github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3640] Gimp - add note how to enable scanning (xsane) #2291

New issue

Closed

opened 2026-05-05 08:58:47 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 08:58:47 -06:00

Owner

Originally created by @jose1711 on GitHub (Sep 23, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3640

Default gimp.profile breaks scanning via File - Create menu. It would be nice if the profile lists what is needed (for gimp.local) to bring these feature back:

# to enable Xsane dialog (scanning via File - Create)
ignore seccomp
ignore dbus-system

# to enable Xsane scanning via network
protocol unix,inet,inet6
ignore net

Originally created by @jose1711 on GitHub (Sep 23, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3640 Default `gimp.profile` breaks scanning via `File - Create` menu. It would be nice if the profile lists what is needed (for `gimp.local`) to bring these feature back: ``` # to enable Xsane dialog (scanning via File - Create) ignore seccomp ignore dbus-system # to enable Xsane scanning via network protocol unix,inet,inet6 ignore net ```

gitea-mirror closed this issue

2026-05-05 08:58:47 -06:00

gitea-mirror commented

2026-05-05 08:58:49 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2020):

Looks good:

# to enable Xsane scanning via network
ignore net none
protocol unix,inet,inet6

The first one is very permissive. seccomp likely need only one or two syscalls (have a look at your syslog). The system bus also need a few name to allow.

dbus-system filter
dbus-system.talk xxx
ignore dbus-system none

@rusty-snake commented on GitHub (Sep 23, 2020): Looks good: ``` # to enable Xsane scanning via network ignore net none protocol unix,inet,inet6 ``` The first one is very permissive. `seccomp` likely need only one or two syscalls (have a look at your syslog). The system bus also need a few name to allow. ``` dbus-system filter dbus-system.talk xxx ignore dbus-system none ```

gitea-mirror commented

2026-05-05 08:58:50 -06:00

Author

Owner

@jose1711 commented on GitHub (Sep 23, 2020):

I don't see anything related to dbus in journal log, only GIMP complains in the console:

gui_dbus_name_lost: connection to the bus cannot be established.

How to find out which dbus services I need to allow?

@jose1711 commented on GitHub (Sep 23, 2020): I don't see anything related to dbus in journal log, only GIMP complains in the console: ``` gui_dbus_name_lost: connection to the bus cannot be established. ``` How to find out which dbus services I need to allow?

gitea-mirror commented

2026-05-05 08:58:51 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2020):

How to find out which dbus services I need to allow?

ATM, there is no master-solution. (You need some knowledge and) you can use

dbus-monitor, but this make much spam especially if use do not use a own bus for it.
--dbus-log, but this requieres --dbus-xxx=filter
flatpak remote-info flathub -m APP-ID
d-feet, qtdbus-viewer, bustle
...

Flatpak dbus policy:

[Session Bus Policy]
org.gtk.vfs.*=talk
org.gtk.vfs=talk
org.freedesktop.FileManager1=talk

firejail version of this:

dbus-user filter
dbus-user.own org.gimp.GIMP
dbus-user.talk ca.desrt.dconf
dbus-user.talk org.gtk.vfs
dbus-user.talk org.freedesktop.FileManager1

@rusty-snake commented on GitHub (Sep 23, 2020): > How to find out which dbus services I need to allow? ATM, there is no master-solution. (You need some knowledge and) you can use - `dbus-monitor`, but this make much spam especially if use do not use a own bus for it. - `--dbus-log`, but this requieres `--dbus-xxx=filter` - `flatpak remote-info flathub -m APP-ID` - `d-feet`, `qtdbus-viewer`, `bustle` - ... Flatpak dbus policy: ``` [Session Bus Policy] org.gtk.vfs.*=talk org.gtk.vfs=talk org.freedesktop.FileManager1=talk ``` firejail version of this: ``` dbus-user filter dbus-user.own org.gimp.GIMP dbus-user.talk ca.desrt.dconf dbus-user.talk org.gtk.vfs dbus-user.talk org.freedesktop.FileManager1 ```

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2291

No description provided.

Rows
Columns