[GH-ISSUE #4708] minecraft-launcher fails with fatal error (Manjaro 5.13.19-2, nvidia) #2758

New issue

Closed

opened 2026-05-05 09:25:19 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented 2026-05-05 09:25:19 -06:00

Owner

Copy link

Originally created by @scitoast on GitHub (Nov 24, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4708

Description

I just put minecraft on my completely fresh & newly updated Manjaro install. With the included minecraft-launcher firejail profile minecraft-launcher fails to start.

Steps to Reproduce

1. x86_64 system with an Nvidia 750Ti card and fresh Manjaro install, verified system is well functioning
2. Updated system (pacman -Syu) and rebooted
3. Installed minecraft-launcher; ran and updated minecraft launcher without firejail and confirmed minecraft is running unproblematically
4. Standard firejail installed via pacman
5. Standard firejail desktop integration (firecfg --fix-sound, logout and log back in, and then sudo firecfg)
6. minecraft-launcher begins loading and crashes.

Observations

From the errors (see log below) it looks like there aren't permissions for the game to create or buffer something. Also (though it's irrelevant to the present bug report) it looks like /sbin and /usr/sbin are not blacklisted, which probably they should be.

Error log

Edited: I sanitized out a timestamp, pid, and some hash gibberish, just being paranoid.

Here is the output when I run minecraft-launcher from a terminal:

Reading profile /etc/firejail/minecraft-launcher.profile
Reading profile /etc/firejail/allow-java.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: Warning: NVIDIA card detected, nogroups command disabled
Parent pid [removed, child pid [removed]
Warning: skipping minecraft-launcher for private /opt
Private /opt installed in 0.16 ms
2 programs installed in 7.58 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping asound.conf for private /etc
Warning: skipping ati for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping drirc for private /etc
Warning: skipping java-10-openjdk for private /etc
Warning: skipping java-11-openjdk for private /etc
Warning: skipping java-12-openjdk for private /etc
Warning: skipping java-13-openjdk for private /etc
Warning: skipping java-14-openjdk for private /etc
Warning: skipping java-7-openjdk for private /etc
Warning: skipping java-9-openjdk for private /etc
Warning: skipping java-openjdk for private /etc
Warning: skipping nvidia for private /etc
Warning: skipping pki for private /etc
Warning: skipping selinux for private /etc
Private /etc installed in 77.40 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Warning: cleaning all supplementary groups
Child process initialized in [removed] ms
ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json
ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
[1123/224313.381795:FATAL:proc_util.cc(36)] Check failed: . : Permission denied (13)
[1123/224313.404607:FATAL:proc_util.cc(36)] Check failed: . : Permission denied (13)
[1123/224314.040802:ERROR:file_path_watcher_linux.cc(73)] Failed to read /proc/sys/fs/inotify/max_user_watches
[1123/224314.042837:ERROR:platform_shared_memory_region_posix.cc(250)] Creating shared memory in /dev/shm/.org.chromium.Chromium.UHAugr failed: Permission denied (13)
https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json

(minecraft-launcher:33): Gtk-WARNING **: [removed]: Could not load a pixbuf from icon theme.
This may indicate that pixbuf loaders or the mime database could not be found.
MessageBox(Minecraft Launcher): Unable to update the Minecraft Native Launcher.

Parent is shutting down, bye...

Final thoughts

Minecraft / java edition security has always been a concern of mine, esp. given that many players eventually load up "mods" created by random blokes. Before attempting to firejail minecraft, I spent an entire day sitting down attempting to create an AppArmor policy for it. This proved intractable (I eventually got mysterious errors about conflicting permissions I couldn't trace) and I'm convinced it's almost impossible with the tools presently available for profile creation.

Firejail works great for many apps in my experience, it would be amazing to have a sandboxed Minecraft. But I have no idea how to fix this one...thanks for your help.

