github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4988] mplayer: program does not start #2845

New issue
Closed
opened 2026-05-05 09:29:59 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 09:29:59 -06:00
Owner
Copy link

Originally created by @Rosika2 on GitHub (Feb 27, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4988

Hi all,

I once wrote a tts-script (text-to-speech) which has always worked well. Yet recently - with the new version of firejail (0.9.68) I seem to run into problems.

The problematic part is this:

At some point in the script I need to run mplayer within firejail, where mplayer wants to access a sound-file (.wav) which is located in /tmp.
This was no problem until now but as of late it seems it is.

So I tried out a simplified command to verify it:

For setting up the scenario I copied a .wav-file into /tmp in order to access it.

Then:

firejail mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav
Reading profile /etc/firejail/mplayer.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-player-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 16597, child pid 16598
1 program installed in 15.11 ms
Warning: not remounting /run/user/1000/gvfs
Child process initialized in 155.81 ms
MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team
do_connect: could not connect to socket
connect: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.

Playing /tmp/behalten_Pausenzeichen_SWF1_1974.wav.
File not found: '/tmp/behalten_Pausenzeichen_SWF1_1974.wav'
Failed to open /tmp/behalten_Pausenzeichen_SWF1_1974.wav.


Exiting... (End of file)

Parent is shutting down, bye...

So mplayer running within firejail doesn´t seem to have access to the file residing in /tmp.

After that I tried it with the --noprofile option:

firejail --noprofile mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav
Parent pid 16884, child pid 16885
Child process initialized in 23.67 ms
MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team
do_connect: could not connect to socket
connect: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.

The process got stuck here and I had to abort with "CTRL+C":

^C
Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...

Running the mplayer-command without firejail yields perfect results; but I want to implement the sandbox mechanism at this point.

What might be the background of this behaviour?

Thanks a lot in advance for your help.

Many greetings.
Rosika

Originally created by @Rosika2 on GitHub (Feb 27, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/4988 Hi all, I once wrote a tts-script (text-to-speech) which has always worked well. Yet recently - with the new version of **firejail** (0.9.68) I seem to run into problems. The problematic part is this: At some point in the script I need to run **mplayer** within firejail, where **mplayer** wants to access a sound-file (.wav) which is located in /tmp. This was no problem until now but as of late it seems it is. So I tried out a simplified command to verify it: For setting up the scenario I copied a .wav-file into /tmp in order to access it. Then: ``` firejail mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav Reading profile /etc/firejail/mplayer.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-player-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 16597, child pid 16598 1 program installed in 15.11 ms Warning: not remounting /run/user/1000/gvfs Child process initialized in 155.81 ms MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team do_connect: could not connect to socket connect: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Playing /tmp/behalten_Pausenzeichen_SWF1_1974.wav. File not found: '/tmp/behalten_Pausenzeichen_SWF1_1974.wav' Failed to open /tmp/behalten_Pausenzeichen_SWF1_1974.wav. Exiting... (End of file) Parent is shutting down, bye... ``` So mplayer running within firejail doesn´t seem to have access to the file residing in /tmp. After that I tried it with the _--noprofile_ option: ``` firejail --noprofile mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav Parent pid 16884, child pid 16885 Child process initialized in 23.67 ms MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team do_connect: could not connect to socket connect: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. ``` The process got stuck here and I had to abort with "CTRL+C": ``` ^C Parent received signal 2, shutting down the child process... Child received signal 2, shutting down the sandbox... Parent is shutting down, bye... ``` Running the mplayer-command without firejail yields perfect results; but I want to implement the sandbox mechanism at this point. What might be the background of this behaviour? Thanks a lot in advance for your help. Many greetings. Rosika
gitea-mirror commented 2026-05-05 09:30:02 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 27, 2022):

To give mplayer access to /tmp/behalten_Pausenzeichen_SWF1_1974.wav you need to whitelist /tmp/behalten_Pausenzeichen_SWF1_1974.wav (or whitelist /tmp/*.wav in general; or ignore private-tmp but this is less secure). This is not new in firejail 0.9.68 maybe something different changed too?

