github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3905] nginx cant start in firejail version 0.9.63 #2446

New issue
Closed
opened 2026-05-05 09:07:56 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 09:07:56 -06:00
Owner
Copy link

Originally created by @osevan on GitHub (Jan 21, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3905

firejail --version
firejail version 0.9.63

Compile time support:
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Autoselecting /bin/bash as shell
Building quoted command line: '/etc/init.d/nginx' 'start' 
Command name #nginx#
DISPLAY=:0.0 parsed as 0
Parent pid 6101, child pid 6102
DISPLAY=:0.0 parsed as 0
Found nginx.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/nginx.profile
Enabling IPC namespace
Using the local network stack
insgesamt 8
-rw-r--r-- 1 root root 1072 Jan 21 17:08 seccomp
-rw-r--r-- 1 root root  808 Jan 21 17:08 seccomp.32
-rw-r--r-- 1 root root    0 Jan 21 17:08 seccomp.postexec
-rw-r--r-- 1 root root    0 Jan 21 17:08 seccomp.postexec32
Enabling IPC namespace
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
392 370 253:0 /etc /etc ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=392 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
395 393 0:32 / /var/spool rw,noatime - tmpfs none rw,inode64
mountid=395 fsname=/ dir=/var/spool fstype=tmpfs
Mounting read-only /var/tmp
396 394 0:31 / /var/tmp ro,noatime - tmpfs none rw,inode64
mountid=396 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting read-only /var/spool
397 395 0:32 / /var/spool ro,noatime - tmpfs none rw,inode64
mountid=397 fsname=/ dir=/var/spool fstype=tmpfs
Mounting read-only /usr
398 370 253:0 /usr /usr ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=398 fsname=/usr dir=/usr fstype=ext4
Mounting read-only /bin
399 370 253:0 /bin /bin ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=399 fsname=/bin dir=/bin fstype=ext4
Mounting read-only /sbin
400 370 253:0 /sbin /sbin ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=400 fsname=/sbin dir=/sbin fstype=ext4
Mounting read-only /lib
401 370 253:0 /lib /lib ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=401 fsname=/lib dir=/lib fstype=ext4
Mounting read-only /lib64
402 370 253:0 /lib64 /lib64 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=402 fsname=/lib64 dir=/lib64 fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /boot
Disable /dev/port
Disable /tmp/.X11-unix
Mounting read-write /usr/local/nginx
431 398 253:0 /usr/local/nginx /usr/local/nginx rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=431 fsname=/usr/local/nginx dir=/usr/local/nginx fstype=ext4
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /root/.config/pulse
blacklist /dev/snd
blacklist /dev/dri
blacklist /dev/sr0
blacklist /dev/video0
blacklist /dev/video1
Current directory: /home/ra
Mounting read-only /run/firejail/mnt/seccomp
440 389 0:66 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=440 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Set caps filter 4c1
Drop privileges: pid 1, uid 0, gid 0, nogroups 0
No supplementary groups
]0;firejail /etc/init.d/nginx start starting application
LD_PRELOAD=(null)
Running '/etc/init.d/nginx' 'start'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: '/etc/init.d/nginx' 'start' 
Starting nginx: The new log directory is /proc/5691/root/var/log

sudo firejail --debug /etc/init.d/nginx start >> flog
 
cat: /run/firejail/mnt/seccomp/seccomp.list: data or file not found
Child process initialized in 26.79 ms
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2021/01/21 17:09:51 [emerg] 8#0: open() "/usr/local/nginx/logs/access.log" failed (13: Permission denied)

unamem -a
Linux 5.10.3-rt20 #1 SMP PREEMPT_RT

without firejail

sudo /etc/init.d/nginx start
Starting nginx: nginx

starting very well

i have chowned with chown -R nginx:nginx /var/log/nginx and /usr/local/nginx on host (outside sandbox)

my profile nginx.profile located in /usr/local/etc/firejail/nginx.conf is

###############################################################################
# Firejail profile for server
# This file is overwritten after every install/update
# Persistent local customizations
#include /etc/firejail/server.local
# Persistent global definitions
#include /etc/firejail/globals.local

# generic server profile
# it allows /sbin and /usr/sbin directories - this is where servers are installed
# depending on your usage, you can enable some of the commands below:

blacklist /tmp/.X11-unix

noblacklist /sbin
noblacklist /usr/sbin
noblacklist /etc/init.d/nginx
read-write /var/log/nginx/access.log
read-write /var/log/nginx/error.log
read-write /run/nginx.pid
read-write /var/run/php5-fpm.sock
read-write /run/php5-fpm.pid
read-write /var/log/php5-fpm.log

noblacklist /var/log
# noblacklist /var/opt

include /etc/firejail/disable-common.inc
# include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

caps
no3d
nodvd
nosound
notv
novideo
seccomp

# disable-mnt
private
# private-bin program
private-dev
# private-etc none
# private-lib
private-tmp

###################################################################

my etc/init.de/nginx script:

