github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4543] --join-or-start=program shouldn't create program-PID sandboxes if multiple instances try to start simultaneously. #2700

New issue
Open
opened 2026-05-05 09:21:45 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 09:21:45 -06:00
Owner
Copy link

Originally created by @crocket on GitHub (Sep 14, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4543

If my bookmark manager tries to open multiple bookmarks by launching multiple invocations of firejail --join-or-start=librewolf librewolf URL simultaneously, the first invocation creates librewolf sandbox and some of subsequent invocations end up creating librewolf-PID sandboxes.

If multiple firejail invocations are trying to launch simultaneously with --join-or-start=program, the first invocation should reserve a named sandbox which subsequent invocations wait for before joining the named sandbox.

Because not all invocations of librewolf join the same sandbox, I had to insert

ignore private-tmp
ignore dbus-user

into librewolf.local in order to launch multiple bookmarks simultaneously on librewolf.

If --join-or-start was good at putting all simultaneous invocations of firejail in one named sandbox, I didn't need to make all librewolf instances share /tmp and dbus with programs outside sandbox.

Originally created by @crocket on GitHub (Sep 14, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4543 If my bookmark manager tries to open multiple bookmarks by launching multiple invocations of `firejail --join-or-start=librewolf librewolf URL` simultaneously, the first invocation creates `librewolf` sandbox and some of subsequent invocations end up creating `librewolf-PID` sandboxes. If multiple firejail invocations are trying to launch simultaneously with `--join-or-start=program`, the first invocation should reserve a named sandbox which subsequent invocations wait for before joining the named sandbox. Because not all invocations of librewolf join the same sandbox, I had to insert ``` ignore private-tmp ignore dbus-user ``` into `librewolf.local` in order to launch multiple bookmarks simultaneously on librewolf. If `--join-or-start` was good at putting all simultaneous invocations of firejail in one named sandbox, I didn't need to make all librewolf instances share /tmp and dbus with programs outside sandbox.
gitea-mirror commented 2026-05-05 09:21:47 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Sep 14, 2021):

Previous discussion: #4538

<!-- gh-comment-id:919105561 --> @rusty-snake commented on GitHub (Sep 14, 2021): Previous discussion: #4538
gitea-mirror commented 2026-05-05 09:21:47 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 8, 2022):

firejail 0.9.70 has improved join code, can you test if this still happens with it when it is released.

<!-- gh-comment-id:1149808580 --> @rusty-snake commented on GitHub (Jun 8, 2022): firejail 0.9.70 has improved join code, can you test if this still happens with it when it is released.
gitea-mirror commented 2026-05-05 09:21:48 -06:00
Author
Owner
Copy link

@crocket commented on GitHub (Jun 9, 2022):

I will test. Just notify me on this issue when it's released.

<!-- gh-comment-id:1150886318 --> @crocket commented on GitHub (Jun 9, 2022): I will test. Just notify me on this issue when it's released.
gitea-mirror commented 2026-05-05 09:21:49 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jun 9, 2022):

I will test. Just notify me on this issue when it's released.

It has been released.

Note that you can subscribe to new releases through the Watch button (next to
the Fork button).

<!-- gh-comment-id:1151440337 --> @kmk3 commented on GitHub (Jun 9, 2022): > I will test. Just notify me on this issue when it's released. It has been released. Note that you can subscribe to new releases through the Watch button (next to the Fork button).
gitea-mirror commented 2026-05-05 09:21:50 -06:00
Author
Owner
Copy link

@crocket commented on GitHub (Jun 10, 2022):

I installed 0.9.70 and rebooted. I tested librewolf with join-or-start librewolf in librewolf.local.

The issue was reproduced reliably. I still need to ignore private-tmp and dbus-user.

<!-- gh-comment-id:1152353994 --> @crocket commented on GitHub (Jun 10, 2022): I installed 0.9.70 and rebooted. I tested librewolf with `join-or-start librewolf` in librewolf.local. The issue was reproduced reliably. I still need to ignore private-tmp and dbus-user.
gitea-mirror commented 2026-05-05 09:21:50 -06:00
Author
Owner
Copy link

@Stoxis commented on GitHub (May 22, 2023):

This fix for librewolf doesn't work

Screenshot_2023-05-22_02-09-28

How do I fix this? I don't receive the error when I launch tabs using the commandline with firefox, only librewolf. Both are using firejail.

<!-- gh-comment-id:1556428425 --> @Stoxis commented on GitHub (May 22, 2023): This fix for librewolf doesn't work ![Screenshot_2023-05-22_02-09-28](https://github.com/netblue30/firejail/assets/43509639/7edeb73e-ae9f-4e80-b135-b79b1a3d7892) How do I fix this? I don't receive the error when I launch tabs using the commandline with firefox, only librewolf. Both are using firejail.
gitea-mirror commented 2026-05-05 09:21:51 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 22, 2023):

@Stoxis did you got that will bulk opening link or with only one link? If you got it with only one link, it has a different cause. Open a new Discussion then. (There are already a lot for Firefox).

<!-- gh-comment-id:1557418961 --> @rusty-snake commented on GitHub (May 22, 2023): @Stoxis did you got that will bulk opening link or with only one link? If you got it with only one link, it has a different cause. Open a new Discussion then. (There are already a lot for Firefox).
gitea-mirror commented 2026-05-05 09:21:52 -06:00
Author
Owner
Copy link

@Stoxis commented on GitHub (May 23, 2023):

@Stoxis did you got that will bulk opening link or with only one link? If you got it with only one link, it has a different cause. Open a new Discussion then. (There are already a lot for Firefox).

If I run the command librewolf google.com/ it'll work the first time, but if I try to run the command a second time while the previous instance is still open I'll get the "Firefox is already running" error.

If I do the same thing firefox google.com/ I can do it as many times as I want to open new tabs without encountering the error.

Both Firefox and Librewolf are using Firejail.

<!-- gh-comment-id:1558302839 --> @Stoxis commented on GitHub (May 23, 2023): > @Stoxis did you got that will bulk opening link or with only one link? If you got it with only one link, it has a different cause. Open a new Discussion then. (There are already a lot for Firefox). If I run the command `librewolf google.com/` it'll work the first time, but if I try to run the command a second time while the previous instance is still open I'll get the "Firefox is already running" error. If I do the same thing `firefox google.com/` I can do it as many times as I want to open new tabs without encountering the error. Both Firefox and Librewolf are using Firejail.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2700
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?