github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3962] firefox: program does not work due to whitelist-runuser-common #2477

New issue
Closed
opened 2026-05-05 09:09:49 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 09:09:49 -06:00
Owner
Copy link

Originally created by @qinohe on GitHub (Feb 8, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3962

Bug and expected behavior

  • After installing the newest version of firejail on ArchLinux (0.9.64.2-1)[repo] Firefox profiles become unusable.
  • Expected was to be able to use FF without any issues.

No profile and disabling firejail

  • After using Firefox without firejail-profiile I was able to use the old Firefox profiles (~/mozilla/firefox/*)
  • I described the changes in a bugreport on Arch (see) https://bugs.archlinux.org/task/69523
  • See additional context below

Reproduce
Steps to reproduce the behavior:

  1. Install newest version of firejail on ArchLinux - firejail 0.9.64.2-1
  2. Start Firefox or Firefox-developer (both current versions)
  3. Previous Firefox-profile(~/.mozilla/firefox/*) is unusable
  4. Create new profile & use browser
  5. Reboot
  6. Repeat step 2 - 5 (over & over)

Environment

  • ArchLinux (fully up to date)
  • Linux 5.10.14-hardened1
  • Firejail 0.9.64.2
  • Apparmor 3.0.1

Additional context

After 'git bisect' the latest 2 firejail versions there was one left leaving me with this issue (see)096d0de5f8
After a search which actual commit made me have this issue (see Arch bugreport above) it all boiled down to this commit on the 'firefox-common.profile' (see)096d0de5f8 (diff-b5a95e2dc71807ecabe122bcec4b560e50780d571fa85892ea4872d7ef337d68)
Disabling this ( include whitelist-runuser-common.inc ) commit made the old Firefox profiles available again and all is back to 'normal'.
Added 'ignore include whitelist-runuser-common.inc' to both firefox.local & firefox-developer-edition.local.

I already acknowledged in the Arch bug-report I may be the only one suffering from this issue, at least no one else has made him- / herself heard in the report!

It may / may not be related to the following issue being reported here, but I'm not able to make that judgement!
https://github.com/netblue30/firejail/issues/3952

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
Originally created by @qinohe on GitHub (Feb 8, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/3962 **Bug and expected behavior** - After installing the newest version of firejail on ArchLinux (0.9.64.2-1)[repo] Firefox profiles become unusable. - Expected was to be able to use FF without any issues. **No profile and disabling firejail** - After using Firefox without firejail-profiile I was able to use the old Firefox profiles (~/mozilla/firefox/*) - I described the changes in a bugreport on Arch (see) https://bugs.archlinux.org/task/69523 - See additional context below **Reproduce** Steps to reproduce the behavior: 1. Install newest version of firejail on ArchLinux - firejail 0.9.64.2-1 2. Start Firefox or Firefox-developer (both current versions) 3. Previous Firefox-profile(~/.mozilla/firefox/*) is unusable 4. Create new profile & use browser 5. Reboot 6. Repeat step 2 - 5 (over & over) **Environment** - ArchLinux (fully up to date) - Linux 5.10.14-hardened1 - Firejail 0.9.64.2 - Apparmor 3.0.1 **Additional context** After 'git bisect' the latest 2 firejail versions there was one left leaving me with this issue (see)https://github.com/netblue30/firejail/commit/096d0de5f8bb253d0c1035796464bc5982f06f81 After a search which actual commit made me have this issue (see Arch bugreport above) it all boiled down to this commit on the 'firefox-common.profile' (see)https://github.com/netblue30/firejail/commit/096d0de5f8bb253d0c1035796464bc5982f06f81#diff-b5a95e2dc71807ecabe122bcec4b560e50780d571fa85892ea4872d7ef337d68 Disabling this ( include whitelist-runuser-common.inc ) commit made the old Firefox profiles available again and all is back to 'normal'. Added 'ignore include whitelist-runuser-common.inc' to both firefox.local & firefox-developer-edition.local. I already acknowledged in the Arch bug-report I may be the only one suffering from this issue, at least no one else has made him- / herself heard in the report! It may / may not be related to the following issue being reported here, but I'm not able to make that judgement! https://github.com/netblue30/firejail/issues/3952 **Checklist** - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [x] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers.
gitea-mirror 2026-05-05 09:09:49 -06:00
  • closed this issue
  • added the
    needinfo
         label
gitea-mirror commented 2026-05-05 09:09:51 -06:00
Author
Owner
Copy link

@rieje commented on GitHub (Feb 9, 2021):

Sorry I'm not able to provide any additional info right now but I am also using Arch Linux and Firejail 0.9.64.2-1 results in mpv not using my config settings (presumably using the default settings instead). Downgrading to Firejail 0.9.64-2 fixes this.

<!-- gh-comment-id:775627003 --> @rieje commented on GitHub (Feb 9, 2021): Sorry I'm not able to provide any additional info right now but I am also using Arch Linux and Firejail 0.9.64.2-1 results in mpv not using my config settings (presumably using the default settings instead). Downgrading to Firejail 0.9.64-2 fixes this.
gitea-mirror commented 2026-05-05 09:09:52 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 9, 2021):

@qinohe What shows ls -lR /run/user/$UID?
@rieje open a new issue for it.

<!-- gh-comment-id:775856943 --> @rusty-snake commented on GitHub (Feb 9, 2021): @qinohe What shows `ls -lR /run/user/$UID`? @rieje open a new issue for it.
gitea-mirror commented 2026-05-05 09:09:54 -06:00
Author
Owner
Copy link

@qinohe commented on GitHub (Feb 9, 2021):

@rusty-snake, Well, I decided to test everything again before I would post to your question.
The problem seems to be solved ,but, what caused it to be solved I have absolutely no idea.
Could be the kernel, I don't know.
For now we can close this issue if you agree, for I can't deliver anything of use anymore and reopen if the problem reoccurs.

edit: I do have a question, is there a place to share or ask for help for self created profiles?
Thanks

<!-- gh-comment-id:776088372 --> @qinohe commented on GitHub (Feb 9, 2021): @rusty-snake, Well, I decided to test everything again before I would post to your question. The problem seems to be solved ,but, what caused it to be solved I have absolutely no idea. Could be the kernel, I don't know. For now we can close this issue if you agree, for I can't deliver anything of use anymore and reopen if the problem reoccurs. edit: I do have a question, is there a place to share or ask for help for self created profiles? Thanks
gitea-mirror commented 2026-05-05 09:09:55 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 6, 2021):

@qinohe https://github.com/netblue30/firejail/discussions is now up. And you can always ask in the forum of you distro (IIRC there are some firejail experienced user in the Arch Linux forum).

<!-- gh-comment-id:791950961 --> @rusty-snake commented on GitHub (Mar 6, 2021): @qinohe https://github.com/netblue30/firejail/discussions is now up. And you can always ask in the forum of you distro (IIRC there are some firejail experienced user in the Arch Linux forum).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2477
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?