github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3978] android-studio: cannot create the directory #2489

New issue

Closed

opened 2026-05-05 09:10:21 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:10:21 -06:00

Owner

Originally created by @gedec-coin-one on GitHub (Feb 12, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3978

run android studio w/ firejail, got:

The IDE cannot create the directory.
Possible reason: parent directory is read-only or the user lacks necessary permissions.

If you have modified the 'idea.config.path' property, please make sure it is correct,
otherwise, please re-install the IDE.

-----
Location: /home/user/.config/Google/AndroidStudio4.1
java.nio.file.AccessDeniedException: /home/user/.config/Google/AndroidStudio4.1

run android studio directly or w/ firejail --noprofile, it's works.

reproduced everytime.

distro: gentoo x64
firejail version: 0.9.64.4
as version: 4.1.2.0.201.7042882
use flags:

 * Found these USE flags for sys-apps/firejail-0.9.64.4:
 U I
 + + X                              : Enable X11 sandboxing 
 + + apparmor                       : Enable support for custom AppArmor profiles 
 + + chroot                         : Enable chrooting to custom directory 
 - - contrib                        : Install contrib scripts 
 + + dbusproxy                      : Enable DBus proxying to filter access in supporting profiles 
 + + file-transfer                  : Enable file transfers between sandboxes and the host system 
 + + globalcfg                      : Enable global config file 
 + + network                        : Enable networking features 
 + + private-home                   : Enable private home feature 
 - - python_single_target_python3_7 : Build for Python 3.7 only
 + + python_single_target_python3_8 : Build for Python 3.8 only
 - - python_single_target_python3_9 : Build for Python 3.9 only
 + + suid                           : Enable setuid root program, with potential security risks
 - - test                           : Enable dependencies and/or preparations necessary to run tests (usually controlled by
                                      FEATURES=test but can be toggled independently)
 + + userns                         : Enable attaching a new user namespace to a sandbox (--noroot option) 
 + + whitelist                      : Enable whitelist

Checklist

The profile (and redirect profile if exists) hasn't already been fixed upstream.
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
I have performed a short search for similar issues (to avoid opening a duplicate).
Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

Originally created by @gedec-coin-one on GitHub (Feb 12, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/3978 run android studio w/ firejail, got: ``` The IDE cannot create the directory. Possible reason: parent directory is read-only or the user lacks necessary permissions. If you have modified the 'idea.config.path' property, please make sure it is correct, otherwise, please re-install the IDE. ----- Location: /home/user/.config/Google/AndroidStudio4.1 java.nio.file.AccessDeniedException: /home/user/.config/Google/AndroidStudio4.1 ``` run android studio **directly** or w/ `firejail --noprofile`, it's works. reproduced everytime. distro: gentoo x64 firejail version: 0.9.64.4 as version: 4.1.2.0.201.7042882 use flags: ``` * Found these USE flags for sys-apps/firejail-0.9.64.4: U I + + X : Enable X11 sandboxing + + apparmor : Enable support for custom AppArmor profiles + + chroot : Enable chrooting to custom directory - - contrib : Install contrib scripts + + dbusproxy : Enable DBus proxying to filter access in supporting profiles + + file-transfer : Enable file transfers between sandboxes and the host system + + globalcfg : Enable global config file + + network : Enable networking features + + private-home : Enable private home feature - - python_single_target_python3_7 : Build for Python 3.7 only + + python_single_target_python3_8 : Build for Python 3.8 only - - python_single_target_python3_9 : Build for Python 3.9 only + + suid : Enable setuid root program, with potential security risks - - test : Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently) + + userns : Enable attaching a new user namespace to a sandbox (--noroot option) + + whitelist : Enable whitelist ``` **Checklist** - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers.

gitea-mirror closed this issue

2026-05-05 09:10:22 -06:00

gitea-mirror commented

2026-05-05 09:10:24 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 12, 2021):

It is blacklisted in disable-programs.inc, so android-studio.profile needs noblacklist ${HOME}/.config/Google.

