github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3494] firefox: no internet with whitelist-var-common.inc (resolv.conf) #2198

New issue
Closed
opened 2026-05-05 08:52:46 -06:00 by gitea-mirror · 16 comments
gitea-mirror commented 2026-05-05 08:52:46 -06:00
Owner
Copy link

Originally created by @Evernow on GitHub (Jul 5, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3494

Bug and expected behavior

For some reason when using the Firefox firejail profile, Firefox cannot connect to the internet.

Using firejail --noprofile firefox allows Firefox to connect.

Reproduce
Steps to reproduce the behavior:

  1. Run firejail firefox (sudo firecfg when launching has the same effect)
  2. No internet

Environment
LSB Version: n/a
Distributor ID: ManjaroLinux
Description: Manjaro Linux
Release: 20.0.3
Codename: Lysia
KDE

firejail version 0.9.62

Compile time support:
- AppArmor support is enabled
- AppImage support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- firetunnel support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled

Additional context
Other context about the problem like related errors to understand the problem.

Checklist

  • The upstream profile (and redirect profile if exists) have no changes fixing it.
  • The upstream profile exists (find / -name 'firejail' 2>/dev/null/fd firejail to locate profiles ie in /usr/local/etc/firejail/PROGRAM.profile)
  • Programs needed for interaction are listed.
  • Error was checked in search engine and on issue list without success.

OUTPUT OF firejail --debug firefox

https://gist.github.com/Evernow/8f6c1b14681fa4dcd9cc82fea7989ae2

/etc/firejail/firefox.profile

https://gist.github.com/Evernow/2af871afb0554f2697857a76c773e6ef

/etc/firejail/firefox-common.profile

https://gist.github.com/Evernow/2bf72d0d41d8d66abccccf6141fb3b1b

Observations:

Other applications such as Discord and Chrome do not suffer from this, however VLC won't launch videos with firejail and qbittorrent works but I cannot launch videos from it (this seems to be #2369).

Originally created by @Evernow on GitHub (Jul 5, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3494 **Bug and expected behavior** For some reason when using the Firefox firejail profile, Firefox cannot connect to the internet. Using `firejail --noprofile firefox` allows Firefox to connect. **Reproduce** Steps to reproduce the behavior: 1. Run `firejail firefox` (sudo firecfg when launching has the same effect) 2. No internet **Environment** LSB Version: n/a Distributor ID: ManjaroLinux Description: Manjaro Linux Release: 20.0.3 Codename: Lysia KDE firejail version 0.9.62 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled **Additional context** Other context about the problem like related errors to understand the problem. **Checklist** - [X] The upstream profile (and redirect profile if exists) have no changes fixing it. - [X] The upstream profile exists (`find / -name 'firejail' 2>/dev/null`/`fd firejail` to locate profiles ie in `/usr/local/etc/firejail/PROGRAM.profile`) - [X] Programs needed for interaction are listed. - [X] Error was checked in search engine and on issue list without success. OUTPUT OF `firejail --debug firefox` https://gist.github.com/Evernow/8f6c1b14681fa4dcd9cc82fea7989ae2 /etc/firejail/firefox.profile https://gist.github.com/Evernow/2af871afb0554f2697857a76c773e6ef /etc/firejail/firefox-common.profile https://gist.github.com/Evernow/2bf72d0d41d8d66abccccf6141fb3b1b Observations: Other applications such as Discord and Chrome do not suffer from this, however VLC won't launch videos with firejail and qbittorrent works but I cannot launch videos from it (this seems to be #2369).
gitea-mirror 2026-05-05 08:52:46 -06:00
gitea-mirror commented 2026-05-05 08:52:49 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 5, 2020):

[daniel@daniel-pc ~]$ firejail --debug firefox > firejailfirefox2.log
[...]
Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features
https://gist.github.com/Evernow/8f6c1b14681fa4dcd9cc82fea7989ae2#file-firejail-debug-program-L222

That warning suggests that firefox got started from within another sandboxed application. This is not normal behavior and it might explain why firefox can't connect to the network (e.g. if the sandbox profile in question does not allow network access). I suspect you used firecfg at one time to generate symlinks in /usr/local/bin and XDG desktop files in {HOME}/.local/share/applications for firejail's desktop integration feature. Can you confirm this? If that is the case (/usr/local/bin/firefox is a symlink to /usr/bin/firejail), you can start a sandboxed firefox simply by running ` firefoxor (using the full path to the executable)$ firejail /usr/bin/firefox`.

Can you post output from $ which -a firefox please, so we can untangle the situation more precisely?

<!-- gh-comment-id:653869472 --> @ghost commented on GitHub (Jul 5, 2020): [daniel@daniel-pc ~]$ firejail --debug firefox > firejailfirefox2.log [...] Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features https://gist.github.com/Evernow/8f6c1b14681fa4dcd9cc82fea7989ae2#file-firejail-debug-program-L222 That warning suggests that firefox got started from _within_ another sandboxed application. This is not normal behavior and it might explain why firefox can't connect to the network (e.g. if the sandbox profile in question does not allow network access). I suspect you used _firecfg_ at one time to generate symlinks in /usr/local/bin and XDG desktop files in ${HOME}/.local/share/applications for firejail's desktop integration feature. Can you confirm this? If that is the case (/usr/local/bin/firefox is a symlink to /usr/bin/firejail), you can start a sandboxed firefox simply by running `$ firefox` or (using the full path to the executable) `$ firejail /usr/bin/firefox`. Can you post output from `$ which -a firefox` please, so we can untangle the situation more precisely?
gitea-mirror commented 2026-05-05 08:52:50 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

Can you confirm this? If that is the case (/usr/local/bin/firefox is a symlink to /usr/bin/firejail), you can start a sandboxed firefox simply by running $ firefox or (using the full path to the executable) $ firejail /usr/bin/firefox.

Can you post output from $ which -a firefox please, so we can untangle the situation more precisely?

Indeed, I can start firefox using firefox and firejail /usr/bin/firefox

[daniel@daniel-pc ~]$ firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 40577, child pid 40580
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/appimagelauncherfs
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 572.12 ms

** (process:40578): WARNING **: 06:21:03.357: Error writing credentials to socket: Error sending message: Broken pipe

(/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(firefox:9): GLib-GIO-WARNING **: 10:21:04.286: /etc/xdg/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.

** (process:40578): WARNING **: 06:21:04.454: Error writing credentials to socket: Error sending message: Broken pipe

(/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.606: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.606: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.606: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.607: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.003: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.003: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.004: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.004: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version


[daniel@daniel-pc ~]$ firejail /usr/bin/firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 41039, child pid 41042
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/appimagelauncherfs
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 524.16 ms

(/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(firefox:9): GLib-GIO-WARNING **: 10:21:57.223: /etc/xdg/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.

(/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

Can you post output from $ which -a firefox please, so we can untangle the situation more precisely?

