github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #4194] cannot access whitelisted directories in Thunderbird Ubuntu 20.04 #2576

New issue

Closed

opened 2026-05-05 09:14:51 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 09:14:51 -06:00

Owner

Originally created by @Tus1688 on GitHub (Apr 15, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4194

Hi, I made thunderbird.profile in .config/firejail, and type following:

include /etc/firejail/thunderbird.profile
whitelist ${HOME}/Documents/upload
whitelist ${HOME}/Pictures/upload

I did a same think for firefox, when I checked firefox, I could access both whitelisted directories,
But, not with thunderbird. the Documents & Pictures directories were showed up

but when I click that directory I got following prompt:

I don't have app armor profile enabled by default for thunderbird. This is the snippet from sudo aa-status:
apparmor module is loaded. 22 profiles are loaded. 20 profiles are in enforce mode. /usr/bin/man /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/lib/cups/backend/cups-pdf /usr/sbin/cups-browsed /usr/sbin/cupsd /usr/sbin/cupsd//third_party /usr/sbin/tcpdump /{,usr/}sbin/dhclient firejail-default ippusbxd libreoffice-senddoc libreoffice-soffice//gpg libreoffice-xpdfimport lsb_release man_filter man_groff nvidia_modprobe nvidia_modprobe//kmod 2 profiles are in complain mode. libreoffice-oopslash libreoffice-soffice 9 processes have profiles defined. 9 processes are in enforce mode. /usr/sbin/cups-browsed (644) /usr/sbin/cupsd (558) /usr/lib/thunderbird/thunderbird (12309) firejail-default /usr/lib/firefox/firefox (12828) firejail-default /usr/lib/firefox/firefox (12903) firejail-default /usr/lib/firefox/firefox (12956) firejail-default /usr/lib/firefox/firefox (13010) firejail-default /usr/lib/firefox/firefox (13064) firejail-default /usr/lib/firefox/firefox (13110) firejail-default 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.
Thanks in advance for your kindly help.

Originally created by @Tus1688 on GitHub (Apr 15, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4194 Hi, I made `thunderbird.profile` in `.config/firejail`, and type following: `include /etc/firejail/thunderbird.profile` `whitelist ${HOME}/Documents/upload` `whitelist ${HOME}/Pictures/upload` I did a same think for firefox, when I checked firefox, I could access both whitelisted directories, But, not with thunderbird. the Documents & Pictures directories were showed up ![1](https://user-images.githubusercontent.com/76937231/114814625-c0549000-9dde-11eb-869a-2ac551826e00.png) but when I click that directory I got following prompt: ![2](https://user-images.githubusercontent.com/76937231/114814653-cfd3d900-9dde-11eb-9eed-b0d833931ad0.png) I don't have app armor profile enabled by default for thunderbird. This is the snippet from `sudo aa-status`: `apparmor module is loaded. 22 profiles are loaded. 20 profiles are in enforce mode. /usr/bin/man /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/lib/cups/backend/cups-pdf /usr/sbin/cups-browsed /usr/sbin/cupsd /usr/sbin/cupsd//third_party /usr/sbin/tcpdump /{,usr/}sbin/dhclient firejail-default ippusbxd libreoffice-senddoc libreoffice-soffice//gpg libreoffice-xpdfimport lsb_release man_filter man_groff nvidia_modprobe nvidia_modprobe//kmod 2 profiles are in complain mode. libreoffice-oopslash libreoffice-soffice 9 processes have profiles defined. 9 processes are in enforce mode. /usr/sbin/cups-browsed (644) /usr/sbin/cupsd (558) /usr/lib/thunderbird/thunderbird (12309) firejail-default /usr/lib/firefox/firefox (12828) firejail-default /usr/lib/firefox/firefox (12903) firejail-default /usr/lib/firefox/firefox (12956) firejail-default /usr/lib/firefox/firefox (13010) firejail-default /usr/lib/firefox/firefox (13064) firejail-default /usr/lib/firefox/firefox (13110) firejail-default 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.` Thanks in advance for your kindly help.