So firejail --noprofile mplayer still fails? Does firejail --keep-fd=all --profile=noprofile /usr/bin/mplayer … work?

<!-- gh-comment-id:1053577309 --> @rusty-snake commented on GitHub (Feb 27, 2022): To give mplayer access to `/tmp/behalten_Pausenzeichen_SWF1_1974.wav` you need to `whitelist /tmp/behalten_Pausenzeichen_SWF1_1974.wav` (or `whitelist /tmp/*.wav` in general; or `ignore private-tmp` but this is less secure). This is not new in firejail 0.9.68 maybe something different changed too? So `firejail --noprofile mplayer` still fails? Does `firejail --keep-fd=all --profile=noprofile /usr/bin/mplayer …` work?
gitea-mirror commented 2026-05-05 09:30:03 -06:00
Author
Owner
Copy link

@Rosika2 commented on GitHub (Feb 27, 2022):

Hi @rusty-snake,

thanks so much for your quick reply.

First of all: the whitelist option works, which is great.
firejail --whitelist="/tmp/*.wav" mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav
plays the .wav-file in /tmp as it used to.

(Note: I had to use inverted commas as the fish shell would otherwise complain: No matches for wildcard '--whitelist=/tmp/*.wav' ; with bash of course not needed).

So that´s fine. Thanks a lot.

This is not new in firejail 0.9.68 maybe something different changed too?

Hmm, actually not. Of course I´m on a new kernel due to updates now: 5.4.0-100-generic.
That´s the only thing which I can think of.

As far as noprofile is concerned:
Still the same result:

firejail --keep-fd=all --profile=noprofile /usr/bin/mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav
Reading profile /etc/firejail/noprofile.profile
Parent pid 21578, child pid 21579
Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied
Child process initialized in 15.22 ms
MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team
do_connect: could not connect to socket
connect: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.
^C
Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...

Thanks so much again and many greetings.
Rosika

<!-- gh-comment-id:1053582857 --> @Rosika2 commented on GitHub (Feb 27, 2022): Hi @rusty-snake, thanks so much for your quick reply. First of all: the whitelist option works, which is great. `firejail --whitelist="/tmp/*.wav" mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav` plays the .wav-file in /tmp as it used to. (Note: I had to use inverted commas as the _fish_ shell would otherwise complain: _No matches for wildcard '--whitelist=/tmp/*.wav'_ ; with _bash_ of course not needed). So that´s fine. Thanks a lot. > This is not new in firejail 0.9.68 maybe something different changed too? Hmm, actually not. Of course I´m on a new kernel due to updates now: **5.4.0-100-generic**. That´s the only thing which I can think of. As far as **noprofile** is concerned: Still the same result: ``` firejail --keep-fd=all --profile=noprofile /usr/bin/mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav Reading profile /etc/firejail/noprofile.profile Parent pid 21578, child pid 21579 Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied Child process initialized in 15.22 ms MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team do_connect: could not connect to socket connect: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. ^C Parent received signal 2, shutting down the child process... Child received signal 2, shutting down the sandbox... Parent is shutting down, bye... ``` Thanks so much again and many greetings. Rosika
gitea-mirror commented 2026-05-05 09:30:04 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 27, 2022):

Maybe deterministic-shutdown helps.

<!-- gh-comment-id:1053587879 --> @rusty-snake commented on GitHub (Feb 27, 2022): Maybe `deterministic-shutdown` helps.
gitea-mirror commented 2026-05-05 09:30:06 -06:00
Author
Owner
Copy link

@Rosika2 commented on GitHub (Feb 27, 2022):

Hi again,

sorry, it doesn´t seem to improve the outcome of the command either.
I get the same results.

firejail --deterministic-shutdown --profile=noprofile /usr/bin/mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav
Reading profile /etc/firejail/noprofile.profile
Parent pid 25242, child pid 25243
Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied
Child process initialized in 20.50 ms
MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team
do_connect: could not connect to socket
connect: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.

Parent is shutting down, bye...

--noprofile still seems difficult.
Well, as long as the --whitelist-option helps (which it does) I´m really okay.

