[GH-ISSUE #3456] jitsi-meet-electron AppImage not launched if run with Firejail !

gitea-mirror commented

2026-05-05 08:51:01 -06:00

Owner

Originally created by @Nokia808 on GitHub (Jun 6, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3456

Write clear, concise and in textual form.

Bug and expected behavior

Describe the bug.
I have jitsi-meet-electron AppImage located in:
/home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage
I edit entry of this package in my applications menu as following:
firejail --profile=jitsi-meet-desktop --appimage /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage
then tried to launch if from edited entry, but it did not run at all !
I tried again after delete "--profile=jitsi-meet-desktop" but same thing occured !
I did not received error message in both cases.
Then I remove all firejail related text & tried again & it launched normally !
What did you expect to happen?
It should be launched

Environment

Linux distribution and version: Fedora Linux 32 X64 bit Cinnamon edition
Firejail version: 0.9.62

Additional context
jitsi-meet-electron can be downloaded from:
https://github.com/jitsi/jitsi-meet-electron/releases

Originally created by @Nokia808 on GitHub (Jun 6, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3456 Write clear, concise and in textual form. **Bug and expected behavior** - Describe the bug. I have jitsi-meet-electron AppImage located in: /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage I edit entry of this package in my applications menu as following: firejail --profile=jitsi-meet-desktop --appimage /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage then tried to launch if from edited entry, but it did not run at all ! I tried again after delete "--profile=jitsi-meet-desktop" but same thing occured ! I did not received error message in both cases. Then I remove all firejail related text & tried again & it launched normally ! - What did you expect to happen? It should be launched **Environment** - Linux distribution and version: Fedora Linux 32 X64 bit Cinnamon edition - Firejail version: 0.9.62 **Additional context** jitsi-meet-electron can be downloaded from: https://github.com/jitsi/jitsi-meet-electron/releases

gitea-mirror closed this issue

2026-05-05 08:51:02 -06:00

gitea-mirror commented

2026-05-05 08:51:03 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 6, 2020):

Add whitelist ${HOME}/.local/share/myportables to ~/.config/firejail/jitsi-meet-desktop.local and try again. If it is still broken, try with --noprofile.

@rusty-snake commented on GitHub (Jun 6, 2020): Add `whitelist ${HOME}/.local/share/myportables` to `~/.config/firejail/jitsi-meet-desktop.local` and try again. If it is still broken, try with `--noprofile`.

gitea-mirror commented

2026-05-05 08:51:04 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
Hi. There is no such file ! I navigate to ~/.config folder & enter to it & search inside it for "firejail" but there is no "firejail" inside ! Please notice that I do not use "sudo fcg" command.

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake Hi. There is no such file ! I navigate to ~/.config folder & enter to it & search inside it for "firejail" but there is no "firejail" inside ! Please notice that I do not use "sudo fcg" command.

gitea-mirror commented

2026-05-05 08:51:04 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

There is no such file ! I navigate to ~/.config folder & enter to it & search inside it for "firejail" but there is no "firejail" inside !

~/.config/firejail is for customizations from the user, if you never did this before you must create it.

Please notice that I do not use "sudo fcg" command.

There is no such command.

@rusty-snake commented on GitHub (Jun 9, 2020): > There is no such file ! I navigate to ~/.config folder & enter to it & search inside it for "firejail" but there is no "firejail" inside ! `~/.config/firejail` is for customizations from the user, if you never did this before you must create it. >Please notice that I do not use "sudo fcg" command. There is no such command.

gitea-mirror commented

2026-05-05 08:51:05 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
This is complicated ! Do you recommend to change location of AppImage package ? I understood from all that that the problem caused location blacklisted by default ..... If this, then what location you recommend ?

Regarding "sudo fcg", I meant "sudo cfg". Sorry, I will correct it.

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake This is complicated ! Do you recommend to change location of AppImage package ? I understood from all that that the problem caused location blacklisted by default ..... If this, then what location you recommend ? Regarding "sudo fcg", I meant "sudo cfg". Sorry, I will correct it.

gitea-mirror commented

2026-05-05 08:51:06 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

whitelist-common.inc has ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit. IDK for what it is.