[daniel@daniel-pc ~]$ which -a firefox
/usr/local/bin/firefox
/usr/bin/firefox

<!-- gh-comment-id:653870099 --> @Evernow commented on GitHub (Jul 5, 2020): > Can you confirm this? If that is the case (/usr/local/bin/firefox is a symlink to /usr/bin/firejail), you can start a sandboxed firefox simply by running `$ firefox` or (using the full path to the executable) `$ firejail /usr/bin/firefox`. > > Can you post output from `$ which -a firefox` please, so we can untangle the situation more precisely? Indeed, I can start firefox using `firefox` and `firejail /usr/bin/firefox` ``` [daniel@daniel-pc ~]$ firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 40577, child pid 40580 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/appimagelauncherfs Warning: not remounting /run/user/1000/gvfs Warning: cleaning all supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 572.12 ms ** (process:40578): WARNING **: 06:21:03.357: Error writing credentials to socket: Error sending message: Broken pipe (/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:86): Gtk-WARNING **: 10:21:04.095: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version (firefox:9): GLib-GIO-WARNING **: 10:21:04.286: /etc/xdg/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations. ** (process:40578): WARNING **: 06:21:04.454: Error writing credentials to socket: Error sending message: Broken pipe (/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.606: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.606: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.606: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:179): Gtk-WARNING **: 10:21:04.607: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.003: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.003: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.004: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:238): Gtk-WARNING **: 10:21:05.004: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version ``` ``` [daniel@daniel-pc ~]$ firejail /usr/bin/firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 41039, child pid 41042 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/appimagelauncherfs Warning: not remounting /run/user/1000/gvfs Warning: cleaning all supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 524.16 ms (/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:88): Gtk-WARNING **: 10:21:57.090: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version (firefox:9): GLib-GIO-WARNING **: 10:21:57.223: /etc/xdg/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations. (/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:154): Gtk-WARNING **: 10:21:57.636: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:196): Gtk-WARNING **: 10:21:58.060: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version ``` > Can you post output from $ which -a firefox please, so we can untangle the situation more precisely? [daniel@daniel-pc ~]$ which -a firefox /usr/local/bin/firefox /usr/bin/firefox
gitea-mirror commented 2026-05-05 08:52:51 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 5, 2020):

That warning suggests that firefox got started from within another sandboxed application.

@glitsj16 as long it is the same sandbox (e.g. firejail firefox inside firejail firefox) it shouldn't be an issue.

@Evernow regarding vlc if it works from the commandline, it is likely #836.

<!-- gh-comment-id:653870785 --> @rusty-snake commented on GitHub (Jul 5, 2020): > That warning suggests that firefox got started from within another sandboxed application. @glitsj16 as long it is the same sandbox (e.g. `firejail firefox` inside `firejail firefox`) it shouldn't be an issue. @Evernow regarding vlc if it works from the commandline, it is likely #836.
gitea-mirror commented 2026-05-05 08:52:53 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

@Evernow regarding vlc if it works from the commandline, it is likely #836.

It does not work from commandline, upon further testing .wav and .mp3 files play with VLC, video files (mp4 and opening directories such as BDMVs tested) stay loading indefinitely.

firejail --no-profile vlc works fine.

<!-- gh-comment-id:653871460 --> @Evernow commented on GitHub (Jul 5, 2020): > @Evernow regarding vlc if it works from the commandline, it is likely #836. It does not work from commandline, upon further testing .wav and .mp3 files play with VLC, video files (mp4 and opening directories such as BDMVs tested) stay loading indefinitely. firejail --no-profile vlc works fine.
gitea-mirror commented 2026-05-05 08:52:53 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 5, 2020):

@Evernow Use whatever start command you prefer from now on for firefox, that part of your issue should be fixed. If you notice weird theming issues in the web browser, you can try another GTK theme by prepending GTK_THEME="foo".

<!-- gh-comment-id:653871711 --> @ghost commented on GitHub (Jul 5, 2020): @Evernow Use whatever start command you prefer from now on for firefox, that part of your issue should be fixed. If you notice weird theming issues in the web browser, you can try another GTK theme by prepending GTK_THEME="foo".
gitea-mirror commented 2026-05-05 08:52:54 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

Use whatever start command you prefer from now on for firefox, that part of your issue should be fixed.

Apologies if I misspoke, when I said "Indeed, I can start firefox using firefox and firejail /usr/bin/firefox" I meant that it was possible to start firefox using those two commands, but still no internet when I do so.

<!-- gh-comment-id:653871901 --> @Evernow commented on GitHub (Jul 5, 2020): > Use whatever start command you prefer from now on for firefox, that part of your issue should be fixed. Apologies if I misspoke, when I said "Indeed, I can start firefox using firefox and firejail /usr/bin/firefox" I meant that it was possible to start firefox using those two commands, but still no internet when I do so.
gitea-mirror commented 2026-05-05 08:52:54 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

I built firejail-git from the AUR ( https://aur.archlinux.org/packages/firejail-git/ ) and issues still persist sadly

<!-- gh-comment-id:653872163 --> @Evernow commented on GitHub (Jul 5, 2020): I built firejail-git from the AUR ( https://aur.archlinux.org/packages/firejail-git/ ) and issues still persist sadly
gitea-mirror commented 2026-05-05 08:52:54 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 5, 2020):

Looks like you need to comment all lines in firefox.profile and uncomment line for line to see which line make the problem.

<!-- gh-comment-id:653872695 --> @rusty-snake commented on GitHub (Jul 5, 2020): Looks like you need to comment all lines in firefox.profile and uncomment line for line to see which line make the problem.
gitea-mirror commented 2026-05-05 08:52:55 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

Looks like you need to comment all lines in firefox.profile and uncomment line for line to see which line make the problem.

include firefox-common.profile

That is the line causing the problem.

Going through firefox-common.profile, will go through it again but not having much luck.

<!-- gh-comment-id:653873050 --> @Evernow commented on GitHub (Jul 5, 2020): > Looks like you need to comment all lines in firefox.profile and uncomment line for line to see which line make the problem. include firefox-common.profile That is the line causing the problem. Going through firefox-common.profile, will go through it again but not having much luck.
gitea-mirror commented 2026-05-05 08:52:55 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 5, 2020):

I assume I should do the same for firefox-common now?

Correct. Also check firefox-common.local if you have made any overrides.

<!-- gh-comment-id:653874099 --> @ghost commented on GitHub (Jul 5, 2020): > I assume I should do the same for firefox-common now? Correct. Also check firefox-common.local if you have made any overrides.
gitea-mirror commented 2026-05-05 08:52:56 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

@glitsj16 @rusty-snake

include whitelist-var-common.inc

That's the line in firefox-common.profile causing the issue.

Having issues with whitelist-var-common.inc.

# whitelist /var/lib/dbus
# whitelist /var/lib/menu-xdg
# whitelist /var/cache/fontconfig
# whitelist /var/tmp
# whitelist /var/run
# whitelist /var/lock

All of these have to be commented out, if a single one isn't then internet does not work in firefox.