gitea-mirror

2026-05-05 09:14:51 -06:00

closed this issue
added the
converted-to-discussion
label

gitea-mirror commented

2026-05-05 09:14:53 -06:00

Author

Owner

@Tus1688 commented on GitHub (Apr 15, 2021):

sorry for unreadable snippets:

apparmor module is loaded.
22 profiles are loaded.
20 profiles are in enforce mode.
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/usr/sbin/tcpdump
/{,usr/}sbin/dhclient
firejail-default
ippusbxd
libreoffice-senddoc
libreoffice-soffice//gpg
libreoffice-xpdfimport
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
2 profiles are in complain mode.
libreoffice-oopslash
libreoffice-soffice
9 processes have profiles defined.
9 processes are in enforce mode.
/usr/sbin/cups-browsed (644)
/usr/sbin/cupsd (558)
/usr/lib/thunderbird/thunderbird (12309) firejail-default
/usr/lib/firefox/firefox (12828) firejail-default
/usr/lib/firefox/firefox (12903) firejail-default
/usr/lib/firefox/firefox (12956) firejail-default
/usr/lib/firefox/firefox (13010) firejail-default
/usr/lib/firefox/firefox (13064) firejail-default
/usr/lib/firefox/firefox (13110) firejail-default
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

@Tus1688 commented on GitHub (Apr 15, 2021): sorry for unreadable snippets: apparmor module is loaded. 22 profiles are loaded. 20 profiles are in enforce mode. /usr/bin/man /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/lib/cups/backend/cups-pdf /usr/sbin/cups-browsed /usr/sbin/cupsd /usr/sbin/cupsd//third_party /usr/sbin/tcpdump /{,usr/}sbin/dhclient firejail-default ippusbxd libreoffice-senddoc libreoffice-soffice//gpg libreoffice-xpdfimport lsb_release man_filter man_groff nvidia_modprobe nvidia_modprobe//kmod 2 profiles are in complain mode. libreoffice-oopslash libreoffice-soffice 9 processes have profiles defined. 9 processes are in enforce mode. /usr/sbin/cups-browsed (644) /usr/sbin/cupsd (558) /usr/lib/thunderbird/thunderbird (12309) firejail-default /usr/lib/firefox/firefox (12828) firejail-default /usr/lib/firefox/firefox (12903) firejail-default /usr/lib/firefox/firefox (12956) firejail-default /usr/lib/firefox/firefox (13010) firejail-default /usr/lib/firefox/firefox (13064) firejail-default /usr/lib/firefox/firefox (13110) firejail-default 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.

gitea-mirror commented

2026-05-05 09:14:54 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 15, 2021):

Hi, I made thunderbird.profile in .config/firejail, and type following:
include /etc/firejail/thunderbird.profile
whitelist ${HOME}/Documents/upload
whitelist ${HOME}/Pictures/upload

Name it thunderbird.local and skip the include /etc/firejail/thunderbird.profile

Permission denied

Because they are blacklisted, add the following:

noblacklist ${DOCUMENTS}
noblacklist ${PICTURES}

sorry for unreadable snippets:

Source:

Inline `code` in markdown

```
Multi line
code
in markdown
```

Rendered:

Inline code in markdown

Multi line
code
in markdown

@rusty-snake commented on GitHub (Apr 15, 2021): > Hi, I made thunderbird.profile in .config/firejail, and type following: include /etc/firejail/thunderbird.profile whitelist ${HOME}/Documents/upload whitelist ${HOME}/Pictures/upload Name it `thunderbird.local` and skip the `include /etc/firejail/thunderbird.profile` > Permission denied Because they are blacklisted, add the following: ``` noblacklist ${DOCUMENTS} noblacklist ${PICTURES} ``` > sorry for unreadable snippets: Source: ```` Inline `code` in markdown ``` Multi line code in markdown ``` ```` Rendered: Inline `code` in markdown ``` Multi line code in markdown ```

gitea-mirror referenced this issue

2026-05-05 10:19:50 -06:00

[PR #2576] [MERGED] add disable-exec.inc to all profiles with apparmor #4423

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2576

No description provided.

Rows
Columns