github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #5004] signal-desktop fails with Wayland Ozone platform #2851

New issue
Closed
opened 2026-05-05 09:30:21 -06:00 by gitea-mirror · 5 comments
gitea-mirror commented 2026-05-05 09:30:21 -06:00
Owner
Copy link

Originally created by @onny on GitHub (Mar 3, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5004

Description

signal-desktop wont launch when Wayland Ozone backend is enabled, it only works when environment variable LC_ALL=C is set.

Steps to Reproduce

Steps to reproduce the behavior

  1. Run in bash firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland
  2. signal-desktop fails to run

Expected behavior

signal-desktop should run with Wayland Ozone backend enabled

Actual behavior

Program crashes or wont run

Behavior without a profile

Same behavior

Additional context

When running the command with LC_ALL=C prefixed, it works: LC_ALL=C firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland

Environment

  • Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")
  • Firejail version (firejail --version).
  • If you use a development version of firejail, also the commit from which it was compiled (git rev-parse HEAD).

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland 

Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/signal-desktop.profile
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/signal-desktop.local
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/globals.local
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.profile
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.local
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-devel.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-exec.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-interpreters.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-programs.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-xdg.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-runuser-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-usr-share-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-var-common.inc
Parent pid 164419, child pid 164422
Warning: not remounting /var/lib/docker/btrfs
Warning: not remounting /var/lib/docker/btrfs
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping ca-certificates for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping ld.so.cache for private /etc
Warning: skipping ld.so.conf for private /etc
Warning: skipping ld.so.conf.d for private /etc
Warning: skipping ld.so.preload for private /etc
Private /etc installed in 11.86 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Child process initialized in 129.26 ms
Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' }
NODE_ENV production
NODE_CONFIG_DIR /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/lib/Signal/resources/app.asar/config
NODE_CONFIG {}
ALLOW_CONFIG_MUTATIONS undefined
HOSTNAME undefined
NODE_APP_INSTANCE undefined
SUPPRESS_NO_CONFIG_WARNING undefined
SIGNAL_ENABLE_HTTP undefined
userData: /home/onny/.config/Signal
config/get: Successfully read user config file
config/get: Successfully read ephemeral config file
making app single instance
LaunchProcess: failed to execvp:
xdg-settings
LaunchProcess: failed to execvp:
xdg-settings
[9:0303/141331.978179:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
{"level":30,"time":"2022-03-03T13:13:32.204Z","pid":9,"hostname":"tuxzentrale","msg":"app ready"}
{"level":30,"time":"2022-03-03T13:13:32.209Z","pid":9,"hostname":"tuxzentrale","msg":"starting version 5.30.0"}
{"level":30,"time":"2022-03-03T13:13:32.210Z","pid":9,"hostname":"tuxzentrale","msg":"media access status [object Undefined] [object Undefined]"}
{"level":30,"time":"2022-03-03T13:13:32.214Z","pid":9,"hostname":"tuxzentrale","msg":"MainSQL: updateSchema:\n  Current user_version: 50;\n  Most recent db schema: 50;\n  SQLite version: 3.36.0;\n  SQLCipher version: 4.5.0 community;\n  (deprecated) schema_version: 254;\n"}
{"level":30,"time":"2022-03-03T13:13:32.219Z","pid":9,"hostname":"tuxzentrale","msg":"got fast spellcheck setting true"}
[9:0303/141332.220199:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[9:0303/141332.220288:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[9:0303/141332.220360:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
{"level":30,"time":"2022-03-03T13:13:32.226Z","pid":9,"hostname":"tuxzentrale","msg":"getSystemTraySetting had no flags and did no DB lookups. Returning DoNotUseSystemTray"}
{"level":30,"time":"2022-03-03T13:13:32.228Z","pid":9,"hostname":"tuxzentrale","msg":"Initializing BrowserWindow config: {\"show\":false,\"width\":712,\"height\":740,\"minWidth\":712,\"minHeight\":550,\"autoHideMenuBar\":true,\"titleBarStyle\":\"default\",\"backgroundColor\":\"#3a76f0\",\"webPreferences\":{\"devTools\":false,\"spellcheck\":true,\"nodeIntegration\":false,\"nodeIntegrationInWorker\":false,\"contextIsolation\":false,\"preload\":\"[REDACTED]/preload.bundle.js\",\"nativeWindowOpen\":true,\"backgroundThrottling\":false,\"enablePreferredSizeMode\":true},\"icon\":\"[REDACTED]/images/signal-logo-desktop-linux.png\",\"x\":0,\"y\":0}"}

Parent is shutting down, bye...

