mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #3759] thunderbird: cannot open links in Firefox: "Your Firefox profile cannot be loaded" #2373
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#2373
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @rsramkis on GitHub (Nov 18, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3759
Bug
When opening a web link in an e-mail in Thunderbird, Firefox attempts to launch but then reports the error "Your Firefox profile cannot be loaded. It may be missing or inaccessible."
Steps:
Expected Behavior
The previous behavior with firejail enabled (sudo firecfg) a web link in a Thunderbird e-mail would open a new instances of Firefox with a new user profile (none of my bookmarks showing'.
Environment
Kernel: 5.4.74-1-MANJARO x86_64 Up: 1h 07m Mem: 1696.7/11862.6 MiB (14.3%)
Storage: 465.76 GiB (11.4% used) Procs: 197 Shell: Zsh inxi: 3.1.08
Firefox 82.0.3
Thunderbird 68.12.0
Bugs I am trying to find a solution in:
https://github.com/netblue30/firejail/issues/3579
https://github.com/netblue30/firejail/issues/2336
https://github.com/netblue30/firejail/issues/3471#issuecomment-646582480
@rusty-snake commented on GitHub (Nov 18, 2020):
Firefox must be already running for all of these to work. If firefox is open, it should work out-of-the-box with firejail 0.9.64 and thunderbird.
@rsramkis commented on GitHub (Nov 18, 2020):
Previously Firefox did not already need to be open. It would spawn its own instance on demand. This was ideal not only for web links in an e-mail but also clicking on links in ebooks.
I already verified that if I open Firefox before hand, then click on link in e-mail in Thunderbird that the link opens correctly.
Do we have documentation which mentions this is the expected behavior? Thanks.
@rusty-snake commented on GitHub (Nov 19, 2020):
The issue is that firefox then runs inside the other sandbox (e.g. thunderbirds). That something we simply don't support. Since thunderbird and firefox have very similar profiles, it's maybe enough to add
whitelist ${HOME}/.mozilla. However some thing will still break in firefox (e.g. web-cam, local documentation, ...) and it's less secure as firefox has full D-Bus access and can read and write in ~/.gnupg.@rsramkis commented on GitHub (Nov 19, 2020):
Thanks for providing your feedback.
Based on your observations, if my default web browser in Gnome was not Firefox but Vivaldi (which does not have a firefox\thunderbird profile), then should my expectation then be that Vivaldi will automatically launch when I click on a link in Thunderbird?
@rusty-snake commented on GitHub (Nov 19, 2020):
If your default browser is vivaldi/chromium/opera/... this would not work unless you drastically weaken your thunderbird.profile. IDK if/how it works with a running vivaldi/… since I (and the most other firejai users) use firefox.
@rsramkis commented on GitHub (Nov 19, 2020):
Thanks for the information. It does not bother me to manually launch a web browser.
But from a usability stand point I would have bugged this. The competition (Mac OS) does not behave this way and it has some sophisticated Apparmor setup on its own for security. An end user seeing a "no profile" error is misleading. Espcially since it never behaved this way a couple months ago.
Closing this issue.
@rsramkis commented on GitHub (Nov 19, 2020):
Just noticed something. I ran the following command from terminal to change my default web browser in Gnome to vivaldi:
"xdg-settings set default-web-browser vivaldi-stable.desktop"
Then I rebooted, launched Thunderbird, and clicked on an e-mail which had a web link. Vivaldi launched with no errors in sandbox mode (because it did not show any of my bookmarks). This is exactly how Firefox used to behave.
@rusty-snake commented on GitHub (Nov 19, 2020):
Uhh, somehow over read this.
nowhitelist ${HOME}/.mozilla/firefox/profiles.inishould work I think. However, keep in mind that this can still make trouble.@rsramkis commented on GitHub (Nov 20, 2020):
Hi Rusty,
I'm not sure what I should do with the string "nowhitelist ${HOME}/.mozilla/firefox/profiles.ini". I assume it needs to go into a configuration file?
Note I did read bug:
https://github.com/netblue30/firejail/issues/3482
@rsramkis commented on GitHub (Nov 20, 2020):
I was able to find the a file /etc/firejail/thunderbird.profile. It contained these lines:
`# These lines are needed to allow Firefox to load your profile when clicking a link in an email
noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla/firefox/profiles.ini
read-only ${HOME}/.mozilla/firefox/profiles.ini
noblacklist ${HOME}/.cache/thunderbird
noblacklist ${HOME}/.gnupg
`
It looks like it is already setup to allow for web links to be open based on the comment line.
Source:
https://github.com/netblue30/firejail/issues/3291
@rusty-snake commented on GitHub (Nov 20, 2020):
Short: add the
nowhitelistto your thunderbird.localLong: out of #3291 support to open firefox from thunderbird was added by default. But firefox must be running. Your old never supported behaviour was broken by this because ~/.mozilla now appear in the sandbox.
@rsramkis commented on GitHub (Nov 25, 2020):
Thanks for your feed back. I will go with the recommended configuration.