Many thanks.
Rosika

<!-- gh-comment-id:1053592350 --> @Rosika2 commented on GitHub (Feb 27, 2022): Hi again, sorry, it doesn´t seem to improve the outcome of the command either. I get the same results. ``` firejail --deterministic-shutdown --profile=noprofile /usr/bin/mplayer /tmp/behalten_Pausenzeichen_SWF1_1974.wav Reading profile /etc/firejail/noprofile.profile Parent pid 25242, child pid 25243 Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied Child process initialized in 20.50 ms MPlayer 1.3.0 (Debian), built with gcc-9 (C) 2000-2016 MPlayer Team do_connect: could not connect to socket connect: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Parent is shutting down, bye... ``` `--noprofile` still seems difficult. Well, as long as the `--whitelist`-option helps (which it does) I´m really okay. Many thanks. Rosika
gitea-mirror commented 2026-05-05 09:30:06 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 27, 2022):

The hangs have likely the same cause as in #4935.

You can try to bisect this if you want.

<!-- gh-comment-id:1053668253 --> @rusty-snake commented on GitHub (Feb 27, 2022): The hangs have likely the same cause as in #4935. You can try to bisect this if you want.
gitea-mirror commented 2026-05-05 09:30:07 -06:00
Author
Owner
Copy link

@Rosika2 commented on GitHub (Feb 28, 2022):

Hi @rusty-snake,

The hangs have likely the same cause as in https://github.com/netblue30/firejail/issues/4935.

Yes, that sounds plausible - and it would certainly be the same case with a third problem I detected yesterday:

I often like to perform web-searches with ddgr. And all of a sudden a command that used to work doesn´t work any more:

env BROWSER=w3m firejail --private=/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_ddgr/ddgr_focal/ddgr-master ./ddgr -x --colors bjdxxy --unsafe
Error: no suitable ./ddgr executable found

The error message seems weird as there is a suitable ddgr executable in the respective directory:

ll /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_ddgr/ddgr_focal/ddgr-master 
insgesamt 172K
drwxrwxr-x 5 rosika rosika 4,0K Dez 28  2020 auto-completion
-rw-rw-r-- 1 rosika rosika 2,7K Dez 28  2020 CHANGELOG
-rwxr-xr-x 1 rosika rosika  69K Dez 28  2020 ddgr
-rw-rw-r-- 1 rosika rosika 9,0K Dez 28  2020 ddgr.1
-rw-rw-r-- 1 rosika rosika 6,8K Jun 13  2018 index.html
-rw-rw-r-- 1 rosika rosika  35K Dez 28  2020 LICENSE
-rw-rw-r-- 1 rosika rosika  582 Dez 28  2020 Makefile
-rw-rw-r-- 1 rosika rosika   26 Dez 28  2020 MANIFEST.in
-rw-rw-r-- 1 rosika rosika 1,4K Dez 28  2020 packagecore.yaml
-rw-rw-r-- 1 rosika rosika  13K Dez 28  2020 README.md
-rw-rw-r-- 1 rosika rosika 1,7K Dez 28  2020 setup.py

Once again I tried the command with the --noprofile option:

env BROWSER=w3m firejail --noprofile --private=/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_ddgr/ddgr_focal/ddgr-master ./ddgr -x --colors bjdxxy --unsafe
Parent pid 15936, child pid 15937
Child process initialized in 20.38 ms
^C
Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...

and here again the programme hangs until I manually abort with "CTRL+C".

You can try to bisect this if you want.

Thanks for the suggestion. I´d have to read up on the topic first as I´m certainly not proficient enough for doing that by default.

