github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #4482] It seems that `8d3d67e896` breaks Firefox #2681

New issue

Closed

opened 2026-05-05 09:20:32 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 09:20:32 -06:00

Owner

Originally created by @KOLANICH on GitHub (Aug 26, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4482

Bug and expected behavior
Firefox cannot access internet after 8d3d67e896

No profile and disabling firejail

What changed calling firejail --noprofile /path/to/program in a terminal?: works
What changed calling the program by path (e.g. /usr/bin/vlc)?: works

Reproduce
Steps to reproduce the behavior:

Run in bash firejail firefox
Open any networked website.
DNS is not available.

Environment

Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release) Ubuntu 21.04 hirsute
Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD) 8d3d67e896

Additional context

Checklist

The profile (and redirect profile if exists) hasn't already been fixed upstream.
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
I have performed a short search for similar issues (to avoid opening a duplicate).
If it is a AppImage, --profile=PROFILENAME is used to set the right profile.: n/a
Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.

Debug output contains nothing useful at the moments I try to open websites from Firefox.

UPD: after manually replacing the files from a good commit with the ones of f4b36e8032 it stopped breaking on f4b36e8032. Now it breaks on 8d3d67e896

Originally created by @KOLANICH on GitHub (Aug 26, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4482 **Bug and expected behavior** Firefox cannot access internet after 8d3d67e8960f87a7592bc3a1623f27b45a52edb5 **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal?: works - What changed calling the program by path (e.g. `/usr/bin/vlc`)?: works **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail firefox` 2. Open any networked website. 3. DNS is not available. **Environment** - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) Ubuntu 21.04 hirsute - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) 8d3d67e8960f87a7592bc3a1623f27b45a52edb5 **Additional context** **Checklist** - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile.: n/a - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions. Debug output contains nothing useful at the moments I try to open websites from Firefox. UPD: after manually replacing the files from a good commit with the ones of f4b36e80321379c4917c7ab9c9b3bbcfad05899f it stopped breaking on f4b36e80321379c4917c7ab9c9b3bbcfad05899f. Now it breaks on 8d3d67e8960f87a7592bc3a1623f27b45a52edb5

gitea-mirror closed this issue

2026-05-05 09:20:33 -06:00

gitea-mirror commented

2026-05-05 09:20:35 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 27, 2021):

Where does your /etc/resolv.conf point?

@rusty-snake commented on GitHub (Aug 27, 2021): Where does your `/etc/resolv.conf` point?

gitea-mirror commented

2026-05-05 09:20:36 -06:00

Author

Owner

@KOLANICH commented on GitHub (Aug 27, 2021):

/run/resolvconf/resolv.conf (127.0.0.53)

@KOLANICH commented on GitHub (Aug 27, 2021): `/run/resolvconf/resolv.conf` (127.0.0.53)

gitea-mirror commented

2026-05-05 09:20:36 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 27, 2021):

Then we should whitelist /run/resolvconf/resolv.conf in whitelist-run-common.inc too.

@rusty-snake commented on GitHub (Aug 27, 2021): Then we should `whitelist /run/resolvconf/resolv.conf` in whitelist-run-common.inc too.

gitea-mirror commented

2026-05-05 09:20:37 -06:00

Author

Owner

@KOLANICH commented on GitHub (Sep 3, 2021):

Thank you.

@KOLANICH commented on GitHub (Sep 3, 2021): Thank you.

gitea-mirror commented

2026-05-05 09:20:38 -06:00

Author

Owner

@mjanonis commented on GitHub (Sep 3, 2021):

On Arch Linux, /etc/resolv.conf points to /run/systemd/resolve/stub-resolv.conf when systemd-resolved is used, so that needs to get added to the whitelist too. I had the same problem and doing that fixed it.

@mjanonis commented on GitHub (Sep 3, 2021): On Arch Linux, `/etc/resolv.conf` points to `/run/systemd/resolve/stub-resolv.conf` when systemd-resolved is used, so that needs to get added to the whitelist too. I had the same problem and doing that fixed it.

gitea-mirror referenced this issue

2026-05-05 10:20:59 -06:00

[PR #2682] [CLOSED] disable seccomp for gimp #4484

gitea-mirror referenced this issue

2026-05-05 10:24:30 -06:00

[PR #3178] [MERGED] Allow mbind syscall for GIMP #4673