[GH-ISSUE #4377] telegram-desktop 2.8.2 not starting using firejail-git #2640

New issue

Closed

opened 2026-05-05 09:18:04 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented 2026-05-05 09:18:04 -06:00

Owner

Copy link

Originally created by @X6B on GitHub (Jun 28, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4377

On Archlinux, latest Telegram (2.8.2) is not starting using firejail-git compiled just now from AUR, however it does work using the stable version from the repos (0.9.64.4).

[xxx@xxx ~]$ telegram-desktop 
Reading profile /etc/firejail/telegram-desktop.profile
Reading profile /etc/firejail/telegram.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 194588, child pid 194591
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping pki for private /etc
Private /etc installed in 22.02 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Warning: cleaning all supplementary groups
Child process initialized in 98.49 ms
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default

---

EDIT by @rusty-snake: fix code-block

Originally created by @X6B on GitHub (Jun 28, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4377 On Archlinux, latest Telegram (2.8.2) is not starting using firejail-git compiled just now from AUR, however it does work using the stable version from the repos (0.9.64.4). ``` [xxx@xxx ~]$ telegram-desktop Reading profile /etc/firejail/telegram-desktop.profile Reading profile /etc/firejail/telegram.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 194588, child pid 194591 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping pki for private /etc Private /etc installed in 22.02 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Warning: cleaning all supplementary groups Child process initialized in 98.49 ms Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default ``` --- EDIT by @rusty-snake: fix code-block

gitea-mirror closed this issue 2026-05-05 09:18:05 -06:00

gitea-mirror commented 2026-05-05 09:18:07 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 28, 2021):

This is the diff since 0.9.64.4, can you check which added/changed line causes this.

diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index 0e7413fc94..05c621fb28 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -12,18 +12,45 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
+include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
 
+mkdir ${HOME}/.TelegramDesktop
+mkdir ${HOME}/.local/share/TelegramDesktop
+whitelist ${HOME}/.TelegramDesktop
+whitelist ${HOME}/.local/share/TelegramDesktop
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
 caps.drop all
 netfilter
 nodvd
+noinput
 nonewprivs
 noroot
 notv
 protocol unix,inet,inet6,netlink
 seccomp
+seccomp.block-secondary
+shell none
+tracelog
 
 disable-mnt
+#private-bin telegram,Telegram,telegram-desktop
 private-cache
-private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,pki,pulse,resolv.conf,ssl,xdg
+private-dev
+private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
+
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.talk org.gnome.Mutter.IdleMonitor
+dbus-user.talk org.freedesktop.ScreenSaver
+dbus-system none

<!-- gh-comment-id:869594856 --> @rusty-snake commented on GitHub (Jun 28, 2021): This is the diff since 0.9.64.4, can you check which added/changed line causes this. ```diff diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index 0e7413fc94..05c621fb28 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile @@ -12,18 +12,45 @@ include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc +include disable-passwdmgr.inc include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc +mkdir ${HOME}/.TelegramDesktop +mkdir ${HOME}/.local/share/TelegramDesktop +whitelist ${HOME}/.TelegramDesktop +whitelist ${HOME}/.local/share/TelegramDesktop +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor caps.drop all netfilter nodvd +noinput nonewprivs noroot notv protocol unix,inet,inet6,netlink seccomp +seccomp.block-secondary +shell none +tracelog disable-mnt +#private-bin telegram,Telegram,telegram-desktop private-cache -private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,pki,pulse,resolv.conf,ssl,xdg +private-dev +private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg private-tmp + +dbus-user filter +dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.kde.StatusNotifierWatcher +dbus-user.talk org.gnome.Mutter.IdleMonitor +dbus-user.talk org.freedesktop.ScreenSaver +dbus-system none ```

gitea-mirror commented 2026-05-05 09:18:08 -06:00

Author

Owner

Copy link

@X6B commented on GitHub (Jun 28, 2021):

Tracelog is the culprit. Telegram 2.8.2 works again on firejail-git commenting it.

<!-- gh-comment-id:869612160 --> @X6B commented on GitHub (Jun 28, 2021): Tracelog is the culprit. Telegram 2.8.2 works again on firejail-git commenting it.

gitea-mirror referenced this issue 2026-05-05 10:20:35 -06:00

[PR #2640] [MERGED] Fix typo in gnome-chess.profile #4462

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2640

No description provided.