<!-- gh-comment-id:653876604 --> @Evernow commented on GitHub (Jul 5, 2020): @glitsj16 @rusty-snake `include whitelist-var-common.inc` That's the line in firefox-common.profile causing the issue. Having issues with whitelist-var-common.inc. ``` # whitelist /var/lib/dbus # whitelist /var/lib/menu-xdg # whitelist /var/cache/fontconfig # whitelist /var/tmp # whitelist /var/run # whitelist /var/lock ``` All of these have to be commented out, if a single one isn't then internet does not work in firefox.
gitea-mirror commented 2026-05-05 08:52:56 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 5, 2020):

@Evernow can you run firejail --build /usr/bin/firefox to see which files in /var are accessed.

What is the output of ls -l /etc/resolv.conf?

<!-- gh-comment-id:653876859 --> @rusty-snake commented on GitHub (Jul 5, 2020): @Evernow can you run `firejail --build /usr/bin/firefox` to see which files in /var are accessed. What is the output of `ls -l /etc/resolv.conf`?
gitea-mirror commented 2026-05-05 08:52:56 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

firejail --build /usr/bin/firefox

Note I uncommented it and internet does work when started with that command.


[daniel@daniel-pc ~]$ firejail --build /usr/bin/firefox

(/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(firefox:2): GLib-GIO-WARNING **: 11:33:18.258: /etc/xdg/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.

(/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version

(/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version
--- Built profile beings after this line ---
# Firejail profile for /usr/bin/firefox
# Persistent local customizations
#include /usr/bin/firefox.local
# Persistent global definitions
#include globals.local

### basic blacklisting
include disable-common.inc
# include disable-devel.inc
# include disable-exec.inc
# include disable-interpreters.inc
include disable-passwdmgr.inc
# include disable-programs.inc
# include disable-xdg.inc

### home directory whitelisting
whitelist ${HOME}/.mailcap
whitelist ${HOME}/.pulse-cookie
whitelist ${HOME}/.local/bin
whitelist ${HOME}/.config/composer/vendor/bin
whitelist ${HOME}/.local/share/glib-2.0/schemas
whitelist ${HOME}/.mozilla
whitelist ${HOME}/.cache/mozilla
whitelist ${HOME}/.mozilla/firefox
whitelist ${HOME}/.Xdefaults-daniel-pc
whitelist ${HOME}/.mozilla/firefox/Crash Reports
include whitelist-common.inc

### filesystem
# /usr/share:
whitelist /usr/share/mime
whitelist /usr/share/mozilla
whitelist /usr/share/applications
whitelist /usr/share/ca-certificates
whitelist /usr/share/dconf
whitelist /usr/share/glib-2.0
whitelist /usr/share//mime
whitelist /usr/share/pixmaps
whitelist /usr/share/icons
whitelist /usr/share/fonts
whitelist /usr/share/hunspell
whitelist /usr/share/terminfo
whitelist /usr/share/themes
whitelist /usr/share/locale
whitelist /usr/share/gtk-3.0
whitelist /usr/share/X11
include whitelist-usr-share-common.inc
# /var:
whitelist /var/lib/dbus/machine-id
include whitelist-var-common.inc

