[GH-ISSUE #4488] telegram-desktop cannot start

gitea-mirror commented

2026-05-05 09:20:39 -06:00

Owner

Originally created by @nidamanx on GitHub (Aug 27, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4488

Solution found
All is fine if I disable include whitelist-usr-share-common.inc
Is there a way to disable this line using a .local profile?

With original .profile, the result is:

Terminal output

$ telegram-desktop 
Reading profile /etc/firejail/telegram-desktop.profile
Reading profile /etc/firejail/telegram.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 30921, child pid 30924
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping crypto-policies for private /etc
Warning fcopy: skipping /etc/pulse/client.conf.d/01-enable-autospawn.conf, cannot find inode
Private /etc installed in 26.96 ms
Private /usr/etc installed in 0.00 ms
Child process initialized in 127.71 ms
Packed resources not found

Parent is shutting down, bye...

No profile and disabling firejail
All is fine

Reproduce
Steps to reproduce the behavior:

Run in bash firejail telegram-desktop

Environment

Linux distribution and version: Debian 11
Firejail version: 0.9.66

Additional context
None

Checklist

The profile (and redirect profile if exists) hasn't already been fixed upstream.
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
I have performed a short search for similar issues (to avoid opening a duplicate).
If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.

Thanks!

Originally created by @nidamanx on GitHub (Aug 27, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4488 **Solution found** All is fine if I disable `include whitelist-usr-share-common.inc` Is there a way to disable this line using a .local profile? **With original .profile, the result is:** **Terminal output** ``` $ telegram-desktop Reading profile /etc/firejail/telegram-desktop.profile Reading profile /etc/firejail/telegram.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 30921, child pid 30924 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping crypto-policies for private /etc Warning fcopy: skipping /etc/pulse/client.conf.d/01-enable-autospawn.conf, cannot find inode Private /etc installed in 26.96 ms Private /usr/etc installed in 0.00 ms Child process initialized in 127.71 ms Packed resources not found Parent is shutting down, bye... ``` **No profile and disabling firejail** All is fine **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail telegram-desktop` **Environment** - Linux distribution and version: Debian 11 - Firejail version: 0.9.66 **Additional context** None **Checklist** - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [x] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions. Thanks!

gitea-mirror closed this issue

2026-05-05 09:20:40 -06:00

gitea-mirror commented

2026-05-05 09:20:41 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 27, 2021):

Is there a way to disable this line using a .local profile?

ignore include …

All is fine if I disable include whitelist-usr-share-common.inc

Do you have /usr/share/telegram-desktop (or /TelegramDesktop or telegram or …) in your system?

@rusty-snake commented on GitHub (Aug 27, 2021): > Is there a way to disable this line using a .local profile? `ignore include …` > All is fine if I disable include whitelist-usr-share-common.inc Do you have `/usr/share/telegram-desktop` (or `/TelegramDesktop` or `telegram` or …) in your system?

gitea-mirror commented

2026-05-05 09:20:42 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 27, 2021):

Does #4475 fix it for U too?

@rusty-snake commented on GitHub (Aug 27, 2021): Does #4475 fix it for U too?

gitea-mirror commented

2026-05-05 09:20:43 -06:00

Author

Owner

@nidamanx commented on GitHub (Aug 27, 2021):

Is there a way to disable this line using a .local profile?

ignore include …

Perfect!

All is fine if I disable include whitelist-usr-share-common.inc

Do you have /usr/share/telegram-desktop (or /TelegramDesktop or telegram or …) in your system?

Yes, a directory. /usr/share/TelegramDesktop/

@nidamanx commented on GitHub (Aug 27, 2021): > > Is there a way to disable this line using a .local profile? > > `ignore include …` Perfect! > > > All is fine if I disable include whitelist-usr-share-common.inc > > Do you have `/usr/share/telegram-desktop` (or `/TelegramDesktop` or `telegram` or …) in your system? Yes, a directory. `/usr/share/TelegramDesktop/`

gitea-mirror commented

2026-05-05 09:20:45 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 27, 2021):

@nidamanx then add whitelist /usr/share/TelegramDesktop to your telegram.profile like in #4475.

@rusty-snake commented on GitHub (Aug 27, 2021): @nidamanx then add `whitelist /usr/share/TelegramDesktop` to your telegram.profile like in #4475.

gitea-mirror commented

2026-05-05 09:20:46 -06:00

Author

Owner

@nidamanx commented on GitHub (Aug 27, 2021):

@nidamanx then add whitelist /usr/share/TelegramDesktop to your telegram.profile like in #4475.

@rusty-snake I was testing just now ;-)
All seems fine. Maybe could me nice to inclule in the profile
Just whitelist /usr/share/TelegramDesktop is enough
Let me check also Xfce for tray icon

@nidamanx commented on GitHub (Aug 27, 2021): > @nidamanx then add `whitelist /usr/share/TelegramDesktop` to your telegram.profile like in #4475. @rusty-snake I was testing just now ;-) All seems fine. Maybe could me nice to inclule in the profile Just `whitelist /usr/share/TelegramDesktop` is enough Let me check also Xfce for tray icon

gitea-mirror commented

2026-05-05 09:20:47 -06:00

Author

Owner

@nidamanx commented on GitHub (Aug 27, 2021):

@rusty-snake
We can also enable the commented line private-bin
This is my actual setup

$ cat ~/.config/firejail/telegram.local 
whitelist /usr/share/TelegramDesktop
private-bin telegram,Telegram,telegram-desktop

@nidamanx commented on GitHub (Aug 27, 2021): @rusty-snake We can also enable the commented line private-bin This is my actual setup ``` $ cat ~/.config/firejail/telegram.local whitelist /usr/share/TelegramDesktop private-bin telegram,Telegram,telegram-desktop ```

gitea-mirror commented

2026-05-05 09:20:48 -06:00

Author

Owner

@nidamanx commented on GitHub (Aug 27, 2021):

@rusty-snake
This works perfect with GNOME and Xfce

$ cat ~/.config/firejail/telegram.local 
whitelist /usr/share/TelegramDesktop
private-bin telegram,Telegram,telegram-desktop
ignore dbus-user.talk org.kde.StatusNotifierWatcher

Thanks for all your great work! :)

@nidamanx commented on GitHub (Aug 27, 2021): @rusty-snake This works perfect with GNOME and Xfce ``` $ cat ~/.config/firejail/telegram.local whitelist /usr/share/TelegramDesktop private-bin telegram,Telegram,telegram-desktop ignore dbus-user.talk org.kde.StatusNotifierWatcher ``` Thanks for all your great work! :)

gitea-mirror referenced this issue

2026-05-05 10:20:58 -06:00

[PR #2684] [MERGED] Whitespace fix #4482

Rows
Columns

[GH-ISSUE #4488] telegram-desktop cannot start #2684