7d0b11a084/etc/inc/disable-programs.inc (L100)

google-earth.profile has a noblacklist ${HOME}/.config/Google too, so we should consider to add additional blacklists for ~/.config/Google/*.

@rusty-snake commented on GitHub (Feb 12, 2021): It is `blacklist`ed in disable-programs.inc, so android-studio.profile needs `noblacklist ${HOME}/.config/Google`. https://github.com/netblue30/firejail/blob/7d0b11a084c57aaf3afda8c43eb66654b46bb1e6/etc/inc/disable-programs.inc#L100 google-earth.profile has a `noblacklist ${HOME}/.config/Google` too, so we should consider to add additional blacklists for `~/.config/Google/*`.

gitea-mirror commented

2026-05-05 09:10:25 -06:00

Author

Owner

@ghost commented on GitHub (Apr 6, 2021):

google-earth.profile has a noblacklist ${HOME}/.config/Google too, so we should consider to add additional blacklists for ~/.config/Google/*.

@rusty-snake I didn't have ~/.config/Google on my system before I installed Google Earth Pro to test it in the context of #3906 (and I have removed it again after seeing how much trouble it brings). Pretty much clueless as to what other apps might this dir I'm afraid.

@ghost commented on GitHub (Apr 6, 2021): > google-earth.profile has a noblacklist ${HOME}/.config/Google too, so we should consider to add additional blacklists for ~/.config/Google/*. @rusty-snake I didn't have ~/.config/Google on my system before I installed Google Earth Pro to test it in the context of #3906 (and I have removed it again after seeing how much trouble it brings). Pretty much clueless as to what other apps might this dir I'm afraid.

gitea-mirror commented

2026-05-05 09:10:26 -06:00

Author

Owner

@i7voodoo commented on GitHub (May 8, 2021):

cd /Applications/Android\ Studio.app/Contents/MacOS
sudo ./studio

@i7voodoo commented on GitHub (May 8, 2021): cd /Applications/Android\ Studio.app/Contents/MacOS sudo ./studio

gitea-mirror commented

2026-05-05 09:10:27 -06:00

Author

Owner

@ghost commented on GitHub (May 8, 2021):

cd /Applications/Android\ Studio.app/Contents/MacOS
sudo ./studio

The only clue in your message is the unhappy face, which is a bit on the minimalist side :-) So a few questions are in order to try to ascertain what you're doing/expecting:

what OS are you using and what firejail version?
why are you running with sudo?
please post the output of running that command, without that we're in the dark;
Firejail has android-studio.profile and studio.sh.profile - this implies that Firejail will look for either android-studio or studio.sh as start commands for Android Studio - studio will not magically work - so we'd like to know if that ./studio is a shell script (post that as well if so).

On a side note, usually you don't start an app in a firejail sandbox by navigating to its location on disk and then entering its start command. Firejail won't be involved in any way when you run something like that (regardless of sudo or not). We can help, but we really need to get some more detailed info on your setup.

@ghost commented on GitHub (May 8, 2021): > cd /Applications/Android\ Studio.app/Contents/MacOS sudo ./studio The only clue in your message is the unhappy face, which is a bit on the minimalist side :-) So a few questions are in order to try to ascertain what you're doing/expecting: - what OS are you using and what firejail version? - why are you running with sudo? - please post the output of running that command, without that we're in the dark; - Firejail has `android-studio.profile` and `studio.sh.profile` - this implies that Firejail will look for either `android-studio` or `studio.sh` as start commands for Android Studio - `studio` will not magically work - so we'd like to know if that ./studio is a shell script (post that as well if so). On a side note, usually you don't start an app in a firejail sandbox by navigating to its location on disk and then entering its start command. Firejail won't be involved in any way when you run something like that (regardless of sudo or not). We can help, but we really need to get some more detailed info on your setup.

gitea-mirror referenced this issue

2026-05-05 10:18:31 -06:00

[PR #2489] [MERGED] Add new profile for gnome-keyring #4354

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2489

No description provided.

Rows
Columns