[GH-ISSUE #3669] skypeforlinux logs out every time, even without profile #2313

New issue

Closed

opened 2026-05-05 09:00:08 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 09:00:08 -06:00

Owner

Copy link

Originally created by @ScoreUnder on GitHub (Oct 14, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3669

Bug and expected behavior

After logging into skypeforlinux, then exiting the program, relaunching it under firejail will cause it to show a notification saying "You've been signed out of Skype. Launch the app to sign back in.". This does not happen if firejail is not used.

The expected behaviour here is for skype to remain logged in whether relaunched under firejail or not.

This problem persists even with --noprofile.

Reproduce
Steps to reproduce the behavior:

1. Log into Skype for Linux
2. Exit without signing out
3. Run Skype for Linux again, either under firejail (if testing bug) or without firejail (if testing normal behaviour)

Environment

• Arch Linux (Linux 5.8.13)
• Firejail 0.9.62.4
• Skype for Linux 8.65.0.76 (stable)

Checklist

• The upstream profile (and redirect profile if exists) have no changes fixing it.
• The program has a profile. (If not, request one in # 1139)
• N/A Programs needed for interaction are listed in the profile.
• A short search for duplicates was performed.
• N/A If it is a AppImage, --profile=PROFILENAME is used to set the right profile.

debug output

Left it running for just long enough to sign itself in and sign itself out again:

score@kirisame ~/.config/firejail % firejail --noprofile --debug /usr/bin/skypeforlinux
Autoselecting /bin/zsh as shell
Building quoted command line: '/usr/bin/skypeforlinux' 
Command name #skypeforlinux#
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 2253759, child pid 2253764
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
IBUS_ADDRESS=unix:abstract=/home/score/.cache/ibus/dbus-B6EYTCRw,guid=56b1ea7dbada33740999f4405f76fc01
IBUS_DAEMON_PID=1801
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /lib
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/score/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules/5.8.13-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /sys/fs
Disable /sys/module
Mounting noexec /run/firejail/mnt/pulse
Mounting /run/firejail/mnt/pulse on /home/score/.config/pulse
1188 1161 0:129 /pulse /home/score/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1188 fsname=/pulse dir=/home/score/.config/pulse fstype=tmpfs
Current directory: /home/score
DISPLAY=:0 parsed as 0
Mounting read-only /run/firejail/mnt/seccomp
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0
starting application
LD_PRELOAD=(null)
Running '/usr/bin/skypeforlinux'  command through /bin/zsh
execvp argument 0: /bin/zsh
execvp argument 1: -c
execvp argument 2: '/usr/bin/skypeforlinux' 
Child process initialized in 5.91 ms
monitoring pid 2

Sandbox monitor: waitpid 2 retval 2 status 0
Sandbox monitor: monitoring 7
monitoring pid 7

Sandbox monitor: waitpid 7 retval 7 status 0
Sandbox monitor: monitoring 12
monitoring pid 12

Sandbox monitor: waitpid 12 retval 12 status 0
Sandbox monitor: monitoring 35
monitoring pid 35

Sandbox monitor: waitpid 35 retval 35 status 15

Parent is shutting down, bye...
firejail --noprofile --debug /usr/bin/skypeforlinux  5.21s user 0.86s system 118% cpu 5.112 total

