github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3539] Automatically started application in KDE not firejailed #2223

New issue

Open

opened 2026-05-05 08:54:32 -06:00 by gitea-mirror · 11 comments

gitea-mirror commented

2026-05-05 08:54:32 -06:00

Owner

Originally created by @MrFrank17 on GitHub (Jul 23, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3539

On logout of KDE, open applications will be automatically started on the next login. However, these applications are not firejailed (they are not shown with firejail --list). After closing and reopening the programs, they are firejailed as expected.

Using Kubuntu 20.04.
Noticed when using firefox.

Relates to:

#4092

Originally created by @MrFrank17 on GitHub (Jul 23, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3539 On logout of KDE, open applications will be automatically started on the next login. However, these applications are not firejailed (they are not shown with `firejail --list`). After closing and reopening the programs, they are firejailed as expected. Using Kubuntu 20.04. Noticed when using firefox. Relates to: * #4092

gitea-mirror added the

firecfg

label 2026-05-05 08:54:32 -06:00

gitea-mirror commented

2026-05-05 08:54:34 -06:00

Author

Owner

@ghost commented on GitHub (Jul 23, 2020):

If you can find out where KDE saves this information there might be a way to ensure the apps are properly firejailed at re-login. I'm hoping KDE saves this info in seperate XDG desktop files somewhere under your ${HOME}, and those we know how to deal with (like firecfg does).

@ghost commented on GitHub (Jul 23, 2020): If you can find out where KDE saves this information there _might_ be a way to ensure the apps are properly firejailed at re-login. I'm hoping KDE saves this info in seperate XDG desktop files somewhere under your ${HOME}, and those we know how to deal with (like firecfg does).

gitea-mirror commented

2026-05-05 08:54:35 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 23, 2020):

@glitsj16 My guess is that they are started over D-Bus, if that's true firecfg.py can already help. I take a closer look tomorrow.

@rusty-snake commented on GitHub (Jul 23, 2020): @glitsj16 My guess is that they are started over D-Bus, if that's true firecfg.py can already help. I take a closer look tomorrow.

gitea-mirror commented

2026-05-05 08:54:36 -06:00

Author

Owner

@ghost commented on GitHub (Jul 23, 2020):

@rusty-snake That would be great. We really need a proper/secure way for users to handle this kind of basic functionality, whether it's via D-Bus or otherwise. I have to look at your firecfg.py again soonish in this context. Thanks for the info!

@ghost commented on GitHub (Jul 23, 2020): @rusty-snake That would be great. We really need a proper/secure way for users to handle this kind of basic functionality, whether it's via D-Bus or otherwise. I have to look at your firecfg.py again soonish in this context. Thanks for the info!

gitea-mirror commented

2026-05-05 08:54:37 -06:00

Author

Owner

@bbhtt commented on GitHub (Jul 24, 2020):

Also in Xfce, and by extension on any that offer such, happens when you save the session state and log-out. Sessions are stored in ~/.cache/sessions for Xfce but the path varies by DE. https://bugs.kde.org/show_bug.cgi?id=155341#c10

@bbhtt commented on GitHub (Jul 24, 2020): Also in Xfce, and by extension on any that offer such, happens when you save the session state and log-out. Sessions are stored in `~/.cache/sessions` for Xfce but the path varies by DE. https://bugs.kde.org/show_bug.cgi?id=155341#c10

gitea-mirror commented

2026-05-05 08:54:38 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 24, 2020):

FYI: https://forum.kde.org/viewtopic.php?t=131789

@rusty-snake commented on GitHub (Jul 24, 2020): FYI: https://forum.kde.org/viewtopic.php?t=131789

gitea-mirror commented

2026-05-05 08:54:39 -06:00

Author

Owner

@bbhtt commented on GitHub (Jul 24, 2020):

Doesn't seem to work in Xfce, the session files are overwritten on every logout:

Client6_Priority=50
Client6_RestartStyleHint=0
Client7_ClientId=26ba77eb3-50e2-4e9c-a7fe-cf8cb07475c7
Client7_Hostname=local/korte
Client7_CloneCommand=/usr/bin/firefox
Client7_RestartCommand=/usr/bin/firefox,--sm-client-id,26ba77eb3-50e2-4e9c-a7fe-cf8cb07475c7

Though I don't save state and there's an option to do so in Xfce, I've added a logout job to clear any session cache.