####################################################################
#! /bin/sh
 
### BEGIN INIT INFO
# Provides:          nginx
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:       starts nginx using start-stop-daemon
### END INIT INFO
 
PATH=/opt/bin:/opt/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/nginx/sbin/nginx
NAME=nginx
DESC=nginx
#even with nginx RUNAS or comment out RUNAS not working with firejail
RUNAS=root 
#DAEMON_OPTS=
 
test -x $DAEMON || exit 0
 
# Include nginx defaults if available
if [ -f /etc/default/nginx ] ; then
        . /etc/default/nginx
fi
 
set -e
 
case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet --pidfile /var/run/nginx.pid --exec $DAEMON
        echo "$NAME."
        ;;
  restart|force-reload)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --quiet --pidfile /var/run/nginx.pid --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  reload)
      echo -n "Reloading $DESC configuration: "
      start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/nginx.pid --exec $DAEMON
      echo "$NAME."
      ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac
 
exit 0

####################################################################

EDIT by @rusty-snake: added code-blocks

Originally created by @osevan on GitHub (Jan 21, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/3905 ``` firejail --version firejail version 0.9.63 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` ``` Autoselecting /bin/bash as shell Building quoted command line: '/etc/init.d/nginx' 'start' Command name #nginx# DISPLAY=:0.0 parsed as 0 Parent pid 6101, child pid 6102 DISPLAY=:0.0 parsed as 0 Found nginx.profile profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/nginx.profile Enabling IPC namespace Using the local network stack insgesamt 8 -rw-r--r-- 1 root root 1072 Jan 21 17:08 seccomp -rw-r--r-- 1 root root 808 Jan 21 17:08 seccomp.32 -rw-r--r-- 1 root root 0 Jan 21 17:08 seccomp.postexec -rw-r--r-- 1 root root 0 Jan 21 17:08 seccomp.postexec32 Enabling IPC namespace Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 392 370 253:0 /etc /etc ro,noatime - ext4 /dev/mapper/rootfs rw mountid=392 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 395 393 0:32 / /var/spool rw,noatime - tmpfs none rw,inode64 mountid=395 fsname=/ dir=/var/spool fstype=tmpfs Mounting read-only /var/tmp 396 394 0:31 / /var/tmp ro,noatime - tmpfs none rw,inode64 mountid=396 fsname=/ dir=/var/tmp fstype=tmpfs Mounting read-only /var/spool 397 395 0:32 / /var/spool ro,noatime - tmpfs none rw,inode64 mountid=397 fsname=/ dir=/var/spool fstype=tmpfs Mounting read-only /usr 398 370 253:0 /usr /usr ro,noatime - ext4 /dev/mapper/rootfs rw mountid=398 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 399 370 253:0 /bin /bin ro,noatime - ext4 /dev/mapper/rootfs rw mountid=399 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 400 370 253:0 /sbin /sbin ro,noatime - ext4 /dev/mapper/rootfs rw mountid=400 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 401 370 253:0 /lib /lib ro,noatime - ext4 /dev/mapper/rootfs rw mountid=401 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 402 370 253:0 /lib64 /lib64 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=402 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /boot Disable /dev/port Disable /tmp/.X11-unix Mounting read-write /usr/local/nginx 431 398 253:0 /usr/local/nginx /usr/local/nginx rw,noatime - ext4 /dev/mapper/rootfs rw mountid=431 fsname=/usr/local/nginx dir=/usr/local/nginx fstype=ext4 Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /root/.config/pulse blacklist /dev/snd blacklist /dev/dri blacklist /dev/sr0 blacklist /dev/video0 blacklist /dev/video1 Current directory: /home/ra Mounting read-only /run/firejail/mnt/seccomp 440 389 0:66 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=440 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Set caps filter 4c1 Drop privileges: pid 1, uid 0, gid 0, nogroups 0 No supplementary groups ]0;firejail /etc/init.d/nginx start starting application LD_PRELOAD=(null) Running '/etc/init.d/nginx' 'start' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: '/etc/init.d/nginx' 'start' Starting nginx: The new log directory is /proc/5691/root/var/log ``` ``` sudo firejail --debug /etc/init.d/nginx start >> flog cat: /run/firejail/mnt/seccomp/seccomp.list: data or file not found Child process initialized in 26.79 ms nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied) 2021/01/21 17:09:51 [emerg] 8#0: open() "/usr/local/nginx/logs/access.log" failed (13: Permission denied) ``` ``` unamem -a Linux 5.10.3-rt20 #1 SMP PREEMPT_RT ``` without firejail ``` sudo /etc/init.d/nginx start Starting nginx: nginx ``` starting very well i have chowned with chown -R nginx:nginx /var/log/nginx and /usr/local/nginx on host (outside sandbox) my profile nginx.profile located in /usr/local/etc/firejail/nginx.conf is ``` ############################################################################### # Firejail profile for server # This file is overwritten after every install/update # Persistent local customizations #include /etc/firejail/server.local # Persistent global definitions #include /etc/firejail/globals.local # generic server profile # it allows /sbin and /usr/sbin directories - this is where servers are installed # depending on your usage, you can enable some of the commands below: blacklist /tmp/.X11-unix noblacklist /sbin noblacklist /usr/sbin noblacklist /etc/init.d/nginx read-write /var/log/nginx/access.log read-write /var/log/nginx/error.log read-write /run/nginx.pid read-write /var/run/php5-fpm.sock read-write /run/php5-fpm.pid read-write /var/log/php5-fpm.log noblacklist /var/log # noblacklist /var/opt include /etc/firejail/disable-common.inc # include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps no3d nodvd nosound notv novideo seccomp # disable-mnt private # private-bin program private-dev # private-etc none # private-lib private-tmp ################################################################### ``` my etc/init.de/nginx script: ``` #################################################################### #! /bin/sh ### BEGIN INIT INFO # Provides: nginx # Required-Start: $all # Required-Stop: $all # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: starts the nginx web server # Description: starts nginx using start-stop-daemon ### END INIT INFO PATH=/opt/bin:/opt/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/local/nginx/sbin/nginx NAME=nginx DESC=nginx #even with nginx RUNAS or comment out RUNAS not working with firejail RUNAS=root #DAEMON_OPTS= test -x $DAEMON || exit 0 # Include nginx defaults if available if [ -f /etc/default/nginx ] ; then . /etc/default/nginx fi set -e case "$1" in start) echo -n "Starting $DESC: " start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " start-stop-daemon --stop --quiet --pidfile /var/run/nginx.pid --exec $DAEMON echo "$NAME." ;; restart|force-reload) echo -n "Restarting $DESC: " start-stop-daemon --stop --quiet --pidfile /var/run/nginx.pid --exec $DAEMON sleep 1 start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; reload) echo -n "Reloading $DESC configuration: " start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/nginx.pid --exec $DAEMON echo "$NAME." ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0 #################################################################### ``` ----- EDIT by @rusty-snake: added code-blocks
gitea-mirror commented 2026-05-05 09:07:59 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 21, 2021):