Output of LC_ALL=C firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland 

Reading profile /home/onny/.config/firejail/signal-desktop.profile
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/signal-desktop.local
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/globals.local
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.profile
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.local
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-devel.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-exec.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-interpreters.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-programs.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-xdg.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-runuser-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-usr-share-common.inc
Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-var-common.inc
Parent pid 72609, child pid 72612
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping ca-certificates for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping ld.so.cache for private /etc
Warning: skipping ld.so.conf for private /etc
Warning: skipping ld.so.conf.d for private /etc
Warning: skipping ld.so.preload for private /etc
Private /etc installed in 17.58 ms
Private /usr/etc installed in 0.02 ms
Warning: cleaning all supplementary groups
Child process initialized in 180.34 ms
Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' }
NODE_ENV production
NODE_CONFIG_DIR /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/lib/Signal/resources/app.asar/config
NODE_CONFIG {}
ALLOW_CONFIG_MUTATIONS undefined
HOSTNAME undefined
NODE_APP_INSTANCE undefined
SUPPRESS_NO_CONFIG_WARNING undefined
SIGNAL_ENABLE_HTTP undefined
userData: /home/onny/.config/Signal
config/get: Successfully read user config file
config/get: Successfully read ephemeral config file
making app single instance
LaunchProcess: failed to execvp:
xdg-settings
LaunchProcess: failed to execvp:
xdg-settings
[9:0304/101240.340522:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
{"level":30,"time":"2022-03-04T09:12:40.587Z","pid":9,"hostname":"tuxzentrale","msg":"app ready"}
{"level":30,"time":"2022-03-04T09:12:40.588Z","pid":9,"hostname":"tuxzentrale","msg":"starting version 5.30.0"}
{"level":30,"time":"2022-03-04T09:12:40.589Z","pid":9,"hostname":"tuxzentrale","msg":"media access status [object Undefined] [object Undefined]"}
{"level":30,"time":"2022-03-04T09:12:40.591Z","pid":9,"hostname":"tuxzentrale","msg":"MainSQL: updateSchema:\n  Current user_version: 50;\n  Most recent db schema: 50;\n  SQLite version: 3.36.0;\n  SQLCipher version: 4.5.0 community;\n  (deprecated) schema_version: 254;\n"}
{"level":30,"time":"2022-03-04T09:12:40.594Z","pid":9,"hostname":"tuxzentrale","msg":"got fast spellcheck setting true"}
[9:0304/101240.595120:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[9:0304/101240.595233:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[9:0304/101240.595327:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
{"level":30,"time":"2022-03-04T09:12:40.597Z","pid":9,"hostname":"tuxzentrale","msg":"getSystemTraySetting had no flags and did no DB lookups. Returning DoNotUseSystemTray"}
{"level":30,"time":"2022-03-04T09:12:40.598Z","pid":9,"hostname":"tuxzentrale","msg":"Initializing BrowserWindow config: {\"show\":false,\"width\":1676,\"height\":1022,\"minWidth\":712,\"minHeight\":550,\"autoHideMenuBar\":true,\"titleBarStyle\":\"default\",\"backgroundColor\":\"#3a76f0\",\"webPreferences\":{\"devTools\":false,\"spellcheck\":true,\"nodeIntegration\":false,\"nodeIntegrationInWorker\":false,\"contextIsolation\":false,\"preload\":\"[REDACTED]/preload.bundle.js\",\"nativeWindowOpen\":true,\"backgroundThrottling\":false,\"enablePreferredSizeMode\":true},\"icon\":\"[REDACTED]/images/signal-logo-desktop-linux.png\",\"x\":0,\"y\":0}"}
{"level":30,"time":"2022-03-04T09:12:40.670Z","pid":9,"hostname":"tuxzentrale","msg":"spellcheck: user locale: en"}