# $PATH:
private-bin tr,getopt,bash,
# private-lib
# /dev:

# private-dev
# This is the list of devices accessed (on top of regular private-dev devices:
# /dev/shm/org.mozilla.ipc.2.180,/dev/shm/org.mozilla.ipc.139.79,/dev/shm/org.mozilla.ipc.139.78,/dev/shm/org.mozilla.ipc.139.77,/dev/shm/org.mozilla.ipc.139.76,/dev/shm/org.mozilla.ipc.2.179,/dev/shm/org.mozilla.ipc.2.178,/dev/shm/org.mozilla.ipc.2.177,/dev/shm/org.mozilla.ipc.2.176,/dev/shm/org.mozilla.ipc.2.175,/dev/shm/org.mozilla.ipc.2.174,/dev/shm/org.mozilla.ipc.139.75,/dev/shm/org.mozilla.ipc.139.74,/dev/shm/org.mozilla.ipc.139.73,/dev/shm/org.mozilla.ipc.139.72,/dev/shm/org.mozilla.ipc.2.173,/dev/shm/org.mozilla.ipc.2.172,/dev/shm/org.mozilla.ipc.2.171,/dev/shm/org.mozilla.ipc.2.170,/dev/shm/org.mozilla.ipc.2.169,/dev/shm/org.mozilla.ipc.2.168,/dev/shm/org.mozilla.ipc.2.167,/dev/shm/org.mozilla.ipc.2.166,/dev/shm/org.mozilla.ipc.2.165,/dev/shm/org.mozilla.ipc.2.164,/dev/shm/org.mozilla.ipc.139.71,/dev/shm/org.mozilla.ipc.139.70,/dev/shm/org.mozilla.ipc.139.69,/dev/shm/org.mozilla.ipc.139.68,/dev/shm/org.mozilla.ipc.139.67,/dev/shm/org.mozilla.ipc.139.66,/dev/shm/org.mozilla.ipc.139.65,/dev/shm/org.mozilla.ipc.139.64,/dev/shm/org.mozilla.ipc.2.163,/dev/shm/org.mozilla.ipc.2.162,/dev/shm/org.mozilla.ipc.2.161,/dev/shm/org.mozilla.ipc.139.63,/dev/shm/org.mozilla.ipc.139.62,/dev/shm/org.mozilla.ipc.139.61,/dev/shm/org.mozilla.ipc.139.60,/dev/shm/org.mozilla.ipc.2.160,/dev/shm/org.mozilla.ipc.139.59,/dev/shm/org.mozilla.ipc.139.58,/dev/shm/org.mozilla.ipc.139.57,/dev/shm/org.mozilla.ipc.139.56,/dev/shm/org.mozilla.ipc.139.55,/dev/shm/org.mozilla.ipc.139.54,/dev/shm/org.mozilla.ipc.139.53,/dev/shm/org.mozilla.ipc.139.52,/dev/shm/org.mozilla.ipc.139.51,/dev/shm/org.mozilla.ipc.139.50,/dev/shm/org.mozilla.ipc.139.49,/dev/shm/org.mozilla.ipc.139.48,/dev/shm/org.mozilla.ipc.2.159,/dev/shm/org.mozilla.ipc.2.158,/dev/shm/org.mozilla.ipc.2.157,/dev/shm/org.mozilla.ipc.2.156,/dev/shm/org.mozilla.ipc.2.155,/dev/shm/org.mozilla.ipc.2.154,/dev/shm/org.mozilla.ipc.2.153,/dev/shm/org.mozilla.ipc.2.152,/dev/shm/org.mozilla.ipc.2.151,/dev/shm/org.mozilla.ipc.2.150,/dev/shm/org.mozilla.ipc.2.149,/dev/shm/org.mozilla.ipc.139.47,/dev/shm/org.mozilla.ipc.139.46,/dev/shm/org.mozilla.ipc.139.45,/dev/shm/org.mozilla.ipc.139.44,/dev/shm/org.mozilla.ipc.2.148,/dev/shm/org.mozilla.ipc.2.147,/dev/shm/org.mozilla.ipc.2.146,/dev/shm/org.mozilla.ipc.2.145,/dev/shm/org.mozilla.ipc.139.43,/dev/shm/org.mozilla.ipc.139.42,/dev/shm/org.mozilla.ipc.139.41,/dev/shm/org.mozilla.ipc.139.40,/dev/shm/org.mozilla.ipc.2.144,/dev/shm/org.mozilla.ipc.2.143,/dev/shm/org.mozilla.ipc.2.142,/dev/shm/org.mozilla.ipc.2.141,/dev/shm/org.mozilla.ipc.2.140,/dev/shm/org.mozilla.ipc.2.139,/dev/shm/org.mozilla.ipc.2.138,/dev/shm/org.mozilla.ipc.2.137,/dev/shm/org.mozilla.ipc.2.136,/dev/shm/org.mozilla.ipc.2.135,/dev/shm/org.mozilla.ipc.139.39,/dev/shm/org.mozilla.ipc.139.38,/dev/shm/org.mozilla.ipc.139.37,/dev/shm/org.mozilla.ipc.139.36,/dev/shm/org.mozilla.ipc.139.35,/dev/shm/org.mozilla.ipc.139.34,/dev/shm/org.mozilla.ipc.139.33,/dev/shm/org.mozilla.ipc.139.32,/dev/shm/org.mozilla.ipc.139.31,/dev/shm/org.mozilla.ipc.139.30,/dev/shm/org.mozilla.ipc.139.29,/dev/shm/org.mozilla.ipc.139.28,/dev/shm/org.mozilla.ipc.139.27,/dev/shm/org.mozilla.ipc.139.26,/dev/shm/org.mozilla.ipc.2.134,/dev/shm/org.mozilla.ipc.2.133,/dev/shm/org.mozilla.ipc.2.132,/dev/shm/org.mozilla.ipc.2.131,/dev/shm/org.mozilla.ipc.139.25,/dev/shm/org.mozilla.ipc.139.24,/dev/shm/org.mozilla.ipc.139.23,/dev/shm/org.mozilla.ipc.139.22,/dev/shm/org.mozilla.ipc.139.21,/dev/shm/org.mozilla.ipc.139.20,/dev/shm/org.mozilla.ipc.2.130,/dev/shm/org.mozilla.ipc.2.129,/dev/shm/org.mozilla.ipc.2.128,/dev/shm/org.mozilla.ipc.2.127,/dev/shm/org.mozilla.ipc.2.126,/dev/shm/org.mozilla.ipc.2.125,/dev/shm/org.mozilla.ipc.2.124,/dev/shm/org.mozilla.ipc.2.123,/dev/shm/org.mozilla.ipc.2.122,/dev/shm/org.mozilla.ipc.2.121,/dev/shm/org.mozilla.ipc.2.120,/dev/shm/org.mozilla.ipc.2.119,/dev/shm/org.mozilla.ipc.2.118,/dev/shm/org.mozilla.ipc.2.117,/dev/shm/org.mozilla.ipc.2.116,/dev/shm/org.mozilla.ipc.2.115,/dev/shm/org.mozilla.ipc.2.114,/dev/shm/org.mozilla.ipc.2.113,/dev/shm/org.mozilla.ipc.139.19,/dev/shm/org.mozilla.ipc.139.18,/dev/shm/org.mozilla.ipc.139.17,/dev/shm/org.mozilla.ipc.139.16,/dev/shm/org.mozilla.ipc.139.15,/dev/shm/org.mozilla.ipc.139.14,/dev/shm/org.mozilla.ipc.139.13,/dev/shm/org.mozilla.ipc.139.12,/dev/shm/org.mozilla.ipc.139.11,/dev/shm/org.mozilla.ipc.139.10,/dev/shm/org.mozilla.ipc.139.9,/dev/shm/org.mozilla.ipc.139.8,/dev/shm/org.mozilla.ipc.139.7,/dev/shm/org.mozilla.ipc.139.6,/dev/shm/