github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3615] Opening up x-terminal-emulator with --noprofile exits the jail #2269

New issue
Closed
opened 2026-05-05 08:57:50 -06:00 by gitea-mirror · 10 comments
gitea-mirror commented 2026-05-05 08:57:50 -06:00
Owner
Copy link

Originally created by @svc88 on GitHub (Aug 30, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3615

When i try to open up x-terminal-emulator or even xfce4-terminal from xfce4-terminal like this:
firejail --noprofile x-terminal-emulator
or
firejail --noprofile xfce4-terminal

It opens up the terminal but it ends in the original terminal like this:

Parent pid 13574, child pid 13575
Child process initialized in 10.26 ms

Parent is shutting down, bye...

It exits the jail. Why? What am i doing wrong?

firejail version 0.9.62

PS:
I tried this in a VM of the same OS Xubuntu 18.04 but there it doesnt exit the jail and i dont know why

Originally created by @svc88 on GitHub (Aug 30, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3615 When i try to open up `x-terminal-emulator` or even `xfce4-terminal` **from** `xfce4-terminal` like this: `firejail --noprofile x-terminal-emulator` or `firejail --noprofile xfce4-terminal` It opens up the terminal but it ends in the original terminal like this: ``` Parent pid 13574, child pid 13575 Child process initialized in 10.26 ms Parent is shutting down, bye... ``` It exits the jail. Why? What am i doing wrong? firejail version 0.9.62 PS: I tried this in a VM of the same OS Xubuntu 18.04 but there it doesnt exit the jail and i dont know why
gitea-mirror commented 2026-05-05 08:57:53 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 30, 2020):

They blacklisted in disable-common.inc, but this is not included if you use --noprofile. Do you have a xfce4-terminal symlink or use firejail as login-shell?

<!-- gh-comment-id:683452709 --> @rusty-snake commented on GitHub (Aug 30, 2020): They blacklisted in disable-common.inc, but this is not included if you use `--noprofile`. Do you have a xfce4-terminal symlink or use firejail as login-shell?
gitea-mirror commented 2026-05-05 08:57:54 -06:00
Author
Owner
Copy link

@svc88 commented on GitHub (Aug 30, 2020):

my xfce4-terminal opens up from the icon in the whisker menu - exo-open --launch TerminalEmulator

I dont know if i use firejail as login-shell, i just open up my terminal from the shortcut above and run the cmd firejail --noprofile xfce4-terminal and all it does is exit the jail and open up yet another xfce4-terminal

<!-- gh-comment-id:683453576 --> @svc88 commented on GitHub (Aug 30, 2020): my xfce4-terminal opens up from the icon in the whisker menu - `exo-open --launch TerminalEmulator` I dont know if i use firejail as login-shell, i just open up my terminal from the shortcut above and run the cmd `firejail --noprofile xfce4-terminal` and all it does is exit the jail and open up yet another xfce4-terminal
gitea-mirror commented 2026-05-05 08:57:55 -06:00
Author
Owner
Copy link

@svc88 commented on GitHub (Aug 30, 2020):

I even downloaded gnome-terminal and its doing the same thing.
I did more tests and noticed that it doesnt do it if i run this on a minimal Ubuntu Server 18.04 with Xfce4. Seems like its only doing it on a Xubuntu 18.04 Desktop and not sure why. Can you try reproduce?

Update:
More tests reveals that when i run firejail --noprofile xfce4-terminal from Konsole, xterm, or gnome-terminal, the jail works with noprofile, however the only time the jail exists unexpectedly is when running that cmd within xfce4-terminal itself. (this all on Xubuntu Desktop)

BUT, if i try this on Ubuntu Server + xfce4, the jail runs fine from within xfce4-terminal
So im not sure why this happens.

<!-- gh-comment-id:683457422 --> @svc88 commented on GitHub (Aug 30, 2020): I even downloaded gnome-terminal and its doing the same thing. I did more tests and noticed that it doesnt do it if i run this on a minimal Ubuntu Server 18.04 with Xfce4. Seems like its only doing it on a Xubuntu 18.04 Desktop and not sure why. Can you try reproduce? Update: More tests reveals that when i run `firejail --noprofile xfce4-terminal` from `Konsole`, `xterm`, or `gnome-terminal`, the jail works with noprofile, however the only time the jail exists unexpectedly is when running that cmd **within** `xfce4-terminal` itself. (this all on Xubuntu Desktop) BUT, if i try this on Ubuntu Server + xfce4, the jail runs fine from within `xfce4-terminal` So im not sure why this happens.
gitea-mirror commented 2026-05-05 08:57:55 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Aug 31, 2020):