{"level":30,"time":"2022-03-04T09:12:40.671Z","pid":9,"hostname":"tuxzentrale","msg":"spellcheck: available spellchecker languages:  [\"af\",\"bg\",\"ca\",\"cs\",\"cy\",\"da\",\"de\",\"de-DE\",\"el\",\"en-AU\",\"en-CA\",\"en-GB\",\"en-GB-oxendict\",\"en-US\",\"es\",\"es-419\",\"es-AR\",\"es-ES\",\"es-MX\",\"es-US\",\"et\",\"fa\",\"fo\",\"fr\",\"fr-FR\",\"he\",\"hi\",\"hr\",\"hu\",\"hy\",\"id\",\"it\",\"it-IT\",\"ko\",\"lt\",\"lv\",\"nb\",\"nl\",\"pl\",\"pt\",\"pt-BR\",\"pt-PT\",\"ro\",\"ru\",\"sh\",\"sk\",\"sl\",\"sq\",\"sr\",\"sv\",\"ta\",\"tg\",\"tr\",\"uk\",\"vi\"]"}
{"level":30,"time":"2022-03-04T09:12:40.671Z","pid":9,"hostname":"tuxzentrale","msg":"spellcheck: setting languages to:  [\"en-AU\",\"en-CA\",\"en-GB\",\"en-GB-oxendict\",\"en-US\"]"}
{"level":30,"time":"2022-03-04T09:12:40.694Z","pid":9,"hostname":"tuxzentrale","msg":"got fast spellcheck setting true"}
{"level":30,"time":"2022-03-04T09:12:40.854Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: created"}
{"level":30,"time":"2022-03-04T09:12:40.854Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: updating main window. Previously, there was not a window, and now there is"}
{"level":30,"time":"2022-03-04T09:12:40.855Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"}
{"level":30,"time":"2022-03-04T09:12:40.855Z","pid":9,"hostname":"tuxzentrale","msg":"Begin ensuring permissions"}
{"level":30,"time":"2022-03-04T09:12:40.979Z","pid":9,"hostname":"tuxzentrale","msg":"Ensuring file permissions for 4 files"}
{"level":30,"time":"2022-03-04T09:12:40.986Z","pid":9,"hostname":"tuxzentrale","msg":"Finish ensuring permissions in 131ms"}
[9:0304/101241.545395:ERROR:gpu_process_host.cc(968)] GPU process exited unexpectedly: exit_code=139
[9:0304/101242.244335:ERROR:gpu_process_host.cc(968)] GPU process exited unexpectedly: exit_code=139
[9:0304/101242.884228:ERROR:gpu_process_host.cc(968)] GPU process exited unexpectedly: exit_code=139
[87:0304/101243.025213:ERROR:sandbox_linux.cc(376)] InitializeSandbox() called with multiple threads in process gpu-process.
(node:66) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `exe --trace-deprecation ...` to show where the warning was created)
[87:0304/101243.805785:ERROR:gl_utils.cc(318)] [.RendererMainThread-0x2dc600112300]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
[87:0304/101243.874492:ERROR:gl_utils.cc(318)] [.RendererMainThread-0x2dc600112300]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
[87:0304/101243.904396:ERROR:gl_utils.cc(318)] [.RendererMainThread-0x2dc600112300]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
{"level":30,"time":"2022-03-04T09:12:44.017Z","pid":9,"hostname":"tuxzentrale","msg":"main window is ready-to-show"}
{"level":30,"time":"2022-03-04T09:12:44.018Z","pid":9,"hostname":"tuxzentrale","msg":"showing main window"}
{"level":30,"time":"2022-03-04T09:12:44.025Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"}
{"level":30,"time":"2022-03-04T09:12:45.074Z","pid":9,"hostname":"tuxzentrale","msg":"sending `database-ready`"}
{"level":30,"time":"2022-03-04T09:12:45.868Z","pid":9,"hostname":"tuxzentrale","msg":"Prevent display sleep service: allowing display sleep"}
{"level":30,"time":"2022-03-04T09:12:46.468Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: setting unread count to 5"}
{"level":30,"time":"2022-03-04T09:12:46.468Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"}
{"level":30,"time":"2022-03-04T09:12:46.813Z","pid":9,"hostname":"tuxzentrale","msg":"updater/start: Updates disabled - not starting new version checks"}
{"level":30,"time":"2022-03-04T09:12:46.839Z","pid":9,"hostname":"tuxzentrale","msg":"App loaded - time: 6262"}
{"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"SQL init - time: 117"}
{"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"Preload - time: 1927"}
{"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"WebSocket connect - time: 2682"}
{"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"Processed count: 1"}
{"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"Messages per second: 0.6049606775559588"}
{"level":30,"time":"2022-03-04T09:12:47.714Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: setting unread count to 6"}
{"level":30,"time":"2022-03-04T09:12:47.714Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"}
[...]

