github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

joplin) #2432

New issue

Closed

opened 2026-05-05 09:06:27 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 09:06:27 -06:00

Owner

Originally created by @heli-aviator on GitHub (Jan 4, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3868

Hi, I have followed every tutorial I can find out there, on firejail, but none seem to do more than firejail -firefox or maybe terminator.

I'm new to Linux I'm running Manjaro XFCE and I cannot figure out how to firejajil other apps than the apps that come preinstalled on Manjaro.

I want to firejail:

keepassxc
signal app
joplin app

the only nonstandard app I gave gotten to work is
vivaldi-stable

when I try the other commands that are in firecfg.config none of them work like on Brave browser, tor-browser, keepassxc i.e

could anyone point me in the right direction where I can find the information to make a firejail profile and how to install it? or if you know could you make a tutorial/writeup on how to do it, so us newbies can learn.

I would very much appreciate it!

Originally created by @heli-aviator on GitHub (Jan 4, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/3868 Hi, I have followed every tutorial I can find out there, on firejail, but none seem to do more than firejail -firefox or maybe terminator. I'm new to Linux I'm running Manjaro XFCE and I cannot figure out how to firejajil other apps than the apps that come preinstalled on Manjaro. I want to firejail: - keepassxc - signal app - joplin app the only nonstandard app I gave gotten to work is vivaldi-stable when I try the other commands that are in firecfg.config none of them work like on Brave browser, tor-browser, keepassxc i.e could anyone point me in the right direction where I can find the information to make a firejail profile and how to install it? or if you know could you make a tutorial/writeup on how to do it, so us newbies can learn. I would very much appreciate it!

gitea-mirror

2026-05-05 09:06:27 -06:00

closed this issue
added the
stale

needinfo
labels

gitea-mirror commented

2026-05-05 09:06:30 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 5, 2021):

I want to firejail:

keepassxc

signal app

joplin app

KeePassXC and signal-dekstop have a profile. For joplin is already a request in #1139 (as you saw I guess).

when I try the other commands that are in firecfg.config none of them work like on Brave browser, keepassxc

What did you try? firejail /usr/bin/keepassxc? What failed?

information to make a firejail profile

https://github.com/netblue30/firejail/wiki/Creating-overrides
https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template
man 5 firejail-profile
https://github.com/netblue30/firejail/wiki/Creating-Profiles
https://github.com/netblue30/firejail/wiki/Sandboxing-Binary-Software
https://firejail.wordpress.com/documentation-2/building-custom-profiles/
https://wiki.archlinux.org/index.php/firejail#Creating_custom_profiles (you should prefer our profile.template from above over default.profile for writing profiles)

and how to install it

Just places a file named PROGRAM-NAME.profile (e.g. firefox.profile) in ~/.config/firejail.

tor-browser

Tor browser is special, see here or here.

@rusty-snake commented on GitHub (Jan 5, 2021): > I want to firejail: > - keepassxc > - signal app > - joplin app KeePassXC and signal-dekstop have a profile. For joplin is already a request in #1139 (as you saw I guess). > when I try the other commands that are in firecfg.config none of them work like on Brave browser, keepassxc What did you try? `firejail /usr/bin/keepassxc`? What failed? > information to make a firejail profile https://github.com/netblue30/firejail/wiki/Creating-overrides https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template `man 5 firejail-profile` https://github.com/netblue30/firejail/wiki/Creating-Profiles https://github.com/netblue30/firejail/wiki/Sandboxing-Binary-Software https://firejail.wordpress.com/documentation-2/building-custom-profiles/ https://wiki.archlinux.org/index.php/firejail#Creating_custom_profiles (you should prefer our profile.template from above over default.profile for writing profiles) > and how to install it Just places a file named `PROGRAM-NAME.profile` (e.g. `firefox.profile`) in `~/.config/firejail`. > tor-browser Tor browser is special, see [here](https://github.com/netblue30/firejail/wiki/Sandboxing-Binary-Software#tor-browser-home-install) or [here](https://github.com/rusty-snake/firejailed-tor-browser).

gitea-mirror commented

2026-05-05 09:06:31 -06:00

Author

Owner

@heli-aviator commented on GitHub (Jan 5, 2021):

Thank you for your quick response.

I know there should be a default profile for keepassxc and signal-desktop but the commands to start them do not work. This is the error message I get every time I try Signal and Keepassxc + plus most other apps that I have installed.
I had not tried the (firejail /usr/bin/keepassxc) command but it results in the same messages as below.
commands I've tried:
firejail keepassxc
firejail keepassxc-cli
firejial libreoffice
firejail masterpdfeditor4
firejail signal-cli
firejail signal-desktop

[firejail signal-desktop
Reading profile /etc/firejail/signal-desktop.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 5315, child pid 5316
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping pki for private /etc
Private /etc installed in 27.17 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Child process initialized in 149.22 ms
Error getpwuid: main.c:237 init_cfg: Success

Parent is shutting down, bye...]

I will continue to play around with it, but if you have seen this before and know how to get it to work I would love the help! again I'm a newbie on linux, I appologize if it's me doing something wrong.