Originally created by @scitoast on GitHub (Nov 24, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4708 ### Description I just put minecraft on my completely fresh & newly updated Manjaro install. With the included minecraft-launcher firejail profile minecraft-launcher fails to start. ### Steps to Reproduce 1. x86_64 system with an Nvidia 750Ti card and fresh Manjaro install, verified system is well functioning 2. Updated system (pacman -Syu) and rebooted 3. Installed minecraft-launcher; ran and updated minecraft launcher without firejail and confirmed minecraft is running unproblematically 4. Standard firejail installed via pacman 5. Standard firejail desktop integration (`firecfg --fix-sound`, logout and log back in, and then `sudo firecfg`) 6. `minecraft-launcher` begins loading and crashes. ### Observations From the errors (see log below) it looks like there aren't permissions for the game to create or buffer something. Also (though it's irrelevant to the present bug report) it looks like /sbin and /usr/sbin are not blacklisted, which probably they should be. ### Error log Edited: I sanitized out a timestamp, pid, and some hash gibberish, just being paranoid. Here is the output when I run minecraft-launcher from a terminal: ``` Reading profile /etc/firejail/minecraft-launcher.profile Reading profile /etc/firejail/allow-java.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: Warning: NVIDIA card detected, nogroups command disabled Parent pid [removed, child pid [removed] Warning: skipping minecraft-launcher for private /opt Private /opt installed in 0.16 ms 2 programs installed in 7.58 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping asound.conf for private /etc Warning: skipping ati for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping drirc for private /etc Warning: skipping java-10-openjdk for private /etc Warning: skipping java-11-openjdk for private /etc Warning: skipping java-12-openjdk for private /etc Warning: skipping java-13-openjdk for private /etc Warning: skipping java-14-openjdk for private /etc Warning: skipping java-7-openjdk for private /etc Warning: skipping java-9-openjdk for private /etc Warning: skipping java-openjdk for private /etc Warning: skipping nvidia for private /etc Warning: skipping pki for private /etc Warning: skipping selinux for private /etc Private /etc installed in 77.40 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Warning: cleaning all supplementary groups Child process initialized in [removed] ms ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. ERROR: ld.so: object '/run/firejail/lib/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. [1123/224313.381795:FATAL:proc_util.cc(36)] Check failed: . : Permission denied (13) [1123/224313.404607:FATAL:proc_util.cc(36)] Check failed: . : Permission denied (13) [1123/224314.040802:ERROR:file_path_watcher_linux.cc(73)] Failed to read /proc/sys/fs/inotify/max_user_watches [1123/224314.042837:ERROR:platform_shared_memory_region_posix.cc(250)] Creating shared memory in /dev/shm/.org.chromium.Chromium.UHAugr failed: Permission denied (13) https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json (minecraft-launcher:33): Gtk-WARNING **: [removed]: Could not load a pixbuf from icon theme. This may indicate that pixbuf loaders or the mime database could not be found. MessageBox(Minecraft Launcher): Unable to update the Minecraft Native Launcher. Parent is shutting down, bye... ``` ### Final thoughts Minecraft / java edition security has always been a concern of mine, esp. given that many players eventually load up "mods" created by random blokes. Before attempting to firejail minecraft, I spent an entire day sitting down attempting to create an AppArmor policy for it. This proved intractable (I eventually got mysterious errors about conflicting permissions I couldn't trace) and I'm convinced it's almost impossible with the tools presently available for profile creation. Firejail works great for many apps in my experience, it would be amazing to have a sandboxed Minecraft. But I have no idea how to fix this one...thanks for your help.

gitea-mirror closed this issue 2026-05-05 09:25:21 -06:00

gitea-mirror commented 2026-05-05 09:25:22 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Nov 24, 2021):

What happens if you use --noprofile? Is there still a AA profile (in enforce mode)?

Since the errors indicate some chromium components, what happens with firejail --ignore="caps.drop all" --ignore=nonewprivs --ignore=noroot --ignore=protocol --ignore=seccomp --ignore=tracelog /path/to/minecraft-launcher?

<!-- gh-comment-id:977595962 --> @rusty-snake commented on GitHub (Nov 24, 2021): What happens if you use `--noprofile`? Is there still a AA profile (in enforce mode)? Since the errors indicate some chromium components, what happens with `firejail --ignore="caps.drop all" --ignore=nonewprivs --ignore=noroot --ignore=protocol --ignore=seccomp --ignore=tracelog /path/to/minecraft-launcher`?

gitea-mirror commented 2026-05-05 09:25:23 -06:00

Author

Owner

Copy link

@scitoast commented on GitHub (Nov 24, 2021):

Hi there!