Originally created by @ScoreUnder on GitHub (Oct 14, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3669 **Bug and expected behavior** After logging into skypeforlinux, then exiting the program, relaunching it under firejail will cause it to show a notification saying "You've been signed out of Skype. Launch the app to sign back in.". This does not happen if firejail is not used. The expected behaviour here is for skype to remain logged in whether relaunched under firejail or not. This problem persists even with `--noprofile`. **Reproduce** Steps to reproduce the behavior: 1. Log into Skype for Linux 2. Exit without signing out 3. Run Skype for Linux again, either under firejail (if testing bug) or without firejail (if testing normal behaviour) **Environment** - Arch Linux (Linux 5.8.13) - Firejail 0.9.62.4 - Skype for Linux 8.65.0.76 (stable) **Checklist** - [X] The upstream profile (and redirect profile if exists) have no changes fixing it. - [X] The program has a profile. (If not, request one in [# 1139](https://github.com/netblue30/firejail/issues/1139)) - N/A Programs needed for interaction are listed in the profile. - [X] A short search for duplicates was performed. - N/A If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. <details><summary> debug output </summary> Left it running for just long enough to sign itself in and sign itself out again: ``` score@kirisame ~/.config/firejail % firejail --noprofile --debug /usr/bin/skypeforlinux Autoselecting /bin/zsh as shell Building quoted command line: '/usr/bin/skypeforlinux' Command name #skypeforlinux# DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 2253759, child pid 2253764 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file IBUS_ADDRESS=unix:abstract=/home/score/.cache/ibus/dbus-B6EYTCRw,guid=56b1ea7dbada33740999f4405f76fc01 IBUS_DAEMON_PID=1801 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /lib Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/score/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules/5.8.13-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /sys/fs Disable /sys/module Mounting noexec /run/firejail/mnt/pulse Mounting /run/firejail/mnt/pulse on /home/score/.config/pulse 1188 1161 0:129 /pulse /home/score/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1188 fsname=/pulse dir=/home/score/.config/pulse fstype=tmpfs Current directory: /home/score DISPLAY=:0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0 starting application LD_PRELOAD=(null) Running '/usr/bin/skypeforlinux' command through /bin/zsh execvp argument 0: /bin/zsh execvp argument 1: -c execvp argument 2: '/usr/bin/skypeforlinux' Child process initialized in 5.91 ms monitoring pid 2 Sandbox monitor: waitpid 2 retval 2 status 0 Sandbox monitor: monitoring 7 monitoring pid 7 Sandbox monitor: waitpid 7 retval 7 status 0 Sandbox monitor: monitoring 12 monitoring pid 12 Sandbox monitor: waitpid 12 retval 12 status 0 Sandbox monitor: monitoring 35 monitoring pid 35 Sandbox monitor: waitpid 35 retval 35 status 15 Parent is shutting down, bye... firejail --noprofile --debug /usr/bin/skypeforlinux 5.21s user 0.86s system 118% cpu 5.112 total ``` </details>

gitea-mirror closed this issue 2026-05-05 09:00:08 -06:00

gitea-mirror commented 2026-05-05 09:00:10 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Oct 16, 2020):

If something is broken even with --noprofile, it is likely that it can not be fixed.
However, you can

• check if there are any background daemons from skype outside the sandbox.
• look for non-default/changed settings in /etc/firejail/firejail.config
• try my noprofile

noprofile.profile

allow-debuggers
allusers
#keep-dev-shm
#keep-var-tmp
#noautopulse
writable-etc
writable-run-user
writable-var
writable-var-log

noblacklist /sys/fs
noblacklist /sys/module

<!-- gh-comment-id:710071776 --> @rusty-snake commented on GitHub (Oct 16, 2020): If something is broken even with `--noprofile`, it is likely that it can not be fixed. However, you can - check if there are any background daemons from skype outside the sandbox. - look for non-default/changed settings in /etc/firejail/firejail.config - try my noprofile `noprofile.profile` ``` allow-debuggers allusers #keep-dev-shm #keep-var-tmp #noautopulse writable-etc writable-run-user writable-var writable-var-log noblacklist /sys/fs noblacklist /sys/module ```

gitea-mirror commented 2026-05-05 09:00:11 -06:00

Author

Owner

Copy link

@ScoreUnder commented on GitHub (Oct 17, 2020):

I can't find any background processes owned by skype, there are no uncommented lines in firejail.config, and I get the same results under noprofile.profile... I guess this isn't something that can be solved without disproportionately meticulous levels of investigation, so I'll close this for now under the assumption that it's not practical to fix.

<!-- gh-comment-id:711084592 --> @ScoreUnder commented on GitHub (Oct 17, 2020): I can't find any background processes owned by skype, there are no uncommented lines in `firejail.config`, and I get the same results under `noprofile.profile`... I guess this isn't something that can be solved without disproportionately meticulous levels of investigation, so I'll close this for now under the assumption that it's not practical to fix.

gitea-mirror commented 2026-05-05 09:00:12 -06:00

Author

Owner

Copy link

@oliversturm commented on GitHub (Dec 7, 2020):

No idea if this helps at all, but I have encountered this problem just now with Arch updates no more than a week old. Prior to that, Skype was working with firejail without any trouble.

<!-- gh-comment-id:739860327 --> @oliversturm commented on GitHub (Dec 7, 2020): No idea if this helps at all, but I have encountered this problem just now with Arch updates no more than a week old. Prior to that, Skype was working with firejail without any trouble.

gitea-mirror referenced this issue 2026-05-05 10:16:50 -06:00

[PR #2313] [MERGED] Fix gajim.profile #4264

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2313

No description provided.