You can use this to setup ~/.local/share/myportables as place for all you appimage:

mkdir -p $HOME/.config/firejail
# allow ${HOME}/.local/share/myportables in whitelisting profiles if started with --appimage
echo "?HAS_APPIMAGE: whitelist \${HOME}/.local/share/myportables" >> $HOME/.config/firejail/whitelist-common.local
# Prevent other sandboxes from accessing ${HOME}/.local/share/myportables
echo "?HAS_APPIMAGE: noblacklist \${HOME}/.local/share/myportables" >> $HOME/.config/firejail/disable-common.inc
echo "blacklist \${HOME}/.local/share/myportables" >> $HOME/.config/firejail/disable-common.inc

@rusty-snake commented on GitHub (Jun 9, 2020): `whitelist-common.inc` has `?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit`. IDK for what it is. --- You can use this to setup `~/.local/share/myportables` as place for all you appimage: ```bash mkdir -p $HOME/.config/firejail # allow ${HOME}/.local/share/myportables in whitelisting profiles if started with --appimage echo "?HAS_APPIMAGE: whitelist \${HOME}/.local/share/myportables" >> $HOME/.config/firejail/whitelist-common.local # Prevent other sandboxes from accessing ${HOME}/.local/share/myportables echo "?HAS_APPIMAGE: noblacklist \${HOME}/.local/share/myportables" >> $HOME/.config/firejail/disable-common.inc echo "blacklist \${HOME}/.local/share/myportables" >> $HOME/.config/firejail/disable-common.inc ```

gitea-mirror commented

2026-05-05 08:51:06 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
Many thanks for this support !
I will do it, but I like to know the following:

does these commands to be run as non-root ? From your typing they should be run as non-root, arn't they?
does changing location where AppImage stored have no relation to this issue ?
if answer to point (2) above is "yes", then does what you instruct me should always done if user need to sandbox local external package (with select the target path in each case off-course) ?
regarding "prevent other sandboxes", please this should not includes Flatpak, isn't it ?

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake Many thanks for this support ! I will do it, but I like to know the following: 1) does these commands to be run as non-root ? From your typing they should be run as non-root, arn't they? 2) does changing location where AppImage stored have no relation to this issue ? 3) if answer to point (2) above is "yes", then does what you instruct me should always done if user need to sandbox local external package (with select the target path in each case off-course) ? 4) regarding "prevent other sandboxes", please this should not includes Flatpak, isn't it ?

gitea-mirror commented

2026-05-05 08:51:07 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

Everything runs as user, if you want these changes system-wide replace $HOME/.config/firejail with /etc/firejail. For the better you should read the DESCRIPTION section in man firejail-profile.
sorry I don't get you

@rusty-snake commented on GitHub (Jun 9, 2020): 1. Everything runs as user, if you want these changes system-wide replace `$HOME/.config/firejail` with `/etc/firejail`. For the better you should read the DESCRIPTION section in `man firejail-profile`. 2. sorry I don't get you

gitea-mirror commented

2026-05-05 08:51:08 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
sorry I don't get you
I meant: if I change location of AppImage from /home.muusername/.local/share/myportables to be located, instead, within /home/myusername/Downloads or /home/myusername/external-packages , then does this by itself solve this issue & avoiding need to perform the commands that you instruct me to do ?

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake sorry I don't get you I meant: if I change location of AppImage from /home.muusername/.local/share/myportables to be located, instead, within /home/myusername/Downloads or /home/myusername/external-packages , then does this by itself solve this issue & avoiding need to perform the commands that you instruct me to do ?

gitea-mirror commented

2026-05-05 08:51:09 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

The issue with jitsi-meet-desktop is that it is a whitelisting profile and has now whitelist command for /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage. If you then execute firejail --profile=jitsi-meet-desktop --appimage /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage it fails.