• Running firejail --noprofile /usr/bin/minecraft-launcher runs it successfully and I am able to start the game as well as run in window or fullscreen. Console logs a few errors but the game appears to run normally. Console output below from this:

Parent pid [removed], child pid [removed]
Child process initialized in 7.48 ms
https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json
[1124/143454.033814:INFO:main_context.cpp(136)] CEF initialized successfully.
[1124/143454.033992:INFO:main_context.cpp(138)] CEF version: 86.0.23+ga2c2edf+chromium-86.0.4240.193
sh: line 1: orca: command not found
Created browser window for reuse: 0x4200001
[1124/143603.867832:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Error) eglSwapBuffers: Failed to retrieve the size of the parent window.
[1124/143603.872807:WARNING:xproto_util.cc(51)] X error received: serial 1711, error_code 9 (BadDrawable (invalid Pixmap or Window parameter)), request_code 14, minor_code 0 (X_GetGeometry)
[1124/143603.873025:ERROR:skia_output_surface_impl_on_gpu.cc(1204)] Failed to make current.
[1124/143603.894503:ERROR:shared_image_stub.cc(452)] SharedImageStub: context already lost
[1124/143603.901668:ERROR:skia_output_surface_impl_on_gpu.cc(1204)] Failed to make current.
[1124/143603.902188:ERROR:skia_output_surface_impl_on_gpu.cc(1204)] Failed to make current.
[1124/143611.116663:WARNING:xproto_util.cc(51)] X error received: serial 668, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow)

• Trying now your second suggestion, it ran also. During game loading, the window suddenly disappeared; however it reappeared and I was able to play it just fine again, so that worked too. The console output indicates it had to recover from a GPU crash and a few other things, but the game behaved normally. Console output below:

Reading profile /etc/firejail/minecraft-launcher.profile
Reading profile /etc/firejail/allow-java.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: Warning: NVIDIA card detected, nogroups command disabled
Parent pid  [removed], child pid [removed]
Warning: skipping minecraft-launcher for private /opt
Private /opt installed in 0.17 ms
2 programs installed in 8.96 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping asound.conf for private /etc
Warning: skipping ati for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping drirc for private /etc
Warning: skipping java-10-openjdk for private /etc
Warning: skipping java-11-openjdk for private /etc
Warning: skipping java-12-openjdk for private /etc
Warning: skipping java-13-openjdk for private /etc
Warning: skipping java-14-openjdk for private /etc
Warning: skipping java-7-openjdk for private /etc
Warning: skipping java-9-openjdk for private /etc
Warning: skipping java-openjdk for private /etc
Warning: skipping nvidia for private /etc
Warning: skipping pki for private /etc
Warning: skipping selinux for private /etc
Private /etc installed in 108.17 ms
Private /usr/etc installed in 0.01 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in [removed] ms
https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json
[1124/144145.548105:INFO:main_context.cpp(136)] CEF initialized successfully.
[1124/144145.548220:INFO:main_context.cpp(138)] CEF version: 86.0.23+ga2c2edf+chromium-86.0.4240.193

(minecraft-launcher:34): dbind-WARNING **: 14:41:45.675: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-YfvAlvswsr: No such file or directory
Created browser window for reuse: 0x4200001
[1124/144145.977877:INFO:LauncherAppRenderer.cpp(518)] OnContextReleased: no frame (unknown context), browser id=1
[1124/144216.416561:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Critical) eglMakeCurrent: Failed to make the GLX context current
[1124/144216.420329:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Critical) eglMakeCurrent: Failed to make the GLX context current
[1124/144216.426164:WARNING:xproto_util.cc(51)] X error received: serial 727, error_code 170 (GLXBadWindow), request_code 152, minor_code 5 (X_GLXMakeCurrent)
[1124/144216.427162:WARNING:xproto_util.cc(51)] X error received: serial 728, error_code 162 (GLXBadContextTag), request_code 152, minor_code 5 (X_GLXMakeCurrent)
[1124/144218.042022:WARNING:gpu_process_host.cc(1262)] The GPU process has crashed 1 time(s)
[1124/144218.137462:WARNING:gpu_process_host.cc(990)] Reinitialized the GPU process after a crash. The reported initialization time was 90 ms
[1124/144223.726320:WARNING:xproto_util.cc(51)] X error received: serial 825, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow)