Output of firejail --debug /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland 

output goes here

Output of LC_ALL=C firejail --debug /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland 

output goes here

Originally created by @onny on GitHub (Mar 3, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5004 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description `signal-desktop` wont launch when Wayland Ozone backend is enabled, it only works when environment variable `LC_ALL=C` is set. ### Steps to Reproduce _Steps to reproduce the behavior_ 1. Run in bash `firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland` 2. `signal-desktop` fails to run ### Expected behavior `signal-desktop` should run with Wayland Ozone backend enabled ### Actual behavior Program crashes or wont run ### Behavior without a profile Same behavior ### Additional context When running the command with `LC_ALL=C` prefixed, it works: `LC_ALL=C firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland` ### Environment - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") - Firejail version (`firejail --version`). - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`). ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland</code></summary> <p> ``` Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/signal-desktop.profile Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/signal-desktop.local Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/globals.local Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.profile Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.local Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-devel.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-exec.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-interpreters.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-programs.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-xdg.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-runuser-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-usr-share-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-var-common.inc Parent pid 164419, child pid 164422 Warning: not remounting /var/lib/docker/btrfs Warning: not remounting /var/lib/docker/btrfs Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping ca-certificates for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping ld.so.cache for private /etc Warning: skipping ld.so.conf for private /etc Warning: skipping ld.so.conf.d for private /etc Warning: skipping ld.so.preload for private /etc Private /etc installed in 11.86 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Child process initialized in 129.26 ms Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' } NODE_ENV production NODE_CONFIG_DIR /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/lib/Signal/resources/app.asar/config NODE_CONFIG {} ALLOW_CONFIG_MUTATIONS undefined HOSTNAME undefined NODE_APP_INSTANCE undefined SUPPRESS_NO_CONFIG_WARNING undefined SIGNAL_ENABLE_HTTP undefined userData: /home/onny/.config/Signal config/get: Successfully read user config file config/get: Successfully read ephemeral config file making app single instance LaunchProcess: failed to execvp: xdg-settings LaunchProcess: failed to execvp: xdg-settings [9:0303/141331.978179:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied {"level":30,"time":"2022-03-03T13:13:32.204Z","pid":9,"hostname":"tuxzentrale","msg":"app ready"} {"level":30,"time":"2022-03-03T13:13:32.209Z","pid":9,"hostname":"tuxzentrale","msg":"starting version 5.30.0"} {"level":30,"time":"2022-03-03T13:13:32.210Z","pid":9,"hostname":"tuxzentrale","msg":"media access status [object Undefined] [object Undefined]"} {"level":30,"time":"2022-03-03T13:13:32.214Z","pid":9,"hostname":"tuxzentrale","msg":"MainSQL: updateSchema:\n Current user_version: 50;\n Most recent db schema: 50;\n SQLite version: 3.36.0;\n SQLCipher version: 4.5.0 community;\n (deprecated) schema_version: 254;\n"} {"level":30,"time":"2022-03-03T13:13:32.219Z","pid":9,"hostname":"tuxzentrale","msg":"got fast spellcheck setting true"} [9:0303/141332.220199:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [9:0303/141332.220288:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [9:0303/141332.220360:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied {"level":30,"time":"2022-03-03T13:13:32.226Z","pid":9,"hostname":"tuxzentrale","msg":"getSystemTraySetting had no flags and did no DB lookups. Returning DoNotUseSystemTray"} {"level":30,"time":"2022-03-03T13:13:32.228Z","pid":9,"hostname":"tuxzentrale","msg":"Initializing BrowserWindow config: {\"show\":false,\"width\":712,\"height\":740,\"minWidth\":712,\"minHeight\":550,\"autoHideMenuBar\":true,\"titleBarStyle\":\"default\",\"backgroundColor\":\"#3a76f0\",\"webPreferences\":{\"devTools\":false,\"spellcheck\":true,\"nodeIntegration\":false,\"nodeIntegrationInWorker\":false,\"contextIsolation\":false,\"preload\":\"[REDACTED]/preload.bundle.js\",\"nativeWindowOpen\":true,\"backgroundThrottling\":false,\"enablePreferredSizeMode\":true},\"icon\":\"[REDACTED]/images/signal-logo-desktop-linux.png\",\"x\":0,\"y\":0}"} Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland</code></summary> <p> ``` Reading profile /home/onny/.config/firejail/signal-desktop.profile Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/signal-desktop.local Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/globals.local Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.profile Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/electron.local Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-devel.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-exec.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-interpreters.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-programs.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/disable-xdg.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-runuser-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-usr-share-common.inc Reading profile /nix/store/r56z20zmfn69nwgvv44xh3w2ww3ikl6l-firejail-0.9.68/etc/firejail/whitelist-var-common.inc Parent pid 72609, child pid 72612 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping ca-certificates for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping ld.so.cache for private /etc Warning: skipping ld.so.conf for private /etc Warning: skipping ld.so.conf.d for private /etc Warning: skipping ld.so.preload for private /etc Private /etc installed in 17.58 ms Private /usr/etc installed in 0.02 ms Warning: cleaning all supplementary groups Child process initialized in 180.34 ms Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' } NODE_ENV production NODE_CONFIG_DIR /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/lib/Signal/resources/app.asar/config NODE_CONFIG {} ALLOW_CONFIG_MUTATIONS undefined HOSTNAME undefined NODE_APP_INSTANCE undefined SUPPRESS_NO_CONFIG_WARNING undefined SIGNAL_ENABLE_HTTP undefined userData: /home/onny/.config/Signal config/get: Successfully read user config file config/get: Successfully read ephemeral config file making app single instance LaunchProcess: failed to execvp: xdg-settings LaunchProcess: failed to execvp: xdg-settings [9:0304/101240.340522:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied {"level":30,"time":"2022-03-04T09:12:40.587Z","pid":9,"hostname":"tuxzentrale","msg":"app ready"} {"level":30,"time":"2022-03-04T09:12:40.588Z","pid":9,"hostname":"tuxzentrale","msg":"starting version 5.30.0"} {"level":30,"time":"2022-03-04T09:12:40.589Z","pid":9,"hostname":"tuxzentrale","msg":"media access status [object Undefined] [object Undefined]"} {"level":30,"time":"2022-03-04T09:12:40.591Z","pid":9,"hostname":"tuxzentrale","msg":"MainSQL: updateSchema:\n Current user_version: 50;\n Most recent db schema: 50;\n SQLite version: 3.36.0;\n SQLCipher version: 4.5.0 community;\n (deprecated) schema_version: 254;\n"} {"level":30,"time":"2022-03-04T09:12:40.594Z","pid":9,"hostname":"tuxzentrale","msg":"got fast spellcheck setting true"} [9:0304/101240.595120:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [9:0304/101240.595233:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [9:0304/101240.595327:ERROR:bus.cc(393)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied {"level":30,"time":"2022-03-04T09:12:40.597Z","pid":9,"hostname":"tuxzentrale","msg":"getSystemTraySetting had no flags and did no DB lookups. Returning DoNotUseSystemTray"} {"level":30,"time":"2022-03-04T09:12:40.598Z","pid":9,"hostname":"tuxzentrale","msg":"Initializing BrowserWindow config: {\"show\":false,\"width\":1676,\"height\":1022,\"minWidth\":712,\"minHeight\":550,\"autoHideMenuBar\":true,\"titleBarStyle\":\"default\",\"backgroundColor\":\"#3a76f0\",\"webPreferences\":{\"devTools\":false,\"spellcheck\":true,\"nodeIntegration\":false,\"nodeIntegrationInWorker\":false,\"contextIsolation\":false,\"preload\":\"[REDACTED]/preload.bundle.js\",\"nativeWindowOpen\":true,\"backgroundThrottling\":false,\"enablePreferredSizeMode\":true},\"icon\":\"[REDACTED]/images/signal-logo-desktop-linux.png\",\"x\":0,\"y\":0}"} {"level":30,"time":"2022-03-04T09:12:40.670Z","pid":9,"hostname":"tuxzentrale","msg":"spellcheck: user locale: en"} {"level":30,"time":"2022-03-04T09:12:40.671Z","pid":9,"hostname":"tuxzentrale","msg":"spellcheck: available spellchecker languages: [\"af\",\"bg\",\"ca\",\"cs\",\"cy\",\"da\",\"de\",\"de-DE\",\"el\",\"en-AU\",\"en-CA\",\"en-GB\",\"en-GB-oxendict\",\"en-US\",\"es\",\"es-419\",\"es-AR\",\"es-ES\",\"es-MX\",\"es-US\",\"et\",\"fa\",\"fo\",\"fr\",\"fr-FR\",\"he\",\"hi\",\"hr\",\"hu\",\"hy\",\"id\",\"it\",\"it-IT\",\"ko\",\"lt\",\"lv\",\"nb\",\"nl\",\"pl\",\"pt\",\"pt-BR\",\"pt-PT\",\"ro\",\"ru\",\"sh\",\"sk\",\"sl\",\"sq\",\"sr\",\"sv\",\"ta\",\"tg\",\"tr\",\"uk\",\"vi\"]"} {"level":30,"time":"2022-03-04T09:12:40.671Z","pid":9,"hostname":"tuxzentrale","msg":"spellcheck: setting languages to: [\"en-AU\",\"en-CA\",\"en-GB\",\"en-GB-oxendict\",\"en-US\"]"} {"level":30,"time":"2022-03-04T09:12:40.694Z","pid":9,"hostname":"tuxzentrale","msg":"got fast spellcheck setting true"} {"level":30,"time":"2022-03-04T09:12:40.854Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: created"} {"level":30,"time":"2022-03-04T09:12:40.854Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: updating main window. Previously, there was not a window, and now there is"} {"level":30,"time":"2022-03-04T09:12:40.855Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"} {"level":30,"time":"2022-03-04T09:12:40.855Z","pid":9,"hostname":"tuxzentrale","msg":"Begin ensuring permissions"} {"level":30,"time":"2022-03-04T09:12:40.979Z","pid":9,"hostname":"tuxzentrale","msg":"Ensuring file permissions for 4 files"} {"level":30,"time":"2022-03-04T09:12:40.986Z","pid":9,"hostname":"tuxzentrale","msg":"Finish ensuring permissions in 131ms"} [9:0304/101241.545395:ERROR:gpu_process_host.cc(968)] GPU process exited unexpectedly: exit_code=139 [9:0304/101242.244335:ERROR:gpu_process_host.cc(968)] GPU process exited unexpectedly: exit_code=139 [9:0304/101242.884228:ERROR:gpu_process_host.cc(968)] GPU process exited unexpectedly: exit_code=139 [87:0304/101243.025213:ERROR:sandbox_linux.cc(376)] InitializeSandbox() called with multiple threads in process gpu-process. (node:66) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead. (Use `exe --trace-deprecation ...` to show where the warning was created) [87:0304/101243.805785:ERROR:gl_utils.cc(318)] [.RendererMainThread-0x2dc600112300]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels [87:0304/101243.874492:ERROR:gl_utils.cc(318)] [.RendererMainThread-0x2dc600112300]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels [87:0304/101243.904396:ERROR:gl_utils.cc(318)] [.RendererMainThread-0x2dc600112300]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels {"level":30,"time":"2022-03-04T09:12:44.017Z","pid":9,"hostname":"tuxzentrale","msg":"main window is ready-to-show"} {"level":30,"time":"2022-03-04T09:12:44.018Z","pid":9,"hostname":"tuxzentrale","msg":"showing main window"} {"level":30,"time":"2022-03-04T09:12:44.025Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"} {"level":30,"time":"2022-03-04T09:12:45.074Z","pid":9,"hostname":"tuxzentrale","msg":"sending `database-ready`"} {"level":30,"time":"2022-03-04T09:12:45.868Z","pid":9,"hostname":"tuxzentrale","msg":"Prevent display sleep service: allowing display sleep"} {"level":30,"time":"2022-03-04T09:12:46.468Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: setting unread count to 5"} {"level":30,"time":"2022-03-04T09:12:46.468Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"} {"level":30,"time":"2022-03-04T09:12:46.813Z","pid":9,"hostname":"tuxzentrale","msg":"updater/start: Updates disabled - not starting new version checks"} {"level":30,"time":"2022-03-04T09:12:46.839Z","pid":9,"hostname":"tuxzentrale","msg":"App loaded - time: 6262"} {"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"SQL init - time: 117"} {"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"Preload - time: 1927"} {"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"WebSocket connect - time: 2682"} {"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"Processed count: 1"} {"level":30,"time":"2022-03-04T09:12:46.840Z","pid":9,"hostname":"tuxzentrale","msg":"Messages per second: 0.6049606775559588"} {"level":30,"time":"2022-03-04T09:12:47.714Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: setting unread count to 6"} {"level":30,"time":"2022-03-04T09:12:47.714Z","pid":9,"hostname":"tuxzentrale","msg":"System tray service: rendering no tray"} [...] ``` </p> </details> <details> <summary>Output of <code>firejail --debug /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland</code></summary> <p> ``` output goes here ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /nix/store/hhr5nvk3f8cpxsp7i1zvqvj89shg969l-signal-desktop-5.30.0/bin/signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland</code></summary> <p> ``` output goes here ``` </p> </details>
gitea-mirror commented 2026-05-05 09:30:23 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 3, 2022):