org.mozilla.ipc.2.112,/dev/shm/org.mozilla.ipc.139.5,/dev/shm/org.mozilla.ipc.139.4,/dev/shm/org.mozilla.ipc.139.3,/dev/shm/org.mozilla.ipc.139.2,/dev/shm/org.mozilla.ipc.139.1,/dev/shm/org.mozilla.ipc.139.0,/dev/shm/org.mozilla.ipc.2.111,/dev/shm/org.mozilla.ipc.2.110,/dev/shm/org.mozilla.ipc.2.109,/dev/shm/org.mozilla.ipc.2.108,/dev/shm/org.mozilla.ipc.2.107,/dev/shm/org.mozilla.ipc.2.106,/dev/shm/org.mozilla.ipc.2.105,/dev/shm/org.mozilla.ipc.2.104,/dev/shm/org.mozilla.ipc.2.103,/dev/shm/org.mozilla.ipc.2.102,/dev/shm/org.mozilla.ipc.2.101,/dev/shm/org.mozilla.ipc.2.100,/dev/shm/org.mozilla.ipc.2.99,/dev/shm/org.mozilla.ipc.2.98,/dev/shm/org.mozilla.ipc.2.97,/dev/shm/org.mozilla.ipc.2.96,/dev/shm/org.mozilla.ipc.2.95,/dev/shm/org.mozilla.ipc.2.94,/dev/shm/org.mozilla.ipc.2.93,/dev/shm/org.mozilla.ipc.2.92,/dev/shm/org.mozilla.ipc.2.91,/dev/shm/org.mozilla.ipc.2.90,/dev/shm/org.mozilla.ipc.2.89,/dev/shm/org.mozilla.ipc.2.88,/dev/shm/org.mozilla.ipc.2.87,/dev/shm/org.mozilla.ipc.2.86,/dev/shm/org.mozilla.ipc.2.85,/dev/shm/org.mozilla.ipc.2.84,/dev/shm/org.mozilla.ipc.2.83,/dev/shm/org.mozilla.ipc.2.82,/dev/shm/org.mozilla.ipc.2.81,/dev/shm/org.mozilla.ipc.2.80,/dev/shm/org.mozilla.ipc.2.79,/dev/shm/org.mozilla.ipc.2.78,/dev/shm/org.mozilla.ipc.2.77,/dev/shm/org.mozilla.ipc.218.27,/dev/shm/org.mozilla.ipc.218.26,/dev/shm/org.mozilla.ipc.218.25,/dev/shm/org.mozilla.ipc.218.24,/dev/shm/org.mozilla.ipc.218.23,/dev/shm/org.mozilla.ipc.218.22,/dev/shm/org.mozilla.ipc.218.21,/dev/shm/org.mozilla.ipc.218.20,/dev/shm/org.mozilla.ipc.218.19,/dev/shm/org.mozilla.ipc.218.18,/dev/shm/org.mozilla.ipc.218.17,/dev/shm/org.mozilla.ipc.218.16,/dev/shm/org.mozilla.ipc.218.15,/dev/shm/org.mozilla.ipc.218.14,/dev/shm/org.mozilla.ipc.218.13,/dev/shm/org.mozilla.ipc.218.12,/dev/shm/org.mozilla.ipc.218.11,/dev/shm/org.mozilla.ipc.218.10,/dev/shm/org.mozilla.ipc.218.9,/dev/shm/org.mozilla.ipc.218.8,/dev/shm/org.mozilla.ipc.218.7,/dev/shm/org.mozilla.ipc.218.6,/dev/shm/org.mozilla.ipc.218.5,/dev/shm/org.mozilla.ipc.218.4,/dev/shm/org.mozilla.ipc.218.3,/dev/shm/org.mozilla.ipc.218.2,/dev/shm/org.mozilla.ipc.218.1,/dev/shm/org.mozilla.ipc.218.0,/dev/shm/org.mozilla.ipc.2.76,/dev/shm/org.mozilla.ipc.2.75,/dev/shm/org.mozilla.ipc.2.74,/dev/shm/org.mozilla.ipc.2.73,/dev/shm/org.mozilla.ipc.2.72,/dev/shm/org.mozilla.ipc.2.71,/dev/shm/org.mozilla.ipc.2.70,/dev/shm/org.mozilla.ipc.2.69,/dev/shm/org.mozilla.ipc.2.68,/dev/shm/org.mozilla.ipc.2.67,/dev/shm/org.mozilla.ipc.2.66,/dev/shm/org.mozilla.ipc.2.65,/dev/shm/org.mozilla.ipc.2.64,/dev/shm/org.mozilla.ipc.2.63,/dev/shm/org.mozilla.ipc.2.62,/dev/shm/org.mozilla.ipc.2.61,/dev/shm/org.mozilla.ipc.2.60,/dev/shm/org.mozilla.ipc.2.59,/dev/shm/org.mozilla.ipc.2.58,/dev/shm/org.mozilla.ipc.2.57,/dev/shm/org.mozilla.ipc.2.56,/dev/shm/org.mozilla.ipc.2.55,/dev/shm/org.mozilla.ipc.2.54,/dev/shm/org.mozilla.ipc.2.53,/dev/shm/org.mozilla.ipc.2.52,/dev/shm/org.mozilla.ipc.2.51,/dev/shm/org.mozilla.ipc.2.50,/dev/shm/org.mozilla.ipc.2.49,/dev/shm/org.mozilla.ipc.2.48,/dev/shm/org.mozilla.ipc.2.47,/dev/shm/org.mozilla.ipc.2.46,/dev/shm/org.mozilla.ipc.2.45,/dev/shm/org.mozilla.ipc.2.44,/dev/shm/org.mozilla.ipc.2.43,/dev/shm/org.mozilla.ipc.2.42,/dev/shm/org.mozilla.ipc.2.41,/dev/shm/org.mozilla.ipc.2.40,/dev/shm/org.mozilla.ipc.2.39,/dev/shm/org.mozilla.ipc.2.38,/dev/shm/org.mozilla.ipc.2.37,/dev/shm/org.mozilla.ipc.2.36,/dev/shm/org.mozilla.ipc.2.35,/dev/shm/org.mozilla.ipc.2.34,/dev/shm/org.mozilla.ipc.2.33,/dev/shm/org.mozilla.ipc.2.32,/dev/shm/org.mozilla.ipc.2.31,/dev/shm/org.mozilla.ipc.2.30,/dev/shm/org.mozilla.ipc.2.29,/dev/shm/org.mozilla.ipc.2.28,/dev/shm/org.mozilla.ipc.2.27,/dev/shm/org.mozilla.ipc.2.26,/dev/shm/org.mozilla.ipc.2.25,/dev/shm/org.mozilla.ipc.2.24,/dev/shm/org.mozilla.ipc.2.23,/dev/shm/org.mozilla.ipc.2.22,/dev/shm/org.mozilla.ipc.2.21,/dev/shm/org.mozilla.ipc.2.20,/dev/shm/org.mozilla.ipc.2.19,/dev/shm/dummy,/dev/shm/org.mozilla.ipc.2.18,/dev/shm/org.mozilla.ipc.2.17,/dev/shm/org.mozilla.ipc.2.16,/dev/shm/org.mozilla.ipc.2.15,/dev/shm/org.mozilla.ipc.2.14,/dev/shm/org.mozilla.ipc.2.13,/dev/shm/org.mozilla.ipc.2.12,/dev/shm/org.mozilla.ipc.2.11,/dev/shm/org.mozilla.ipc.2.10,/dev/shm/org.mozilla.ipc.2.9,/dev/shm/org.mozilla.ipc.2.8,/dev/shm/org.mozilla.ipc.2.7,/dev/shm/org.mozilla.ipc.2.6,/dev/shm/org.mozilla.ipc.2.5,/dev/shm/org.mozilla.ipc.2.4,/dev/shm/org.mozilla.ipc.2.3,/dev/shm/org.mozilla.ipc.2.2,/dev/shm/org.mozilla.ipc.2.1,/dev/shm/org.mozilla.ipc.2.0,
# /etc:
private-etc ssl,mime.types,machine-id,ca-certificates,dconf,os-release,fonts,firefox,lsb-release,ld.so.conf.d,ld.so.conf,passwd,hosts,xdg,gtk-3.0,
# /tmp:

# private-tmp
# File accessed in /tmp directory:
# /tmp/.X11-unix/X0,/tmp/firefox/.parentlock,

### security filters
caps.drop all
nonewprivs
seccomp
# If you install strace on your system, Firejail will also create a
# whitelisted seccomp filter.

### network
protocol unix,inet,inet6,netlink,
# net eth0
netfilter

### environment
shell none

What is the output of ls -l /etc/resolv.conf?

lrwxrwxrwx 1 root root 31 Jun 17 18:59 /etc/resolv.conf -> /var/lib/expressvpn/resolv.conf

<!-- gh-comment-id:653877425 --> @Evernow commented on GitHub (Jul 5, 2020): > firejail --build /usr/bin/firefox Note I uncommented it and internet does work when started with that command. ``` [daniel@daniel-pc ~]$ firejail --build /usr/bin/firefox (/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:139): Gtk-WARNING **: 11:33:17.762: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version (firefox:2): GLib-GIO-WARNING **: 11:33:18.258: /etc/xdg/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations. (/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:193): Gtk-WARNING **: 11:33:18.331: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:218): Gtk-WARNING **: 11:33:18.497: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:71:36: The style property GtkCheckMenuItem:indicator-size is deprecated and shouldn't be used anymore. It will be removed in a future version (/usr/lib/firefox/firefox:273): Gtk-WARNING **: 11:33:18.760: Theme parsing error: gtk.css:76:30: The style property GtkExpander:expander-size is deprecated and shouldn't be used anymore. It will be removed in a future version --- Built profile beings after this line --- # Firejail profile for /usr/bin/firefox # Persistent local customizations #include /usr/bin/firefox.local # Persistent global definitions #include globals.local ### basic blacklisting include disable-common.inc # include disable-devel.inc # include disable-exec.inc # include disable-interpreters.inc include disable-passwdmgr.inc # include disable-programs.inc # include disable-xdg.inc ### home directory whitelisting whitelist ${HOME}/.mailcap whitelist ${HOME}/.pulse-cookie whitelist ${HOME}/.local/bin whitelist ${HOME}/.config/composer/vendor/bin whitelist ${HOME}/.local/share/glib-2.0/schemas whitelist ${HOME}/.mozilla whitelist ${HOME}/.cache/mozilla whitelist ${HOME}/.mozilla/firefox whitelist ${HOME}/.Xdefaults-daniel-pc whitelist ${HOME}/.mozilla/firefox/Crash Reports include whitelist-common.inc ### filesystem # /usr/share: whitelist /usr/share/mime whitelist /usr/share/mozilla whitelist /usr/share/applications whitelist /usr/share/ca-certificates whitelist /usr/share/dconf whitelist /usr/share/glib-2.0 whitelist /usr/share//mime whitelist /usr/share/pixmaps whitelist /usr/share/icons whitelist /usr/share/fonts whitelist /usr/share/hunspell whitelist /usr/share/terminfo whitelist /usr/share/themes whitelist /usr/share/locale whitelist /usr/share/gtk-3.0 whitelist /usr/share/X11 include whitelist-usr-share-common.inc # /var: whitelist /var/lib/dbus/machine-id include whitelist-var-common.inc # $PATH: private-bin tr,getopt,bash, # private-lib # /dev: # private-dev # This is the list of devices accessed (on top of regular private-dev devices: # /dev/shm/org.mozilla.ipc.2.180,/dev/shm/org.mozilla.ipc.139.79,/dev/shm/org.mozilla.ipc.139.78,/dev/shm/org.mozilla.ipc.139.77,/dev/shm/org.mozilla.ipc.139.76,/dev/shm/org.mozilla.ipc.2.179,/dev/shm/org.mozilla.ipc.2.178,/dev/shm/org.mozilla.ipc.2.177,/dev/shm/org.mozilla.ipc.2.176,/dev/shm/org.mozilla.ipc.2.175,/dev/shm/org.mozilla.ipc.2.174,/dev/shm/org.mozilla.ipc.139.75,/dev/shm/org.mozilla.ipc.139.74,/dev/shm/org.mozilla.ipc.139.73,/dev/shm/org.mozilla.ipc.139.72,/dev/shm/org.mozilla.ipc.2.173,/dev/shm/org.mozilla.ipc.2.172,/dev/shm/org.mozilla.ipc.2.171,/dev/shm/org.mozilla.ipc.2.170,/dev/shm/org.mozilla.ipc.2.169,/dev/shm/org.mozilla.ipc.2.168,/dev/shm/org.mozilla.ipc.2.167,/dev/shm/org.mozilla.ipc.2.166,/dev/shm/org.mozilla.ipc.2.165,/dev/shm/org.mozilla.ipc.2.164,/dev/shm/org.mozilla.ipc.139.71,/dev/shm/org.mozilla.ipc.139.70,/dev/shm/org.mozilla.ipc.139.69,/dev/shm/org.mozilla.ipc.139.68,/dev/shm/org.mozilla.ipc.139.67,/dev/shm/org.mozilla.ipc.139.66,/dev/shm/org.mozilla.ipc.139.65,/dev/shm/org.mozilla.ipc.139.64,/dev/shm/org.mozilla.ipc.2.163,/dev/shm/org.mozilla.ipc.2.162,/dev/shm/org.mozilla.ipc.2.161,/dev/shm/org.mozilla.ipc.139.63,/dev/shm/org.mozilla.ipc.139.62,/dev/shm/org.mozilla.ipc.139.61,/dev/shm/org.mozilla.ipc.139.60,/dev/shm/org.mozilla.ipc.2.160,/dev/shm/org.mozilla.ipc.139.59,/dev/shm/org.mozilla.ipc.139.58,/dev/shm/org.mozilla.ipc.139.57,/dev/shm/org.mozilla.ipc.139.56,/dev/shm/org.mozilla.ipc.139.55,/dev/shm/org.mozilla.ipc.139.54,/dev/shm/org.mozilla.ipc.139.53,/dev/shm/org.mozilla.ipc.139.52,/dev/shm/org.mozilla.ipc.139.51,/dev/shm/org.mozilla.ipc.139.50,/dev/shm/org.mozilla.ipc.139.49,/dev/shm/org.mozilla.ipc.139.48,/dev/shm/org.mozilla.ipc.2.159,/dev/shm/org.mozilla.ipc.2.158,/dev/shm/org.mozilla.ipc.2.157,/dev/shm/org.mozilla.ipc.2.156,/dev/shm/org.mozilla.ipc.2.155,/dev/shm/org.mozilla.ipc.2.154,/dev/shm/org.mozilla.ipc.2.153,/dev/shm/org.mozilla.ipc.2.152,/dev/shm/org.mozilla.ipc.2.151,/dev/shm/org.mozilla.ipc.2.150,/dev/shm/org.mozilla.ipc.2.149,/dev/shm/org.mozilla.ipc.139.47,/dev/shm/org.mozilla.ipc.139.46,/dev/shm/org.mozilla.ipc.139.45,/dev/shm/org.mozilla.ipc.139.44,/dev/shm/org.mozilla.ipc.2.148,/dev/shm/org.mozilla.ipc.2.147,/dev/shm/org.mozilla.ipc.2.146,/dev/shm/org.mozilla.ipc.2.145,/dev/shm/org.mozilla.ipc.139.43,/dev/shm/org.mozilla.ipc.139.42,/dev/shm/org.mozilla.ipc.139.41,/dev/shm/org.mozilla.ipc.139.40,/dev/shm/org.mozilla.ipc.2.144,/dev/shm/org.mozilla.ipc.2.143,/dev/shm/org.mozilla.ipc.2.142,/dev/shm/org.mozilla.ipc.2.141,/dev/shm/org.mozilla.ipc.2.140,/dev/shm/org.mozilla.ipc.2.139,/dev/shm/org.mozilla.ipc.2.138,/dev/shm/org.mozilla.ipc.2.137,/dev/shm/org.mozilla.ipc.2.136,/dev/shm/org.mozilla.ipc.2.135,/dev/shm/org.mozilla.ipc.139.39,/dev/shm/org.mozilla.ipc.139.38,/dev/shm/org.mozilla.ipc.139.37,/dev/shm/org.mozilla.ipc.139.36,/dev/shm/org.mozilla.ipc.139.35,/dev/shm/org.mozilla.ipc.139.34,/dev/shm/org.mozilla.ipc.139.33,/dev/shm/org.mozilla.ipc.139.32,/dev/shm/org.mozilla.ipc.139.31,/dev/shm/org.mozilla.ipc.139.30,/dev/shm/org.mozilla.ipc.139.29,/dev/shm/org.mozilla.ipc.139.28,/dev/shm/org.mozilla.ipc.139.27,/dev/shm/org.mozilla.ipc.139.26,/dev/shm/org.mozilla.ipc.2.134,/dev/shm/org.mozilla.ipc.2.133,/dev/shm/org.mozilla.ipc.