You can solve this either by adding this whitelist to jitsi-meet-desktop.local (https://github.com/netblue30/firejail/issues/3456#issuecomment-640083440) or in general for all you appimages with whitelisting profiles (https://github.com/netblue30/firejail/issues/3456#issuecomment-641225397). The second solutions also blocks access from other sandboxes to these appimages.

@rusty-snake commented on GitHub (Jun 9, 2020): The issue with jitsi-meet-desktop is that it is a whitelisting profile and has now whitelist command for `/home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage`. If you then execute `firejail --profile=jitsi-meet-desktop --appimage /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage` it fails. You can solve this either by adding this whitelist to jitsi-meet-desktop.local (https://github.com/netblue30/firejail/issues/3456#issuecomment-640083440) or in general for all you appimages with whitelisting profiles (https://github.com/netblue30/firejail/issues/3456#issuecomment-641225397). The second solutions also blocks access from other sandboxes to these appimages.

gitea-mirror commented

2026-05-05 08:51:10 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

The issue with jitsi-meet-desktop is that it is a whitelisting profile

If firejail --noprofile --appimage /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage fails too, jitsi-meet-desktop.AppImage has a general issues with firejail.

@rusty-snake commented on GitHub (Jun 9, 2020): > The issue with jitsi-meet-desktop is that it is a whitelisting profile If `firejail --noprofile --appimage /home/myusername/.local/share/myportables/jitsi-meet-x86_64.AppImage` fails too, jitsi-meet-desktop.AppImage has a general issues with firejail.

gitea-mirror commented

2026-05-05 08:51:10 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

Only 2 thing remain, you said:

The second solutions also blocks access from other sandboxes to these appimages.
Does this related by any way for Flatpak sandbox ? I'm using flatpak heavily & afraid from any confliction with flatpak ... What you mean by "other sandboxes" ? Do you mean SELinux or other Firejail sandboxes ?
I'm using /home/myusername/.local/share/myportables to store other non-AppImage portable programs. So, does the approach you gave me (second solution) affect non-AppImage portable packages by any way ?

I have no other questions. Just above before closing this issue.

@Nokia808 commented on GitHub (Jun 9, 2020): Only 2 thing remain, you said: 1) The second solutions also blocks access from other sandboxes to these appimages. Does this related by any way for Flatpak sandbox ? I'm using flatpak heavily & afraid from any confliction with flatpak ... What you mean by "other sandboxes" ? Do you mean SELinux or other Firejail sandboxes ? 2) I'm using /home/myusername/.local/share/myportables to store other non-AppImage portable programs. So, does the approach you gave me (second solution) affect non-AppImage portable packages by any way ? I have no other questions. Just above before closing this issue.

gitea-mirror commented

2026-05-05 08:51:11 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

What you mean by "other sandboxes" ?

Other firejail sandboxes (started w/o --appimage). (flatpak sandboxes have never access to this location; under the condition that you don't call flatpaks with --filesystem=home permission "sandboxed").

So, does the approach you gave me (second solution) affect non-AppImage portable packages by any way ?

If you firejail them, you need to add noblacklist/whitelist this in there profiles. Then I would suggest you to use ~/.local/share/myappimages.

@rusty-snake commented on GitHub (Jun 9, 2020): > What you mean by "other sandboxes" ? Other firejail sandboxes (started w/o --appimage). (flatpak sandboxes have never access to this location; under the condition that you don't call flatpaks with `--filesystem=home` permission "sandboxed"). > So, does the approach you gave me (second solution) affect non-AppImage portable packages by any way ? If you firejail them, you need to add `noblacklist`/`whitelist` this in there profiles. Then I would suggest you to use `~/.local/share/myappimages`.

gitea-mirror commented

2026-05-05 08:51:11 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
But I have many flatpaks with --filesystem=home permission & without it they are loss many of their functionalities ... What in this case ?

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake But I have many flatpaks with --filesystem=home permission & without it they are loss many of their functionalities ... What in this case ?

gitea-mirror commented

2026-05-05 08:51:11 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

What in this case ?