Edit. Probably duplicate of https://github.com/netblue30/firejail/issues/359

@bbhtt commented on GitHub (Jul 24, 2020): Doesn't seem to work in Xfce, the session files are overwritten on every logout: ``` Client6_Priority=50 Client6_RestartStyleHint=0 Client7_ClientId=26ba77eb3-50e2-4e9c-a7fe-cf8cb07475c7 Client7_Hostname=local/korte Client7_CloneCommand=/usr/bin/firefox Client7_RestartCommand=/usr/bin/firefox,--sm-client-id,26ba77eb3-50e2-4e9c-a7fe-cf8cb07475c7 ``` Though I don't save state and there's an option to do so in Xfce, I've added a logout job to clear any session cache. Edit. Probably duplicate of https://github.com/netblue30/firejail/issues/359

gitea-mirror commented

2026-05-05 08:54:40 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 25, 2020):

Related: #1599. In my test they where started as children of kdeinit5. IDK anything about the internals of KDE, but the only workaround I see ATM is to disable session restore or editing the ~/.config/sessions/* + ~/.config/ksmserverrc after-logout/before-login. This could be done by a systemd-user-servcie.

@rusty-snake commented on GitHub (Jul 25, 2020): Related: #1599. In my test they where started as children of kdeinit5. IDK anything about the internals of KDE, but the only workaround I see ATM is to disable session restore or editing the ~/.config/sessions/* + ~/.config/ksmserverrc after-logout/before-login. This could be done by a systemd-user-servcie.

gitea-mirror commented

2026-05-05 08:54:41 -06:00

Author

Owner

@smitsohu commented on GitHub (Jul 25, 2020):

You might also want to take a look at the excludeApps= key in ~/.config/ksmserverrc. Note that these things are also exposed in System Settings -> Startup and Shutdown.

If it is not considered too intrusive, maybe firecfg could patch ~/.config/ksmserverrc ? Not sure though if ksmserver is prepared to handle hundreds of application names.

@smitsohu commented on GitHub (Jul 25, 2020): You might also want to take a look at the `excludeApps=` key in ~/.config/ksmserverrc. Note that these things are also exposed in System Settings -> Startup and Shutdown. If it is not considered too intrusive, maybe `firecfg` could patch ~/.config/ksmserverrc ? Not sure though if ksmserver is prepared to handle hundreds of application names.

gitea-mirror commented

2026-05-05 08:54:41 -06:00

Author

Owner

@smitsohu commented on GitHub (Aug 4, 2020):

Regarding Firefox specifically, you can set env MOZ_APP_LAUNCHER=/usr/bin/firejail; this environment variable was introduced for exactly this reason if I understand correctly.
If your distribution comes with a /usr/bin/firefox shell script, there is the side effect that this script will be bypassed in the future, so it's not really a universal/great solution.

@smitsohu commented on GitHub (Aug 4, 2020): Regarding Firefox specifically, you can set `env MOZ_APP_LAUNCHER=/usr/bin/firejail`; this environment variable was introduced for exactly this reason if I understand correctly. If your distribution comes with a /usr/bin/firefox shell script, there is the side effect that this script will be bypassed in the future, so it's not really a universal/great solution.

gitea-mirror commented

2026-05-05 08:54:42 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 9, 2020):

Do we want to do anything here?

@rusty-snake commented on GitHub (Nov 9, 2020): Do we want to do anything here?

gitea-mirror commented

2026-05-05 08:54:43 -06:00

Author

Owner

@h-town commented on GitHub (Oct 21, 2021):

Do we want to do anything here?

that would be great. just ran into the issue today and couldn't figure out an alternative solution. i expect it's not unique to firefox but that's where i encountered it.

ideally-speaking @kde / ksmserverrc would respect the Exec line from the source .desktop file but getting them to address it for circumstances unique to firejail may be futile.

@h-town commented on GitHub (Oct 21, 2021): > Do we want to do anything here? that would be great. just ran into the issue today and couldn't figure out an alternative solution. i expect it's not unique to firefox but that's where i encountered it. ideally-speaking @kde / ksmserverrc would respect the Exec line from the source .desktop file but getting them to address it for circumstances unique to firejail may be futile.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2223

No description provided.

Rows
Columns