Seeing that /usr/share/locale is already whitelisted in whitelist-usr-share-common.inc I wonder if something is missing from private-etc. Can you bring signal-desktop up when adding --ignore=private-etc? If so, try --private-etc=locale,locale.alias,locale.conf next to return the sandbox to the same hardening level.

<!-- gh-comment-id:1058355290 --> @ghost commented on GitHub (Mar 3, 2022): Seeing that /usr/share/locale is already whitelisted in whitelist-usr-share-common.inc I wonder if something is missing from private-etc. Can you bring signal-desktop up when adding `--ignore=private-etc`? If so, try `--private-etc=locale,locale.alias,locale.conf` next to return the sandbox to the same hardening level.
gitea-mirror commented 2026-05-05 09:30:24 -06:00
Author
Owner
Copy link

@onny commented on GitHub (Mar 4, 2022):

Hey @glitsj16, unfortunately even with --ignore=private-etc it doesn't work. I guess NixOS is a bit special here because standard paths like /usr/share/locale does not exist.

Maybe I have to whitelist other paths too?

$ env | rg -i locale
LOCALE_ARCHIVE_2_27=/nix/store/gfzp1a6ab4ffwg75bnrycwdrd7cqki1i-glibc-locales-2.33-117/lib/locale/locale-archive
LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive
<!-- gh-comment-id:1058967320 --> @onny commented on GitHub (Mar 4, 2022): Hey @glitsj16, unfortunately even with `--ignore=private-etc` it doesn't work. I guess NixOS is a bit special here because standard paths like `/usr/share/locale` does not exist. Maybe I have to whitelist other paths too? ``` $ env | rg -i locale LOCALE_ARCHIVE_2_27=/nix/store/gfzp1a6ab4ffwg75bnrycwdrd7cqki1i-glibc-locales-2.33-117/lib/locale/locale-archive LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive ```
gitea-mirror commented 2026-05-05 09:30:25 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 4, 2022):

Maybe I have to whitelist other paths too?

Probably, but difficult for me to judge from here. You could use the --trace=~/Downloads/signal-desktop.log option to produce a list of open/access calls to ease this kind of debugging.

<!-- gh-comment-id:1059262784 --> @ghost commented on GitHub (Mar 4, 2022): > Maybe I have to whitelist other paths too? Probably, but difficult for me to judge from here. You could use the `--trace=~/Downloads/signal-desktop.log` option to produce a list of open/access calls to ease this kind of debugging.
gitea-mirror commented 2026-05-05 09:30:27 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 4, 2022):

Maybe related: #4887

Behavior without a profile

Same behavior

Does --profile=noprofile work?

<!-- gh-comment-id:1059350600 --> @rusty-snake commented on GitHub (Mar 4, 2022): Maybe related: #4887 --- > Behavior without a profile > > Same behavior Does `--profile=noprofile` work?
gitea-mirror commented 2026-05-05 09:30:28 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 8, 2022):

I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.

<!-- gh-comment-id:1149812168 --> @rusty-snake commented on GitHub (Jun 8, 2022): I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2851
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?