[GH-ISSUE #4012] join-or-start doesn't work with okular #2500

New issue

Closed

opened 2026-05-05 09:11:10 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 09:11:10 -06:00

Owner

Copy link

Originally created by @Liorst4 on GitHub (Feb 26, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4012

When I open a second instance of okular with firejail I get Error: cannot read /proc file

Might be related to https://github.com/netblue30/firejail/issues/3612 ?

Workaround:
Remove the join-or-start line in okular's profie.

Environment

• Arch Linux
• Kernel: 5.10.17-hardened1-1-hardened
• Firejail version

firejail version 0.9.64.4

Compile time support:
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

debug output

Command name #okular#
Found okular.profile profile in /etc/firejail directory
Reading profile /etc/firejail/okular.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-common.local profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.local
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-usr-share-common.local profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.local
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: Warning: NVIDIA card detected, nogroups command disabled
Switching to pid 34025, the first child process inside the sandbox
User namespace detected: /proc/34025/uid_map, $MY_UID, $MY_UID
Error: cannot read /proc file

Originally created by @Liorst4 on GitHub (Feb 26, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4012 When I open a second instance of okular with firejail I get `Error: cannot read /proc file` Might be related to https://github.com/netblue30/firejail/issues/3612 ? Workaround: Remove the `join-or-start` line in okular's profie. **Environment** - Arch Linux - Kernel: 5.10.17-hardened1-1-hardened - Firejail version ``` firejail version 0.9.64.4 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` <details><summary> debug output </summary> ``` Command name #okular# Found okular.profile profile in /etc/firejail directory Reading profile /etc/firejail/okular.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-common.local profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.local Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found whitelist-usr-share-common.local profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.local Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: Warning: NVIDIA card detected, nogroups command disabled Switching to pid 34025, the first child process inside the sandbox User namespace detected: /proc/34025/uid_map, $MY_UID, $MY_UID Error: cannot read /proc file ``` </details>

gitea-mirror closed this issue 2026-05-05 09:11:11 -06:00

gitea-mirror commented 2026-05-05 09:11:13 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 26, 2021):

Duplicate of #3948

<!-- gh-comment-id:786613283 --> @rusty-snake commented on GitHub (Feb 26, 2021): Duplicate of #3948

gitea-mirror commented 2026-05-05 09:11:14 -06:00

Author

Owner

Copy link

@Liorst4 commented on GitHub (Feb 26, 2021):

Missed that is was a duplicate.
My bad

<!-- gh-comment-id:786614473 --> @Liorst4 commented on GitHub (Feb 26, 2021): Missed that is was a duplicate. My bad

gitea-mirror commented 2026-05-05 09:11:16 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 26, 2021):

I did a short try what you can find if you search for the command (join-or-start) and the error message (cannot read /proc file). GitHub does not find #3948.

https://github.com/netblue30/firejail/issues?q=join-or-start+cannot+read+%2Fproc+file

However, DDG does. (With "site:github.com AND inurl:netblue30/firejail/issues" for the SE nerds 🤓 out there).

https://duckduckgo.com/?q=site%3Agithub.com+AND+inurl%3Anetblue30%2Ffirejail%2Fissues+join-or-start+cannot+read+%2Fproc+file+&ia=web

<!-- gh-comment-id:786623910 --> @rusty-snake commented on GitHub (Feb 26, 2021): I did a short try what you can find if you search for the command (join-or-start) and the error message (cannot read /proc file). GitHub does not find #3948. https://github.com/netblue30/firejail/issues?q=join-or-start+cannot+read+%2Fproc+file  However, DDG does. (With "site:github.com AND inurl:netblue30/firejail/issues" for the SE nerds :nerd_face: out there). https://duckduckgo.com/?q=site%3Agithub.com+AND+inurl%3Anetblue30%2Ffirejail%2Fissues+join-or-start+cannot+read+%2Fproc+file+&ia=web 

gitea-mirror referenced this issue 2026-05-05 10:18:38 -06:00

[PR #2500] [MERGED] Add new profile for simplescreenrecorder #4361

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2500

No description provided.