2.132,/dev/shm/org.mozilla.ipc.2.131,/dev/shm/org.mozilla.ipc.139.25,/dev/shm/org.mozilla.ipc.139.24,/dev/shm/org.mozilla.ipc.139.23,/dev/shm/org.mozilla.ipc.139.22,/dev/shm/org.mozilla.ipc.139.21,/dev/shm/org.mozilla.ipc.139.20,/dev/shm/org.mozilla.ipc.2.130,/dev/shm/org.mozilla.ipc.2.129,/dev/shm/org.mozilla.ipc.2.128,/dev/shm/org.mozilla.ipc.2.127,/dev/shm/org.mozilla.ipc.2.126,/dev/shm/org.mozilla.ipc.2.125,/dev/shm/org.mozilla.ipc.2.124,/dev/shm/org.mozilla.ipc.2.123,/dev/shm/org.mozilla.ipc.2.122,/dev/shm/org.mozilla.ipc.2.121,/dev/shm/org.mozilla.ipc.2.120,/dev/shm/org.mozilla.ipc.2.119,/dev/shm/org.mozilla.ipc.2.118,/dev/shm/org.mozilla.ipc.2.117,/dev/shm/org.mozilla.ipc.2.116,/dev/shm/org.mozilla.ipc.2.115,/dev/shm/org.mozilla.ipc.2.114,/dev/shm/org.mozilla.ipc.2.113,/dev/shm/org.mozilla.ipc.139.19,/dev/shm/org.mozilla.ipc.139.18,/dev/shm/org.mozilla.ipc.139.17,/dev/shm/org.mozilla.ipc.139.16,/dev/shm/org.mozilla.ipc.139.15,/dev/shm/org.mozilla.ipc.139.14,/dev/shm/org.mozilla.ipc.139.13,/dev/shm/org.mozilla.ipc.139.12,/dev/shm/org.mozilla.ipc.139.11,/dev/shm/org.mozilla.ipc.139.10,/dev/shm/org.mozilla.ipc.139.9,/dev/shm/org.mozilla.ipc.139.8,/dev/shm/org.mozilla.ipc.139.7,/dev/shm/org.mozilla.ipc.139.6,/dev/shm/org.mozilla.ipc.2.112,/dev/shm/org.mozilla.ipc.139.5,/dev/shm/org.mozilla.ipc.139.4,/dev/shm/org.mozilla.ipc.139.3,/dev/shm/org.mozilla.ipc.139.2,/dev/shm/org.mozilla.ipc.139.1,/dev/shm/org.mozilla.ipc.139.0,/dev/shm/org.mozilla.ipc.2.111,/dev/shm/org.mozilla.ipc.2.110,/dev/shm/org.mozilla.ipc.2.109,/dev/shm/org.mozilla.ipc.2.108,/dev/shm/org.mozilla.ipc.2.107,/dev/shm/org.mozilla.ipc.2.106,/dev/shm/org.mozilla.ipc.2.105,/dev/shm/org.mozilla.ipc.2.104,/dev/shm/org.mozilla.ipc.2.103,/dev/shm/org.mozilla.ipc.2.102,/dev/shm/org.mozilla.ipc.2.101,/dev/shm/org.mozilla.ipc.2.100,/dev/shm/org.mozilla.ipc.2.99,/dev/shm/org.mozilla.ipc.2.98,/dev/shm/org.mozilla.ipc.2.97,/dev/shm/org.mozilla.ipc.2.96,/dev/shm/org.mozilla.ipc.2.95,/dev/shm/org.mozilla.ipc.2.94,/dev/shm/org.mozilla.ipc.2.93,/dev/shm/org.mozilla.ipc.2.92,/dev/shm/org.mozilla.ipc.2.91,/dev/shm/org.mozilla.ipc.2.90,/dev/shm/org.mozilla.ipc.2.89,/dev/shm/org.mozilla.ipc.2.88,/dev/shm/org.mozilla.ipc.2.87,/dev/shm/org.mozilla.ipc.2.86,/dev/shm/org.mozilla.ipc.2.85,/dev/shm/org.mozilla.ipc.2.84,/dev/shm/org.mozilla.ipc.2.83,/dev/shm/org.mozilla.ipc.2.82,/dev/shm/org.mozilla.ipc.2.81,/dev/shm/org.mozilla.ipc.2.80,/dev/shm/org.mozilla.ipc.2.79,/dev/shm/org.mozilla.ipc.2.78,/dev/shm/org.mozilla.ipc.2.77,/dev/shm/org.mozilla.ipc.218.27,/dev/shm/org.mozilla.ipc.218.26,/dev/shm/org.mozilla.ipc.218.25,/dev/shm/org.mozilla.ipc.218.24,/dev/shm/org.mozilla.ipc.218.23,/dev/shm/org.mozilla.ipc.218.22,/dev/shm/org.mozilla.ipc.218.21,/dev/shm/org.mozilla.ipc.218.20,/dev/shm/org.mozilla.ipc.218.19,/dev/shm/org.mozilla.ipc.218.18,/dev/shm/org.mozilla.ipc.218.17,/dev/shm/org.mozilla.ipc.218.16,/dev/shm/org.mozilla.ipc.218.15,/dev/shm/org.mozilla.ipc.218.14,/dev/shm/org.mozilla.ipc.218.13,/dev/shm/org.mozilla.ipc.218.12,/dev/shm/org.mozilla.ipc.218.11,/dev/shm/org.mozilla.ipc.218.10,/dev/shm/org.mozilla.ipc.218.9,/dev/shm/org.mozilla.ipc.218.8,/dev/shm/org.mozilla.ipc.218.7,/dev/shm/org.mozilla.ipc.218.6,/dev/shm/org.mozilla.ipc.218.5,/dev/shm/org.mozilla.ipc.218.4,/dev/shm/org.mozilla.ipc.218.3,/dev/shm/org.mozilla.ipc.218.2,/dev/shm/org.mozilla.ipc.218.1,/dev/shm/org.mozilla.ipc.218.0,/dev/shm/org.mozilla.ipc.2.76,/dev/shm/org.mozilla.ipc.2.75,/dev/shm/org.mozilla.ipc.2.74,/dev/shm/org.mozilla.ipc.2.73,/dev/shm/org.mozilla.ipc.2.72,/dev/shm/org.mozilla.ipc.2.71,/dev/shm/org.mozilla.ipc.2.70,/dev/shm/org.mozilla.ipc.2.69,/dev/shm/org.mozilla.ipc.2.68,/dev/shm/org.mozilla.ipc.2.67,/dev/shm/org.mozilla.ipc.2.66,/dev/shm/org.mozilla.ipc.2.65,/dev/shm/org.mozilla.ipc.2.64,/dev/shm/org.mozilla.ipc.2.63,/dev/shm/org.mozilla.ipc.2.62,/dev/shm/org.mozilla.ipc.2.61,/dev/shm/org.mozilla.ipc.2.60,/dev/shm/org.mozilla.ipc.2.59,/dev/shm/org.mozilla.ipc.2.58,/dev/shm/org.mozilla.ipc.2.57,/dev/shm/org.mozilla.ipc.2.56,/dev/shm/org.mozilla.ipc.2.55,/dev/shm/org.mozilla.ipc.2.54,/dev/shm/org.mozilla.ipc.2.53,/dev/shm/org.mozilla.ipc.2.52,/dev/shm/org.mozilla.ipc.2.51,/dev/shm/org.mozilla.ipc.2.50,/dev/shm/org.mozilla.ipc.2.49,/dev/shm/org.mozilla.ipc.2.48,/dev/shm/org.mozilla.ipc.2.47,/dev/shm/org.mozilla.ipc.2.46,/dev/shm/org.mozilla.ipc.2.45,/dev/shm/org.mozilla.ipc.2.44,/dev/shm/org.mozilla.ipc.2.43,/dev/shm/org.mozilla.ipc.2.42,/dev/shm/org.mozilla.ipc.2.41,/dev/shm/org.mozilla.ipc.2.40,/dev/shm/org.mozilla.ipc.2.39,/dev/shm/org.mozilla.ipc.2.38,/dev/shm/org.mozilla.ipc.2.37,/dev/shm/org.mozilla.ipc.2.36,/dev/shm/org.mozilla.ipc.2.35,/dev/shm/org.mozilla.ipc.2.34,/dev/shm/org.mozilla.ipc.2.33,/dev/shm/org.mozilla.ipc.2.32,/dev/shm/org.mozilla.ipc.2.31,/dev/shm/org.mozilla.ipc.2.30,/dev/shm/org.mozilla.ipc.2.29,/dev/shm/org.mozilla.ipc.2.28,/dev/shm/org.mozilla.ipc.2.27,/dev/shm/org.mozilla.ipc.2.26,/dev/shm/org.mozilla.ipc.2.25,/dev/shm/org.mozilla.ipc.2.24,/dev/shm/org.mozilla.ipc.2.23,/dev/shm/org.mozilla.ipc.2.22,/dev/shm/org.mozilla.ipc.2.21,/dev/shm/org.mozilla.ipc.2.20,/dev/shm/org.mozilla.ipc.2.19,/dev/shm/dummy,/dev/shm/org.mozilla.ipc.2.18,/dev/shm/org.mozilla.ipc.2.17,/dev/shm/org.mozilla.ipc.2.16,/dev/shm/org.mozilla.ipc.2.15,/dev/shm/org.mozilla.ipc.2.14,/dev/shm/org.mozilla.ipc.2.13,/dev/shm/org.mozilla.ipc.2.12,/dev/shm/org.mozilla.ipc.2.11,/dev/shm/org.mozilla.ipc.2.10,/dev/shm/org.mozilla.ipc.2.9,/dev/shm/org.mozilla.ipc.2.8,/dev/shm/org.mozilla.ipc.2.7,/dev/shm/org.mozilla.ipc.2.6,/dev/shm/org.mozilla.ipc.2.5,/dev/shm/org.mozilla.ipc.2.4,/dev/shm/org.mozilla.ipc.2.3,/dev/shm/org.mozilla.ipc.2.2,/dev/shm/org.mozilla.ipc.2.1,/dev/shm/org.mozilla.ipc.2.0, # /etc: private-etc ssl,mime.types,machine-id,ca-certificates,dconf,os-release,fonts,firefox,lsb-release,ld.so.conf.d,ld.so.conf,passwd,hosts,xdg,gtk-3.0, # /tmp: # private-tmp # File accessed in /tmp directory: # /tmp/.X11-unix/X0,/tmp/firefox/.parentlock, ### security filters caps.drop all nonewprivs seccomp # If you install strace on your system, Firejail will also create a # whitelisted seccomp filter. ### network protocol unix,inet,inet6,netlink, # net eth0 netfilter ### environment shell none ``` > What is the output of ls -l /etc/resolv.conf? lrwxrwxrwx 1 root root 31 Jun 17 18:59 /etc/resolv.conf -> /var/lib/expressvpn/resolv.conf
gitea-mirror commented 2026-05-05 08:52:57 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 5, 2020):

