github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #383] Firefox doesn't recognize when network settings have changed #276

New issue

Closed

opened 2026-05-05 05:29:45 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 05:29:45 -06:00

Owner

Originally created by @chiraag-nataraj on GitHub (Mar 24, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/383

I'm trying to figure out which file(s) I need to whitelist in /etc/ to enable Firefox to detect that the network settings have changed. I've whitelisted resolv.conf, hosts, and nsswitch.conf (because I thought it might help). Other applications like Skype seem to not have a problem despite having similarly restrictive profiles.
Here's my Firefox profile:

# Blacklist/Whitelist

blacklist /usr/local/bin
blacklist /usr/local/sbin
blacklist /media
blacklist /mnt
blacklist /boot
blacklist /ae108

whitelist ${HOME}/.mozilla
whitelist ${HOME}/Downloads/
whitelist ${HOME}/.pulse/
whitelist ${HOME}/.config/pulse/
whitelist ${HOME}/.config/gtk-3.0/
whitelist ${HOME}/.config/google-googletalkplugin/
whitelist ${HOME}/.config/fcitx/
whitelist ${HOME}/.gtkrc-2.0
whitelist ${HOME}/.gtkrc.mine
whitelist ${HOME}/.Xauthority
whitelist ${HOME}/PDF/

# Private directories

private-bin firefox.real,firefox,which,sh,dbus-launch,dbus-send,fcitx-dbus-watcher
private-etc hosts,passwd,mime.types,fonts/,mailcap,iceweasel/,xdg/,gtk-3.0/,resolv.conf,X11/,pulse/,alternatives/,localtime,nsswitch.conf
private-tmp

# Miscellaneous options

shell none
seccomp
noroot
caps.drop all
protocol unix,inet,inet6

Originally created by @chiraag-nataraj on GitHub (Mar 24, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/383 I'm trying to figure out which file(s) I need to whitelist in /etc/ to enable Firefox to detect that the network settings have changed. I've whitelisted resolv.conf, hosts, and nsswitch.conf (because I thought it might help). Other applications like Skype seem to not have a problem despite having similarly restrictive profiles. Here's my Firefox profile: ``` # Blacklist/Whitelist blacklist /usr/local/bin blacklist /usr/local/sbin blacklist /media blacklist /mnt blacklist /boot blacklist /ae108 whitelist ${HOME}/.mozilla whitelist ${HOME}/Downloads/ whitelist ${HOME}/.pulse/ whitelist ${HOME}/.config/pulse/ whitelist ${HOME}/.config/gtk-3.0/ whitelist ${HOME}/.config/google-googletalkplugin/ whitelist ${HOME}/.config/fcitx/ whitelist ${HOME}/.gtkrc-2.0 whitelist ${HOME}/.gtkrc.mine whitelist ${HOME}/.Xauthority whitelist ${HOME}/PDF/ # Private directories private-bin firefox.real,firefox,which,sh,dbus-launch,dbus-send,fcitx-dbus-watcher private-etc hosts,passwd,mime.types,fonts/,mailcap,iceweasel/,xdg/,gtk-3.0/,resolv.conf,X11/,pulse/,alternatives/,localtime,nsswitch.conf private-tmp # Miscellaneous options shell none seccomp noroot caps.drop all protocol unix,inet,inet6 ```

gitea-mirror

2026-05-05 05:29:45 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 05:29:52 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 25, 2016):

Your profile looks fine, how do you change network settings?

@netblue30 commented on GitHub (Mar 25, 2016): Your profile looks fine, how do you change network settings?

gitea-mirror commented

2026-05-05 05:29:56 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Mar 25, 2016):

I use wicd network manager to connect and disconnect from networks.

@chiraag-nataraj commented on GitHub (Mar 25, 2016): I use wicd network manager to connect and disconnect from networks.

gitea-mirror commented

2026-05-05 05:29:58 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 26, 2016):

Maybe one of the lines in the profile file disables this functionality. You can start by commenting all the lines in the profile and bringing them back one by one.

@netblue30 commented on GitHub (Mar 26, 2016): Maybe one of the lines in the profile file disables this functionality. You can start by commenting all the lines in the profile and bringing them back one by one.

gitea-mirror commented

2026-05-05 05:30:00 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Mar 27, 2016):

Hmmm....it's hard to do that just because I don't often change wireless networks 😛 Most likely it has something to do with private-etc or private-bin, but I'm not sure.

@chiraag-nataraj commented on GitHub (Mar 27, 2016): Hmmm....it's hard to do that just because I don't often change wireless networks :stuck_out_tongue: Most likely it has something to do with `private-etc` or `private-bin`, but I'm not sure.

gitea-mirror commented

2026-05-05 05:30:02 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 27, 2016):

I would disable private-bin and private-etc from the profile file, and in a separate terminal I would run "sudo firemon". This will list all the programs running in firejail sandboxes as they are started. Than I would go and play with the network. In case the problem is private-bin you'll get there new programs listed.

@netblue30 commented on GitHub (Mar 27, 2016): I would disable private-bin and private-etc from the profile file, and in a separate terminal I would run "sudo firemon". This will list all the programs running in firejail sandboxes as they are started. Than I would go and play with the network. In case the problem is private-bin you'll get there new programs listed.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#276

No description provided.

Rows
Columns