Many thanks and many greetings.
Rosika

<!-- gh-comment-id:1054267784 --> @Rosika2 commented on GitHub (Feb 28, 2022): Hi @rusty-snake, > The hangs have likely the same cause as in https://github.com/netblue30/firejail/issues/4935. Yes, that sounds plausible - and it would certainly be the same case with a third problem I detected yesterday: I often like to perform web-searches with `ddgr`. And all of a sudden a command that used to work doesn´t work any more: ``` env BROWSER=w3m firejail --private=/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_ddgr/ddgr_focal/ddgr-master ./ddgr -x --colors bjdxxy --unsafe Error: no suitable ./ddgr executable found ``` The error message seems weird as **there is** a suitable `ddgr` executable in the respective directory: ``` ll /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_ddgr/ddgr_focal/ddgr-master insgesamt 172K drwxrwxr-x 5 rosika rosika 4,0K Dez 28 2020 auto-completion -rw-rw-r-- 1 rosika rosika 2,7K Dez 28 2020 CHANGELOG -rwxr-xr-x 1 rosika rosika 69K Dez 28 2020 ddgr -rw-rw-r-- 1 rosika rosika 9,0K Dez 28 2020 ddgr.1 -rw-rw-r-- 1 rosika rosika 6,8K Jun 13 2018 index.html -rw-rw-r-- 1 rosika rosika 35K Dez 28 2020 LICENSE -rw-rw-r-- 1 rosika rosika 582 Dez 28 2020 Makefile -rw-rw-r-- 1 rosika rosika 26 Dez 28 2020 MANIFEST.in -rw-rw-r-- 1 rosika rosika 1,4K Dez 28 2020 packagecore.yaml -rw-rw-r-- 1 rosika rosika 13K Dez 28 2020 README.md -rw-rw-r-- 1 rosika rosika 1,7K Dez 28 2020 setup.py ``` Once again I tried the command with the `--noprofile` option: ``` env BROWSER=w3m firejail --noprofile --private=/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_ddgr/ddgr_focal/ddgr-master ./ddgr -x --colors bjdxxy --unsafe Parent pid 15936, child pid 15937 Child process initialized in 20.38 ms ^C Parent received signal 2, shutting down the child process... Child received signal 2, shutting down the sandbox... Parent is shutting down, bye... ``` and here again the programme hangs until I manually abort with "CTRL+C". > You can try to bisect this if you want. Thanks for the suggestion. I´d have to read up on the topic first as I´m certainly not proficient enough for doing that by default. Many thanks and many greetings. Rosika
gitea-mirror commented 2026-05-05 09:30:09 -06:00
Author
Owner
Copy link

@Rosika2 commented on GitHub (Feb 28, 2022):

UPDATE:

For my latest problem (the one with ddgr if found a workaround:

  • In order to avoid any problems in case that a pretty old version of ddgr might trigger any problems I got hold of the latest package as a zip-file: https://github.com/jarun/ddgr/releases/tag/v1.9 [Source code (zip)], unpacked it and put it a dedicated directory:

/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work/ddgr-1.9/ddgr-1.9/

  • With the help of the following one-liner (fish-syntax):

cd /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work/ddgr-1.9/ddgr-1.9; and env BROWSER=w3m firejail --private=(pwd); and cd

I get in the respective folder and from there I can issue the command ./ddgr and can initiate search queries. w3m being the respective browser I set. So everything´s executed within that dedicated private directory; and it seems to work well.

I think I can live with this solution/workaround.

Thanks again so much for your help.
Many greetings from Rosika

<!-- gh-comment-id:1054337409 --> @Rosika2 commented on GitHub (Feb 28, 2022): UPDATE: For my latest problem (the one with `ddgr` if found a **workaround**: - In order to avoid any problems in case that a pretty old version of `ddgr` might trigger any problems I got hold of the latest package as a zip-file: https://github.com/jarun/ddgr/releases/tag/v1.9 [Source code (zip)], unpacked it and put it a dedicated directory: /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work/ddgr-1.9/ddgr-1.9/ - With the help of the following one-liner (`fish`-syntax): `cd /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work/ddgr-1.9/ddgr-1.9; and env BROWSER=w3m firejail --private=(pwd); and cd` I get in the respective folder and from there I can issue the command `./ddgr` and can initiate search queries. `w3m` being the respective browser I set. So everything´s executed within that dedicated private directory; and it seems to work well. I think I can live with this solution/workaround. Thanks again so much for your help. Many greetings from Rosika
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2845
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?