github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3446] wine registry does not save changes #2166

New issue

Closed

opened 2026-05-05 08:50:33 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented

2026-05-05 08:50:33 -06:00

Owner

Originally created by @antsn on GitHub (Jun 2, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3446

firejail version 0.9.62

I have no problems with modifying wine registry without firejail. But with firejail all the changes are revert to default.
Here is my wine.profile:

# Firejail profile for wine
# Description: A compatibility layer for running Windows programs
# This file is overwritten after every install/update
# Persistent local customizations
include wine.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.Steam
noblacklist ${HOME}/.local/share/Steam
noblacklist ${HOME}/.local/share/steam
noblacklist ${HOME}/.steam

noblacklist ${HOME}/.wine
whitelist ${HOME}/.wine
noblacklist /tmp/.wine-*
whitelist /tmp/.wine-*

include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc

# some applications don't need allow-debuggers, comment the next line
# if it is not necessary (or put 'ignore allow-debuggers' in your wine.local)
allow-debuggers
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
seccomp

private-dev

#############
blacklist /media
blacklist /mnt

Originally created by @antsn on GitHub (Jun 2, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3446 firejail version 0.9.62 I have no problems with modifying ``wine`` registry without ``firejail``. But with ``firejail`` all the changes are revert to default. Here is my ``wine.profile``: ``` # Firejail profile for wine # Description: A compatibility layer for running Windows programs # This file is overwritten after every install/update # Persistent local customizations include wine.local # Persistent global definitions include globals.local noblacklist ${HOME}/.Steam noblacklist ${HOME}/.local/share/Steam noblacklist ${HOME}/.local/share/steam noblacklist ${HOME}/.steam noblacklist ${HOME}/.wine whitelist ${HOME}/.wine noblacklist /tmp/.wine-* whitelist /tmp/.wine-* include disable-common.inc include disable-devel.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc # some applications don't need allow-debuggers, comment the next line # if it is not necessary (or put 'ignore allow-debuggers' in your wine.local) allow-debuggers caps.drop all netfilter nodvd nogroups nonewprivs noroot notv seccomp private-dev ############# blacklist /media blacklist /mnt ```

gitea-mirror closed this issue

2026-05-05 08:50:34 -06:00

gitea-mirror commented

2026-05-05 08:50:35 -06:00

Author

Owner

@antsn commented on GitHub (Jun 3, 2020):

It seems that changes actually wrote to disk, while modifying registry with regedit (with filejail), I open another regedit, and saw that data was modified.
But, after close regedit, the registry is reset.

@antsn commented on GitHub (Jun 3, 2020): It seems that changes actually wrote to disk, while modifying registry with ``regedit`` (with ``filejail``), I open another ``regedit``, and saw that data was modified. But, after close ``regedit``, the registry is reset.

gitea-mirror commented

2026-05-05 08:50:36 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 3, 2020):

Works it with --noprofile?

@rusty-snake commented on GitHub (Jun 3, 2020): Works it with `--noprofile`?

gitea-mirror commented

2026-05-05 08:50:37 -06:00

Author

Owner

@antsn commented on GitHub (Jun 3, 2020):

No, I've tested.
I've read somewhere that (for the case of running wine normally, without firejail) problem with wineserver can cause registry modification can't be save. But, I don't know how it relate with this case.
I checked, and /tmp/.wine-5555 is accessible, my UID = 5555.

@antsn commented on GitHub (Jun 3, 2020): No, I've tested. I've read somewhere that (for the case of running ``wine`` normally, without ``firejail``) problem with ``wineserver`` can cause registry modification can't be save. But, I don't know how it relate with this case. I checked, and ``/tmp/.wine-5555`` is accessible, my UID = 5555.

gitea-mirror commented

2026-05-05 08:50:38 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 3, 2020):

I checked, and /tmp/.wine-5555 is accessible

Where do you check this? Inside the sandbox?

No, I've tested.

bad

Are there any lines uncommented in /etc/firejail/firejail.config?

What distro? Which wine version?

@rusty-snake commented on GitHub (Jun 3, 2020): > I checked, and /tmp/.wine-5555 is accessible Where do you check this? Inside the sandbox? > No, I've tested. bad Are there any lines uncommented in /etc/firejail/firejail.config? What distro? Which wine version?

gitea-mirror commented

2026-05-05 08:50:39 -06:00

Author

Owner

@antsn commented on GitHub (Jun 3, 2020):

Yes, I checked inside the sandbox:
firejail --profile=wine.profile ls -1na /tmp/.wine-5555

I use Mageia 7.1, wine-5.7, and everything is untouched.

@antsn commented on GitHub (Jun 3, 2020): Yes, I checked inside the sandbox: ```firejail --profile=wine.profile ls -1na /tmp/.wine-5555``` I use Mageia 7.1, wine-5.7, and everything is untouched.

gitea-mirror commented

2026-05-05 08:50:41 -06:00

Author

Owner

@antsn commented on GitHub (Jun 3, 2020):

Update2:
Registry's changes actually saved. But for entries that will not be permanently stored (that be reset if, for example run wineboot), after regedit (with firejail) is closed, those entries are reset to default.

Example:
If I add a new String value entry called test. The change is saved.
If I modify HKEY_LOCAL_MACHINE>Hardware>Description>System>CentralProcessor>0>VendorIdentifier from AuthenticAMD to None, it does not works with firejail.

Without firejail, the change is saved, but if I run wineboot, it reset to default.

I block wineboot but it still doesn't work.

@antsn commented on GitHub (Jun 3, 2020): Update2: Registry's changes **actually** saved. But for entries that will not be permanently stored (that be reset if, for example run ``wineboot``), after ``regedit`` (with ``firejail``) is closed, those entries are reset to default. Example: If I add a new ``String value`` entry called ``test``. The change is saved. If I modify ```HKEY_LOCAL_MACHINE>Hardware>Description>System>CentralProcessor>0>VendorIdentifier``` from ``AuthenticAMD`` to ``None``, it does not works with ``firejail``. Without ``firejail``, the change is saved, but if I run ``wineboot``, it reset to default. I block ``wineboot`` but it still doesn't work.

gitea-mirror commented

2026-05-05 08:50:42 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 1, 2020):

Any progress here?

@rusty-snake commented on GitHub (Sep 1, 2020): Any progress here?

gitea-mirror referenced this issue

2026-05-05 10:15:30 -06:00

[PR #2166] [MERGED] Create checkbashisms.profile #4195

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2166

No description provided.

Rows
Columns