@heli-aviator commented on GitHub (Jan 5, 2021): Thank you for your quick response. I know there should be a default profile for keepassxc and signal-desktop but the commands to start them do not work. This is the error message I get every time I try Signal and Keepassxc + plus most other apps that I have installed. I had not tried the (firejail /usr/bin/keepassxc) command but it results in the same messages as below. commands I've tried: firejail keepassxc firejail keepassxc-cli firejial libreoffice firejail masterpdfeditor4 firejail signal-cli firejail signal-desktop [firejail signal-desktop Reading profile /etc/firejail/signal-desktop.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 5315, child pid 5316 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping pki for private /etc Private /etc installed in 27.17 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/gvfs Child process initialized in 149.22 ms Error getpwuid: main.c:237 init_cfg: Success Parent is shutting down, bye...] I will continue to play around with it, but if you have seen this before and know how to get it to work I would love the help! again I'm a newbie on linux, I appologize if it's me doing something wrong.

gitea-mirror commented

2026-05-05 09:06:33 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 5, 2021):

Error getpwuid: main.c:237 init_cfg: Success

Reminds me to issues where firejail can not read /etc/passwd (e.g. firejail --noprofile --private-etc=something-without-passwd firejail --noprofile true) but then you get No such file or directory. Here it is Error …: Success which sounds crazy. Just to try: does it work after sudo firecfg --clean (assuming you had run sudo firecfg). Does firejail --noprofile /usr/bin/keepassxc work?

default profile for keepassxc

Tip: Use keepassxc.profile if you talk about the "default keepassxc profile" and default.profile if you talk about default.profile. We had already confusion on sentences like "… if I start gimp with the default profile it …".

again I'm a newbie on linux, I appologize if it's me doing something wrong.

Everyone was new to linux at some point (well ok ~~Linux~~ Linus [oops 🤣 🤣] Torvalds not 😆 ) and this looks like a configuration problem.

@rusty-snake commented on GitHub (Jan 5, 2021): > Error getpwuid: main.c:237 init_cfg: Success Reminds me to issues where firejail can not read `/etc/passwd` (e.g. `firejail --noprofile --private-etc=something-without-passwd firejail --noprofile true`) but then you get `No such file or directory`. Here it is `Error …: Success` which sounds crazy. Just to try: does it work after `sudo firecfg --clean` (assuming you had run `sudo firecfg`). Does `firejail --noprofile /usr/bin/keepassxc` work? > default profile for keepassxc Tip: Use keepassxc.profile if you talk about the "default keepassxc profile" and default.profile if you talk about default.profile. We had already confusion on sentences like "… if I start gimp with the default profile it …". > again I'm a newbie on linux, I appologize if it's me doing something wrong. Everyone was new to linux at some point (well ok ~Linux~ Linus [oops :rofl: :rofl:] Torvalds not :laughing: ) and this looks like a configuration problem.

gitea-mirror commented

2026-05-05 09:06:34 -06:00

Author

Owner

@sak96 commented on GitHub (Jan 13, 2021):

sample profile for joplin.

include whitelist-common.inc
include electron.profile

# https://github.com/netblue30/firejail/issues/3795
seccomp !chroot

# save all stuff in ~/.joplin
mkdir ${HOME}/.joplin
private ${HOME}/.joplin

also make sure you go through firecfg.
use man firecfg for more info.

@sak96 commented on GitHub (Jan 13, 2021): sample profile for joplin. ``` include whitelist-common.inc include electron.profile # https://github.com/netblue30/firejail/issues/3795 seccomp !chroot # save all stuff in ~/.joplin mkdir ${HOME}/.joplin private ${HOME}/.joplin ``` also make sure you go through `firecfg`. use `man firecfg` for more info.

gitea-mirror commented

2026-05-05 09:06:35 -06:00

Author

Owner

@rusty-snake commented on GitHub (Mar 8, 2021):

I'm closing here due to inactivity, please fell free to request to reopen if you have more questions.

@rusty-snake commented on GitHub (Mar 8, 2021): I'm closing here due to inactivity, please fell free to request to reopen if you have more questions.

gitea-mirror commented

2026-05-05 09:06:36 -06:00

Author

Owner

@heli-aviator commented on GitHub (Mar 8, 2021):

Thank you for all your help! I got most of it working except for Joplin.
But I have not really had time to play around with it that much.
Again thank you!

On Mon, Mar 8, 2021, 13:10 rusty-snake notifications@github.com wrote:

I'm closing here due to inactivity, please fell free to request to reopen
if you have more questions.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/netblue30/firejail/issues/3868#issuecomment-793001592,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AP4YQEFN7VMD5RDQZXCHGXDTCUOK7ANCNFSM4VTZVZCA
.

@heli-aviator commented on GitHub (Mar 8, 2021): Thank you for all your help! I got most of it working except for Joplin. But I have not really had time to play around with it that much. Again thank you! On Mon, Mar 8, 2021, 13:10 rusty-snake <notifications@github.com> wrote: > I'm closing here due to inactivity, please fell free to request to reopen > if you have more questions. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/netblue30/firejail/issues/3868#issuecomment-793001592>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AP4YQEFN7VMD5RDQZXCHGXDTCUOK7ANCNFSM4VTZVZCA> > . >

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2432

No description provided.

Rows
Columns