github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4146] firefox profile cannot run Emacs because /usr/share/emacs is not whitelisted #2549

New issue
Closed
opened 2026-05-05 09:13:33 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 09:13:33 -06:00
Owner
Copy link

Originally created by @vinc17fr on GitHub (Mar 28, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4146

When using the firefox profile, Emacs cannot be run because the /usr/share/emacs directory is not whitelisted. Being able to run Emacs from Firefox is useful to open text files served as Content-Disposition: attachment.

Test to reproduce:

$ firejail --profile=firefox emacs
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /home/vinc17/.config/firejail/firefox-common.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Warning: Warning: NVIDIA card detected, nogroups command disabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 142663, child pid 142666
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 158.06 ms
Warning: arch-independent data dir '/usr/share/emacs/27.1/etc/': No such file or directory
Warning: Lisp directory '/usr/share/emacs/27.1/lisp': No such file or directory
Error: /usr/share/emacs/27.1/etc/charsets: No such file or directory
Emacs will not function correctly without the character map files.
Please check your installation!

Adding

whitelist /usr/share/emacs

to ~/.config/firejail/firefox-common.local solves the issue, but this should be in the default configuration.

Environment: Debian/unstable with the firejail 0.9.64.4-2 Debian package.

Originally created by @vinc17fr on GitHub (Mar 28, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4146 When using the `firefox` profile, Emacs cannot be run because the `/usr/share/emacs` directory is not whitelisted. Being able to run Emacs from Firefox is useful to open text files served as `Content-Disposition: attachment`. Test to reproduce: ``` $ firejail --profile=firefox emacs Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /home/vinc17/.config/firejail/firefox-common.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Warning: Warning: NVIDIA card detected, nogroups command disabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 142663, child pid 142666 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 158.06 ms Warning: arch-independent data dir '/usr/share/emacs/27.1/etc/': No such file or directory Warning: Lisp directory '/usr/share/emacs/27.1/lisp': No such file or directory Error: /usr/share/emacs/27.1/etc/charsets: No such file or directory Emacs will not function correctly without the character map files. Please check your installation! ``` Adding ``` whitelist /usr/share/emacs ``` to `~/.config/firejail/firefox-common.local` solves the issue, but this should be in the default configuration. Environment: Debian/unstable with the `firejail 0.9.64.4-2` Debian package.
gitea-mirror commented 2026-05-05 09:13:36 -06:00
Author
Owner
Copy link

@chiraag-nataraj commented on GitHub (May 5, 2021):

I don't think this makes sense by default, it's why the .local file mechanism exists. I'm going to close this for now, but feel free to reopen if you can make a good case for why this should be the default 😊

<!-- gh-comment-id:832663053 --> @chiraag-nataraj commented on GitHub (May 5, 2021): I don't think this makes sense by default, it's why the `.local` file mechanism exists. I'm going to close this for now, but feel free to reopen if you can make a good case for why this should be the default 😊
gitea-mirror commented 2026-05-05 09:13:36 -06:00
Author
Owner
Copy link

@vinc17fr commented on GitHub (May 5, 2021):

Firefox does not open text files served as Content-Disposition: attachment or text files with an unknown MIME content-type (Firefox bug 57342). In these cases, an external application is needed, and one of the proposed choices in the "Choose Helper Application" dialog is Emacs (when installed). Even though this can be done with a .local file, the default should just work. The /usr/share/emacs directory contains only files from the vendor, so that there should be no security issues to make it readable.

But perhaps this directory should be added to whitelist-usr-share-common.inc, which already contains whiltelists for other software, so why not Emacs?

<!-- gh-comment-id:832961368 --> @vinc17fr commented on GitHub (May 5, 2021): Firefox does not open text files served as `Content-Disposition: attachment` or text files with an unknown MIME content-type ([Firefox bug 57342](https://bugzilla.mozilla.org/show_bug.cgi?id=57342)). In these cases, an external application is needed, and one of the proposed choices in the "Choose Helper Application" dialog is Emacs (when installed). Even though this can be done with a `.local` file, the default should just work. The `/usr/share/emacs` directory contains only files from the vendor, so that there should be no security issues to make it readable. But perhaps this directory should be added to `whitelist-usr-share-common.inc`, which already contains whiltelists for other software, so why not Emacs?
gitea-mirror commented 2026-05-05 09:13:37 -06:00
Author
Owner
Copy link

@kris7t commented on GitHub (May 5, 2021):

A better solution would be to explicitly make Firefox display no applications to chose from in the "Choose Helper Application" dialog by default, only letting you to download into a shared directory ($HOME/Downloads most likely) with appropriate permissions, then opening with your editor inside another sandbox (separate from the Firefox one).

Running multiple applications in the same sandbox just increases the attack surface: although likely inconsequential for plain text files, with more complicated attachments (say, pdfs) an attacker could now leverage all the vulnerabilities in the pdf reader to exfiltrate sensitive data (like session cookies) from the browser, even if they couldn't find a suitable vulnerability in the browser itself.

Although browser extensions could introduce their own vulnerabilities, solely to open files, a fairly tiny extension like Open in Browser, that lets you select the mime type to open a file as, may be more suitable than running a whole huge Emacs instance inside the browser firejail sandbox.

For my taste, whitelist-usr-share-common.inc is a bit bloated, but most of the stuff in there is quite hard to disentangle from modern applications, unfortunately.

<!-- gh-comment-id:832974431 --> @kris7t commented on GitHub (May 5, 2021): A better solution would be to explicitly make Firefox display _no_ applications to chose from in the "Choose Helper Application" dialog by default, only letting you to download into a shared directory (`$HOME/Downloads` most likely) with appropriate permissions, then opening with your editor inside another sandbox (separate from the Firefox one). Running multiple applications in the same sandbox just increases the attack surface: although likely inconsequential for plain text files, with more complicated attachments (say, pdfs) an attacker could now leverage all the vulnerabilities in the pdf reader to exfiltrate sensitive data (like session cookies) from the browser, even if they couldn't find a suitable vulnerability in the browser itself. Although browser extensions could introduce their own vulnerabilities, solely to open files, a fairly tiny extension like [Open in Browser](https://github.com/Rob--W/open-in-browser), that lets you select the mime type to open a file as, may be more suitable than running a whole huge Emacs instance inside the browser firejail sandbox. For my taste, `whitelist-usr-share-common.inc` is a bit bloated, but most of the stuff in there is quite hard to disentangle from modern applications, unfortunately.
gitea-mirror commented 2026-05-05 09:13:38 -06:00
Author
Owner
Copy link

@vinc17fr commented on GitHub (May 6, 2021):

A better solution would be to explicitly make Firefox display no applications to chose from in the "Choose Helper Application" dialog by default, only letting you to download into a shared directory ($HOME/Downloads most likely) with appropriate permissions, then opening with your editor inside another sandbox (separate from the Firefox one).

This would be annoying for the user, for probably not many advantages. Or perhaps there could be 2 kinds of profiles.

<!-- gh-comment-id:833269286 --> @vinc17fr commented on GitHub (May 6, 2021): > A better solution would be to explicitly make Firefox display _no_ applications to chose from in the "Choose Helper Application" dialog by default, only letting you to download into a shared directory (`$HOME/Downloads` most likely) with appropriate permissions, then opening with your editor inside another sandbox (separate from the Firefox one). This would be annoying for the user, for probably not many advantages. Or perhaps there could be 2 kinds of profiles.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2549
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?