github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #361] PulseAudio-related hangs under 'firejail --overlay-tmpfs' sandbox #258

New issue

Closed

opened 2026-05-05 05:26:30 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 05:26:30 -06:00

Owner

Originally created by @laniakea64 on GitHub (Mar 9, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/361

OS: Lubuntu 14.04
Firejail 0.9.38

Trying to run SeaMonkey (+ freshplayerplugin) in a firejail sandbox w/ --overlay-tmpfs, but anything that tries to play audio through pulseaudio hangs SeaMonkey one way or another, and this is output to the Terminal:
Failed to create secure directory (/run/user/[MYUID]/pulse): No such file or directory
(where [MYUID] is the numeric uid of the logged-in user)

In a new SeaMonkey profile, additionally this is spammed to the Terminal:

(seamonkey:2): dconf-CRITICAL **: unable to create directory '/run/user/[MYUID]/dconf': Permission denied.  dconf will not work properly.

Navigating to file:///run/ shows there is not even a user/ directory there 😕

(For testing, I'm just loading a .webm video containing audio, in the sandboxed SeaMonkey. The hang in this case appears to occur after quitting SeaMonkey but before SeaMonkey actually exits.)

Saw the known issues for pulseaudio 7.0 and up, but

$ pulseaudio --version
pulseaudio 4.0

and the symptoms don't seem to match anything I've read on this issue tracker...

Running firejail without --overlay-tmpfs, and pulseaudio works fine (and /run/user is present). But --overlay-tmpfs is the whole point I'm trying to use firejail here.
Tried whitelisting /run/user to no effect.

So how to make --overlay-tmpfs and pulseaudio play nice? Or is this a bug?

(Despite the fact my kernel - which is the standard Ubuntu kernel for 14.04 - has overlayfs support, firejail refuses to run with --overlay option just because the kernel isn't version 3.18 or up... so can't test that, sorry.)

Originally created by @laniakea64 on GitHub (Mar 9, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/361 OS: Lubuntu 14.04 Firejail 0.9.38 Trying to run SeaMonkey (+ freshplayerplugin) in a firejail sandbox w/ --overlay-tmpfs, but anything that tries to play audio through pulseaudio hangs SeaMonkey one way or another, and this is output to the Terminal: `Failed to create secure directory (/run/user/[MYUID]/pulse): No such file or directory` (where [MYUID] is the numeric uid of the logged-in user) In a new SeaMonkey profile, additionally this is spammed to the Terminal: ``` (seamonkey:2): dconf-CRITICAL **: unable to create directory '/run/user/[MYUID]/dconf': Permission denied. dconf will not work properly. ``` Navigating to `file:///run/` shows there is not even a user/ directory there :confused: (For testing, I'm just loading a .webm video containing audio, in the sandboxed SeaMonkey. The hang in this case appears to occur after quitting SeaMonkey but before SeaMonkey actually exits.) --- Saw the [known issues](https://firejail.wordpress.com/support/known-problems/) for pulseaudio 7.0 and up, but ``` $ pulseaudio --version pulseaudio 4.0 ``` and the symptoms don't seem to match anything I've read on this issue tracker... Running firejail without --overlay-tmpfs, and pulseaudio works fine (and /run/user is present). But --overlay-tmpfs is the whole point I'm trying to use firejail here. Tried whitelisting /run/user to no effect. So how to make --overlay-tmpfs and pulseaudio play nice? Or is this a bug? (Despite the fact my kernel - which is the standard Ubuntu kernel for 14.04 - has overlayfs support, firejail refuses to run with --overlay option just because the kernel isn't version 3.18 or up... so can't test that, sorry.)

gitea-mirror closed this issue

2026-05-05 05:26:31 -06:00

gitea-mirror commented

2026-05-05 05:26:35 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 10, 2016):

I was able to reproduce the problem on a Debian 8 with a 4.3 kernel. I put a fix it. Somehow, /run needed to be re-mounted in the sandbox - PulseAudio socket is under /run/user.

(seamonkey:2): dconf-CRITICAL **: unable to create directory '/run/user/[MYUID]/dconf':

The same /run directory problem as PulseAudio.

Despite the fact my kernel - which is the standard Ubuntu kernel for 14.04 - has overlayfs support

There are some subtle differences between Ubuntu's overlayfs in 3.13 and the official overlayfs in 3.18, so I ended up with only support for Ubuntu kernel.

Thanks for the bug!

@netblue30 commented on GitHub (Mar 10, 2016): I was able to reproduce the problem on a Debian 8 with a 4.3 kernel. I put a fix it. Somehow, /run needed to be re-mounted in the sandbox - PulseAudio socket is under /run/user. > (seamonkey:2): dconf-CRITICAL **: unable to create directory '/run/user/[MYUID]/dconf': The same /run directory problem as PulseAudio. > Despite the fact my kernel - which is the standard Ubuntu kernel for 14.04 - has overlayfs support There are some subtle differences between Ubuntu's overlayfs in 3.13 and the official overlayfs in 3.18, so I ended up with only support for Ubuntu kernel. Thanks for the bug!

gitea-mirror commented

2026-05-05 05:26:37 -06:00

Author

Owner

@laniakea64 commented on GitHub (Mar 10, 2016):

Wow that was fast, thanks! 😃

At 3fde90a320 (diff-2101407323981df3cabf3f8c67953d03R884) , was "/dev" intended to be "/run"?

@laniakea64 commented on GitHub (Mar 10, 2016): Wow that was fast, thanks! :smiley: At https://github.com/netblue30/firejail/commit/3fde90a32094fdf992eab077fd2caa72f7054945#diff-2101407323981df3cabf3f8c67953d03R884 , was "/dev" intended to be "/run"?

gitea-mirror commented

2026-05-05 05:26:39 -06:00

Author

Owner

@laniakea64 commented on GitHub (Mar 10, 2016):

(FWIW I've just built the source at 3fde90a320 and can confirm this issue is fixed. Thanks again)

@laniakea64 commented on GitHub (Mar 10, 2016): (FWIW I've just built the source at https://github.com/netblue30/firejail/commit/3fde90a32094fdf992eab077fd2caa72f7054945 and can confirm this issue is fixed. Thanks again)

gitea-mirror commented

2026-05-05 05:26:43 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 10, 2016):

I am still fighting overlayfs, there is more to come.

https://github.com/netblue30/firejail/issues/263

@netblue30 commented on GitHub (Mar 10, 2016): I am still fighting overlayfs, there is more to come. https://github.com/netblue30/firejail/issues/263

gitea-mirror referenced this issue

2026-05-05 06:18:01 -06:00

[GH-ISSUE #917] Applications opening as superuser mode #622

gitea-mirror referenced this issue

2026-05-05 07:09:37 -06:00

[GH-ISSUE #1344] Firefox and thunderbird are starting as root #922

gitea-mirror referenced this issue

2026-05-05 07:26:07 -06:00

[GH-ISSUE #1619] Firejail breaks media controls in Plasma taskbar #1084

gitea-mirror referenced this issue

2026-05-05 09:19:05 -06:00

[GH-ISSUE #4411] superuser in titlebar of various apps #2657