then, maybe it's just something sideways with this current one. Thanks for the quick responses anyway.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2156
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?