however the only time the jail exists unexpectedly is when running that cmd within xfce4-terminal itself

issue 240 here

x-terminal-emulator or even xfce4-terminal from xfce4-terminal

/etc/alternatives/x-terminal-emulator -> /bin/example_terminal

<!-- gh-comment-id:683519899 --> @bbhtt commented on GitHub (Aug 31, 2020): > however the only time the jail exists unexpectedly is when running that cmd within xfce4-terminal itself issue 240 here > x-terminal-emulator or even xfce4-terminal from xfce4-terminal /etc/alternatives/x-terminal-emulator -> /bin/example_terminal
gitea-mirror commented 2026-05-05 08:57:56 -06:00
Author
Owner
Copy link

@svc88 commented on GitHub (Aug 31, 2020):

@kortewegdevries makes sense thanks. However i dont see that issue mentioning anything about this:

BUT, if i try this on Ubuntu Server + xfce4, the jail runs fine from within xfce4-terminal
So im not sure why this happens.

If i missed anything in there regarding why xfce4-terminal jail runs fine if xfce4-terminal is installed on a Ubuntu Server + xfce4 environment, please tell me

<!-- gh-comment-id:683850786 --> @svc88 commented on GitHub (Aug 31, 2020): @kortewegdevries makes sense thanks. However i dont see that issue mentioning anything about this: > BUT, if i try this on Ubuntu Server + xfce4, the jail runs fine from within `xfce4-terminal` > So im not sure why this happens. If i missed anything in there regarding why xfce4-terminal jail runs fine if xfce4-terminal is installed on a Ubuntu Server + xfce4 environment, please tell me
gitea-mirror commented 2026-05-05 08:57:56 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Aug 31, 2020):

minimal Ubuntu Server 18.04 with Xfce4

Do you mean the MinimalCD (https://help.ubuntu.com/community/Installation/MinimalCD) + xfce4 or this one https://ubuntu.com/server?

<!-- gh-comment-id:683867709 --> @bbhtt commented on GitHub (Aug 31, 2020): > minimal Ubuntu Server 18.04 with Xfce4 Do you mean the MinimalCD (https://help.ubuntu.com/community/Installation/MinimalCD) + xfce4 or this one https://ubuntu.com/server?
gitea-mirror commented 2026-05-05 08:57:56 -06:00
Author
Owner
Copy link

@svc88 commented on GitHub (Aug 31, 2020):

The second one. More precisely this: http://www.cdimage.ubuntu.com/ubuntu-server/bionic/daily-live/current/bionic-live-server-amd64.iso + minimal setup shown below:

sudo apt-get install lightdm --no-install-recommends
sudo apt-get install lightdm-gtk-greeter xfce4 xfce4-goodies xfce4-clipman build-essential
<!-- gh-comment-id:683889079 --> @svc88 commented on GitHub (Aug 31, 2020): The second one. More precisely this: http://www.cdimage.ubuntu.com/ubuntu-server/bionic/daily-live/current/bionic-live-server-amd64.iso + minimal setup shown below: ``` sudo apt-get install lightdm --no-install-recommends sudo apt-get install lightdm-gtk-greeter xfce4 xfce4-goodies xfce4-clipman build-essential ```
gitea-mirror commented 2026-05-05 08:57:57 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Aug 31, 2020):

I tried with a Debian bullseye minimal cd+lxde, same behaviour; tried with the base 20.04 server+ubuntu-desktop meta package, still same. I don't know how server works but I can't think of a reason on why it'd be any different on aVM:

I tried this in a VM of the same OS Xubuntu 18.04 but there it doesnt exit the jail and i dont know why

Maybe some else can offer insights...

<!-- gh-comment-id:683913818 --> @bbhtt commented on GitHub (Aug 31, 2020): I tried with a Debian bullseye minimal cd+lxde, same behaviour; tried with the base 20.04 server+ubuntu-desktop meta package, still same. I don't know how server works but I can't think of a reason on why it'd be any different on aVM: > I tried this in a VM of the same OS Xubuntu 18.04 but there it doesnt exit the jail and i dont know why Maybe some else can offer insights...
gitea-mirror commented 2026-05-05 08:57:57 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Oct 1, 2020):

still an issue?

<!-- gh-comment-id:702310060 --> @rusty-snake commented on GitHub (Oct 1, 2020): still an issue?
gitea-mirror commented 2026-05-05 08:57:57 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 9, 2020):

I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.

<!-- gh-comment-id:724236365 --> @rusty-snake commented on GitHub (Nov 9, 2020): I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2269
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?