Note I uncommented it and internet does work when started with that command.

--build is like --noprofile --nonewprivs --caps.drop=all --trace

What is the output of ls -l /etc/resolv.conf?

lrwxrwxrwx 1 root root 31 Jun 17 18:59 /etc/resolv.conf -> /var/lib/expressvpn/resolv.conf

Try to add whitelist /var/lib/expressvpn/resolv.conf to whitelist-var-common.local.

<!-- gh-comment-id:653878157 --> @rusty-snake commented on GitHub (Jul 5, 2020): > Note I uncommented it and internet does work when started with that command. `--build` is like `--noprofile --nonewprivs --caps.drop=all --trace` > > What is the output of ls -l /etc/resolv.conf? > > lrwxrwxrwx 1 root root 31 Jun 17 18:59 /etc/resolv.conf -> /var/lib/expressvpn/resolv.conf Try to add `whitelist /var/lib/expressvpn/resolv.conf` to `whitelist-var-common.local`.
gitea-mirror commented 2026-05-05 08:52:57 -06:00
Author
Owner
Copy link

@Evernow commented on GitHub (Jul 5, 2020):

Try to add whitelist /var/lib/expressvpn/resolv.conf to whitelist-var-common.local.

Indeed that seemed to have worked, thank you very much!

Do you want me to open a separate issue for the VLC issue described here https://github.com/netblue30/firejail/issues/3494#issuecomment-653871460 ?

<!-- gh-comment-id:653878449 --> @Evernow commented on GitHub (Jul 5, 2020): > Try to add `whitelist /var/lib/expressvpn/resolv.conf` to `whitelist-var-common.local`. Indeed that seemed to have worked, thank you very much! Do you want me to open a separate issue for the VLC issue described here https://github.com/netblue30/firejail/issues/3494#issuecomment-653871460 ?
gitea-mirror commented 2026-05-05 08:52:58 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Jul 5, 2020):

Try to add whitelist /var/lib/expressvpn/resolv.conf to whitelist-var-common.local.

Off-topic:
https://github.com/netblue30/firejail/issues/1889#issuecomment-383343814

<!-- gh-comment-id:653927941 --> @SkewedZeppelin commented on GitHub (Jul 5, 2020): > Try to add `whitelist /var/lib/expressvpn/resolv.conf` to `whitelist-var-common.local`. Off-topic: https://github.com/netblue30/firejail/issues/1889#issuecomment-383343814
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2198
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?