What distro do you use? From which commit did you compiled firejail. (OT: you should update it)

Does it work with

  • firejail --noprofile …?
  • firejail --writeable-var …?
  • firejail --writeable-var-log …?

Does it work if you undo the chown?

Is there are LSM like AppArmor or SELinux sandboxing nginx too?

Is anything relevant in the syslog?

<!-- gh-comment-id:764897747 --> @rusty-snake commented on GitHub (Jan 21, 2021): What distro do you use? From which commit did you compiled firejail. (OT: you should update it) Does it work with - `firejail --noprofile …`? - `firejail --writeable-var …`? - `firejail --writeable-var-log …`? Does it work if you undo the chown? Is there are LSM like AppArmor or SELinux sandboxing nginx too? Is anything relevant in the syslog?
gitea-mirror commented 2026-05-05 09:08:00 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jan 22, 2021):

I fixed with two steps but an update was not needed.

I have updated to latest master,but error Logs comes too.

I needed for both log files chmod 776 logs* else not working.

Thanks for help

<!-- gh-comment-id:765270995 --> @osevan commented on GitHub (Jan 22, 2021): I fixed with two steps but an update was not needed. I have updated to latest master,but error Logs comes too. I needed for both log files chmod 776 logs* else not working. Thanks for help
gitea-mirror commented 2026-05-05 09:08:01 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jan 22, 2021):

btw now i cant join with --join=pidid

error spit out:

permission is denied to join a sandbox.

<!-- gh-comment-id:765272922 --> @osevan commented on GitHub (Jan 22, 2021): btw now i cant join with --join=pidid error spit out: permission is denied to join a sandbox.
gitea-mirror commented 2026-05-05 09:08:03 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jan 22, 2021):

moment after sudo firejal --join=pid is.working

<!-- gh-comment-id:765274080 --> @osevan commented on GitHub (Jan 22, 2021): moment after sudo firejal --join=pid is.working
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2446
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?