They can write to your .bashrc, access .mozilla/firefox and do what every they want with your sensitive files. I would can them "sandboxed".

without it they are loss many of their functionalities

Some flatpaks really need host/home permission, other just have it even if they don't need it, then you need to manualy change this.

@rusty-snake commented on GitHub (Jun 9, 2020): > What in this case ? They can write to your `.bashrc`, access `.mozilla/firefox` and do what every they want with your sensitive files. I would can them "sandboxed". > without it they are loss many of their functionalities Some flatpaks really need host/home permission, other just have it even if they don't need it, then you need to manualy change this.

gitea-mirror commented

2026-05-05 08:51:12 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
So, if flatpak has --filesystem=home there will be no confliction with firjail sandbox ... This good. I was though that you mean by "other sandbox" any sandbox, but it is only limited to Firejail sandboxes ...

I will use second solution, but instead of using /home/myusername/.local/share/myappimages I will use /home/myusername/.local/share/myportables/myappimages I will make subfolders for portable packages: "myappimages" , "mytars" , .... & so on. This is better.

Just for learning: how to create jitsi-meet-desktop.local in 2nd solution ? To make /home/myusername/.config/firejail we should run:
mkdir -p $HOME/.config/firejail
What about creation of jitsi-meet-desktop.local inside thus created directory ?

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake So, if flatpak has --filesystem=home there will be no confliction with firjail sandbox ... This good. I was though that you mean by "other sandbox" any sandbox, but it is only limited to Firejail sandboxes ... I will use second solution, but instead of using /home/myusername/.local/share/myappimages I will use /home/myusername/.local/share/myportables/myappimages I will make subfolders for portable packages: "myappimages" , "mytars" , .... & so on. This is better. Just for learning: how to create jitsi-meet-desktop.local in 2nd solution ? To make /home/myusername/.config/firejail we should run: mkdir -p $HOME/.config/firejail What about creation of jitsi-meet-desktop.local inside thus created directory ?

gitea-mirror commented

2026-05-05 08:51:12 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 9, 2020):

jitsi-meet-desktop .profile includes whitelist-common .inc, which includes whitelist-common .local, this file will be created by:

echo "?HAS_APPIMAGE: whitelist \${HOME}/.local/share/myportables/myappimages" >> $HOME/.config/firejail/whitelist-common.local

@rusty-snake commented on GitHub (Jun 9, 2020): jitsi-meet-desktop **.profile** `include`s whitelist-common **.inc**, which `include`s whitelist-common **.local**, this file will be created by: ```bash echo "?HAS_APPIMAGE: whitelist \${HOME}/.local/share/myportables/myappimages" >> $HOME/.config/firejail/whitelist-common.local ```

gitea-mirror commented

2026-05-05 08:51:13 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

I perform 2nd solution but it failed ! What I have to do now ! Re-open this issue or file issue for jitsi-meet-electron repository on GitHub ?

Note: I did not use "myappimages" but I used "appimages", so that the path is:
home/myusername/.local/share/myportables/appimages
this should not have any adverse impact as long as "s" at end of word so it "appimages" not "appimage" isn't it ? I found "myappimages" too long ...

The command became:
firejail --profile=jitsi-meet-desktop --appimage /home/myusername/.local/share/myportables/appimages/jitsi-meet-x86_64.AppImage

@Nokia808 commented on GitHub (Jun 9, 2020): I perform 2nd solution but it failed ! What I have to do now ! Re-open this issue or file issue for jitsi-meet-electron repository on GitHub ? Note: I did not use "myappimages" but I used "appimages", so that the path is: home/myusername/.local/share/myportables/appimages this should not have any adverse impact as long as "s" at end of word so it "appimages" not "appimage" isn't it ? I found "myappimages" too long ... The command became: firejail --profile=jitsi-meet-desktop --appimage /home/myusername/.local/share/myportables/appimages/jitsi-meet-x86_64.AppImage

gitea-mirror commented

2026-05-05 08:51:13 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
I tried command from terminal & the output was:

Error: no profile with name "jitsi-meet-desktop" found.