<!-- gh-comment-id:978193522 --> @scitoast commented on GitHub (Nov 24, 2021): Hi there! - Running `firejail --noprofile /usr/bin/minecraft-launcher` runs it successfully and I am able to start the game as well as run in window or fullscreen. Console logs a few errors but the game appears to run normally. Console output below from this: ``` Parent pid [removed], child pid [removed] Child process initialized in 7.48 ms https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json [1124/143454.033814:INFO:main_context.cpp(136)] CEF initialized successfully. [1124/143454.033992:INFO:main_context.cpp(138)] CEF version: 86.0.23+ga2c2edf+chromium-86.0.4240.193 sh: line 1: orca: command not found Created browser window for reuse: 0x4200001 [1124/143603.867832:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Error) eglSwapBuffers: Failed to retrieve the size of the parent window. [1124/143603.872807:WARNING:xproto_util.cc(51)] X error received: serial 1711, error_code 9 (BadDrawable (invalid Pixmap or Window parameter)), request_code 14, minor_code 0 (X_GetGeometry) [1124/143603.873025:ERROR:skia_output_surface_impl_on_gpu.cc(1204)] Failed to make current. [1124/143603.894503:ERROR:shared_image_stub.cc(452)] SharedImageStub: context already lost [1124/143603.901668:ERROR:skia_output_surface_impl_on_gpu.cc(1204)] Failed to make current. [1124/143603.902188:ERROR:skia_output_surface_impl_on_gpu.cc(1204)] Failed to make current. [1124/143611.116663:WARNING:xproto_util.cc(51)] X error received: serial 668, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow) ``` - Trying now your second suggestion, it ran also. During game loading, the window suddenly disappeared; however it reappeared and I was able to play it just fine again, so that worked too. The console output indicates it had to recover from a GPU crash and a few other things, but the game behaved normally. Console output below: ``` Reading profile /etc/firejail/minecraft-launcher.profile Reading profile /etc/firejail/allow-java.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: Warning: NVIDIA card detected, nogroups command disabled Parent pid [removed], child pid [removed] Warning: skipping minecraft-launcher for private /opt Private /opt installed in 0.17 ms 2 programs installed in 8.96 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping asound.conf for private /etc Warning: skipping ati for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping drirc for private /etc Warning: skipping java-10-openjdk for private /etc Warning: skipping java-11-openjdk for private /etc Warning: skipping java-12-openjdk for private /etc Warning: skipping java-13-openjdk for private /etc Warning: skipping java-14-openjdk for private /etc Warning: skipping java-7-openjdk for private /etc Warning: skipping java-9-openjdk for private /etc Warning: skipping java-openjdk for private /etc Warning: skipping nvidia for private /etc Warning: skipping pki for private /etc Warning: skipping selinux for private /etc Private /etc installed in 108.17 ms Private /usr/etc installed in 0.01 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized in [removed] ms https://launchermeta.mojang.com/v1/products/launcher/[removed]/linux.json [1124/144145.548105:INFO:main_context.cpp(136)] CEF initialized successfully. [1124/144145.548220:INFO:main_context.cpp(138)] CEF version: 86.0.23+ga2c2edf+chromium-86.0.4240.193 (minecraft-launcher:34): dbind-WARNING **: 14:41:45.675: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-YfvAlvswsr: No such file or directory Created browser window for reuse: 0x4200001 [1124/144145.977877:INFO:LauncherAppRenderer.cpp(518)] OnContextReleased: no frame (unknown context), browser id=1 [1124/144216.416561:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Critical) eglMakeCurrent: Failed to make the GLX context current [1124/144216.420329:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Critical) eglMakeCurrent: Failed to make the GLX context current [1124/144216.426164:WARNING:xproto_util.cc(51)] X error received: serial 727, error_code 170 (GLXBadWindow), request_code 152, minor_code 5 (X_GLXMakeCurrent) [1124/144216.427162:WARNING:xproto_util.cc(51)] X error received: serial 728, error_code 162 (GLXBadContextTag), request_code 152, minor_code 5 (X_GLXMakeCurrent) [1124/144218.042022:WARNING:gpu_process_host.cc(1262)] The GPU process has crashed 1 time(s) [1124/144218.137462:WARNING:gpu_process_host.cc(990)] Reinitialized the GPU process after a crash. The reported initialization time was 90 ms [1124/144223.726320:WARNING:xproto_util.cc(51)] X error received: serial 825, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow) ```

gitea-mirror commented 2026-05-05 09:25:24 -06:00

Author

Owner

Copy link

@scitoast commented on GitHub (Nov 24, 2021):

Follow up. I tried a variation,

firejail --ignore="caps.drop all" --ignore=protocol --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher

This also resulted in a GPU crash which recovered after a second and allowed normal gameplay. The console output appears to be exactly the same.

<!-- gh-comment-id:978198563 --> @scitoast commented on GitHub (Nov 24, 2021): Follow up. I tried a variation, `firejail --ignore="caps.drop all" --ignore=protocol --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher` This also resulted in a GPU crash which recovered after a second and allowed normal gameplay. The console output appears to be exactly the same.

gitea-mirror commented 2026-05-05 09:25:25 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Nov 24, 2021):

firejail --ignore="caps.drop all" --ignore=protocol --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher

Ok now I'm interested, which of them work?

1. firejail --ignore="caps.drop all" --caps.keep=sys_admin,sys_chroot --ignore=protocol --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher
2. firejail --ignore="caps.drop all" --protocol=unix,inet,inet6,netlink,packet --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher
3. firejail --ignore="caps.drop all" --ignore=protocol --seccomp-error-action=log --ignore=tracelog /usr/bin/minecraft-launcher and follow https://github.com/netblue30/firejail/blob/master/etc/templates/syscalls.txt#L92

<!-- gh-comment-id:978214058 --> @rusty-snake commented on GitHub (Nov 24, 2021): > firejail --ignore="caps.drop all" --ignore=protocol --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher Ok now I'm interested, which of them work? 1. `firejail --ignore="caps.drop all" --caps.keep=sys_admin,sys_chroot --ignore=protocol --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher` 2. `firejail --ignore="caps.drop all" --protocol=unix,inet,inet6,netlink,packet --ignore=seccomp --ignore=tracelog /usr/bin/minecraft-launcher` 3. `firejail --ignore="caps.drop all" --ignore=protocol --seccomp-error-action=log --ignore=tracelog /usr/bin/minecraft-launcher` and follow https://github.com/netblue30/firejail/blob/master/etc/templates/syscalls.txt#L92

gitea-mirror commented 2026-05-05 09:25:26 -06:00

Author

Owner

Copy link

@scitoast commented on GitHub (Nov 24, 2021):

Tried all 3 of these from launch & login through to gameplay.

• Options (1), (2) and (3) all work! Doing the journal follow resulted in no blocked syscalls.

• This made me suspicious, so I went to a console and simply typed a vanilla minecraft-launcher without path specification. Now I'm very surprised. Minecraft loaded normally with the default firejail profile installed on the system! firejail --list shows it. This I tried several times in a row last night without getting it to load, but it is now loading consistently.

Sorry for (possibly) wasting your time. I do not understand what happened, except perhaps this morning's reboot worked magic.

Edit: I wonder if it is possible that it hangs only when it needs to push an update, and has no trouble when no update is necessary. That is what it was trying to do last night.

<!-- gh-comment-id:978226876 --> @scitoast commented on GitHub (Nov 24, 2021): Tried all 3 of these from launch & login through to gameplay. - Options (1), (2) and (3) all work! Doing the journal follow resulted in no blocked syscalls. - This made me suspicious, so I went to a console and simply typed a vanilla `minecraft-launcher` without path specification. Now I'm very surprised. Minecraft loaded normally with the default firejail profile installed on the system! `firejail --list` shows it. This I tried several times in a row last night without getting it to load, but it is now loading consistently. Sorry for (possibly) wasting your time. I do not understand what happened, except perhaps this morning's reboot worked magic. Edit: I wonder if it is possible that it hangs only when it needs to push an update, and has no trouble when no update is necessary. That is what it was trying to do last night.

gitea-mirror commented 2026-05-05 09:25:27 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Nov 24, 2021):

It could also be a "Need to start it once without firejail after rebooting" issue.

<!-- gh-comment-id:978235315 --> @rusty-snake commented on GitHub (Nov 24, 2021): It could also be a "Need to start it once without firejail after rebooting" issue.

gitea-mirror commented 2026-05-05 09:25:28 -06:00

Author

Owner

Copy link

@scitoast commented on GitHub (Nov 24, 2021):

Thank you, I'll remember it in the future.

<!-- gh-comment-id:978241115 --> @scitoast commented on GitHub (Nov 24, 2021): Thank you, I'll remember it in the future.

gitea-mirror referenced this issue 2026-05-05 10:35:37 -06:00

[PR #4881] [MERGED] RELNOTES: add bugfixes #5284

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2758

No description provided.