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake I tried command from terminal & the output was: `Error: no profile with name "jitsi-meet-desktop" found.`

gitea-mirror commented

2026-05-05 08:51:13 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
I tried again, but this time with --noprofile & it succeeded ! Jitsi meet launched ! To be sure I run "firejail --list" & output was:

$ firejail --list
45842:myusername::firejail --noprofile --appimage /home/myusername/.local/share/myportables/appimages/jitsi-meet-x86_64.AppImage

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake I tried again, but this time with --noprofile & it succeeded ! Jitsi meet launched ! To be sure I run "firejail --list" & output was: ``` $ firejail --list 45842:myusername::firejail --noprofile --appimage /home/myusername/.local/share/myportables/appimages/jitsi-meet-x86_64.AppImage ```

gitea-mirror commented

2026-05-05 08:51:14 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@rusty-snake
It seem that my firejail package from official Fedora repositories does not include jitsi-meet-desktop profile ... Do I have to file a bug on RedHat BugZilla ?

@Nokia808 commented on GitHub (Jun 9, 2020): @rusty-snake It seem that my firejail package from official Fedora repositories does not include jitsi-meet-desktop profile ... Do I have to file a bug on RedHat BugZilla ?

gitea-mirror commented

2026-05-05 08:51:14 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

I edit my previous comment because you already answered my on the 2nd part of my previous comment in your kind comment https://github.com/netblue30/firejail/issues/3456#issuecomment-641259674
So, I removed that part.

I re-opened this issue waiting your replay about absence of "jitsi-meet-desktop" profile from version 0.9.62, is it from Fedora package or from your side ...

@Nokia808 commented on GitHub (Jun 9, 2020): I edit my previous comment because you already answered my on the 2nd part of my previous comment in your kind comment https://github.com/netblue30/firejail/issues/3456#issuecomment-641259674 So, I removed that part. I re-opened this issue waiting your replay about absence of "jitsi-meet-desktop" profile from version 0.9.62, is it from Fedora package or from your side ...

gitea-mirror commented

2026-05-05 08:51:15 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jun 9, 2020):

@Nokia808 jitsi-meet-desktop.profile was added after we released version 0.9.62 (see https://github.com/netblue30/firejail/blob/master/RELNOTES#L35). It should be included after we cut the 0.9.64 version. So it's not a Fedora/Red Hat issue, only that we haven't made a new release yet after adding this profile.

Cheers!
Fred

@Fred-Barclay commented on GitHub (Jun 9, 2020): @Nokia808 jitsi-meet-desktop.profile was added after we released version 0.9.62 (see https://github.com/netblue30/firejail/blob/master/RELNOTES#L35). It should be included after we cut the 0.9.64 version. So it's not a Fedora/Red Hat issue, only that we haven't made a new release yet after adding this profile. Cheers! Fred

gitea-mirror commented

2026-05-05 08:51:15 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 9, 2020):

@Fred-Barclay
Now every thing clear. We was rotated about some thing still in master branch but not included in a released version !
However, I learn too much from your support, most importantly "jitsi-meet-desktop" profile will never work unless perform solution 1 https://github.com/netblue30/firejail/issues/3456#issuecomment-640083440 or solution 2 https://github.com/netblue30/firejail/issues/3456#issuecomment-641225397 otherwise it will fail ...

No further need to open this issue.

@Nokia808 commented on GitHub (Jun 9, 2020): @Fred-Barclay Now every thing clear. We was rotated about some thing still in master branch but not included in a released version ! However, I learn too much from your support, most importantly "jitsi-meet-desktop" profile will never work unless perform solution 1 https://github.com/netblue30/firejail/issues/3456#issuecomment-640083440 or solution 2 https://github.com/netblue30/firejail/issues/3456#issuecomment-641225397 otherwise it will fail ... No further need to open this issue.

gitea-mirror referenced this issue

2026-05-05 10:15:36 -06:00

[PR #2171] [MERGED] New profile desktop (a.k.a. github-desktop) #4200

Rows
Columns

[GH-ISSUE #3456] jitsi-meet-electron AppImage not launched if run with Firejail ! #2171