[GH-ISSUE #5023] [REOPEN] Element Messenger breaking out of Firejail? #2857

New issue

Closed

opened 2026-05-05 09:30:59 -06:00 by gitea-mirror · 16 comments

gitea-mirror commented 2026-05-05 09:30:59 -06:00

Owner

Copy link

Originally created by @vsatmydynipnet on GitHub (Mar 7, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5023

Running

ii firejail 0.9.68-3 amd64 sandbox to restrict the application environment
ii firejail-profiles 0.9.68-3 all profiles for the firejail application sandbox

on Debian Sid.

I have running https://element.io Messenger and everything worked till the last update. Now I have the problem that if I want to save a file I only see the private home dir, but on upload I see the real home dir not

private /opt/Firejail/element

So it looks like Element breaks out on Upload from Firejail. Firefox and Thunderbird don't do that. These ones work.

Is there a way to debug things?

Running:

/usr/bin/firejail --profile=/home/user/.config/firejail/element.profile /bin/bash

has everythning correct.

Thank you for any hint.

Originally created by @vsatmydynipnet on GitHub (Mar 7, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5023 Running ii firejail 0.9.68-3 amd64 sandbox to restrict the application environment ii firejail-profiles 0.9.68-3 all profiles for the firejail application sandbox on Debian Sid. I have running https://element.io Messenger and everything worked till the last update. Now I have the problem that if I want to save a file I only see the private home dir, but on upload I see the real home dir not private /opt/Firejail/element So it looks like Element breaks out on Upload from Firejail. Firefox and Thunderbird don't do that. These ones work. Is there a way to debug things? Running: /usr/bin/firejail --profile=/home/user/.config/firejail/element.profile /bin/bash has everythning correct. Thank you for any hint.

gitea-mirror closed this issue 2026-05-05 09:31:00 -06:00

gitea-mirror commented 2026-05-05 09:31:02 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Mar 7, 2022):

/usr/bin/firejail --profile=/home/user/.config/firejail/element.profile /bin/bash

I'm assuming your /home/user/.config/firejail/element.profile is for testing purposes only, correct? Just a question, I'm not so familiar with element and was confused to see it. The rest of your observations are based on using the app with the element-desktop.profile from /etc/firejail?

<!-- gh-comment-id:1060893434 --> @ghost commented on GitHub (Mar 7, 2022): > /usr/bin/firejail --profile=/home/user/.config/firejail/element.profile /bin/bash I'm assuming your `/home/user/.config/firejail/element.profile` is for testing purposes only, correct? Just a question, I'm not so familiar with element and was confused to see it. The rest of your observations are based on using the app with the element-desktop.profile from /etc/firejail?

gitea-mirror commented 2026-05-05 09:31:03 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Mar 7, 2022):

Where do you see the real home? In the file open dialog? Does element use portals?

<!-- gh-comment-id:1060913508 --> @rusty-snake commented on GitHub (Mar 7, 2022): Where do you see the real home? In the file open dialog? Does element use portals?

gitea-mirror commented 2026-05-05 09:31:04 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Mar 7, 2022):

Yes, with bash its for testing to see what is allowed. It normally starts Element. Using Bash and even more strange, also when saving files from Element everything is fine and I see the private home and only this one is accessible.

The real home is visible and accessible if I want to upload a file from local disk to Element.

I am sorry that I am no dev, so unsure how Element handles this, but it is an Electron Software as far as I know.

<!-- gh-comment-id:1060937611 --> @vsatmydynipnet commented on GitHub (Mar 7, 2022): Yes, with bash its for testing to see what is allowed. It normally starts Element. Using Bash and even more strange, also when saving files from Element everything is fine and I see the private home and only this one is accessible. The real home is visible and accessible if I want to upload a file from local disk to Element. I am sorry that I am no dev, so unsure how Element handles this, but it is an Electron Software as far as I know.

gitea-mirror commented 2026-05-05 09:31:05 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Mar 9, 2022):

@vsatmydynipnet commented on Mar 7:

if I want to save a file I only see the private home dir, but on upload I see
the real home dir not

private /opt/Firejail/element

So it looks like Element breaks out on Upload from Firejail. Firefox and
Thunderbird don't do that. These ones work.

The most obvious way that I know of to bypass the sandbox is through dbus.

Does it still happen if you add these to ~/.config/firejail/element.local?

dbus-user none
dbus-system none

<!-- gh-comment-id:1062480631 --> @kmk3 commented on GitHub (Mar 9, 2022): @vsatmydynipnet commented [on Mar 7](https://github.com/netblue30/firejail/issues/5023#issue-1161358769): > if I want to save a file I only see the private home dir, but on upload I see > the real home dir not > > private /opt/Firejail/element > > So it looks like Element breaks out on Upload from Firejail. Firefox and > Thunderbird don't do that. These ones work. The most obvious way that I know of to bypass the sandbox is through dbus. Does it still happen if you add these to ~/.config/firejail/element.local? ```firejail dbus-user none dbus-system none ```

gitea-mirror commented 2026-05-05 09:31:06 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Mar 9, 2022):

@kmk3 @vsatmydynipnet

Our current element-desktop.profile only allows user D-Bus to talk to org.freedesktop.secrets. It's worthwhile to check if the issue still shows with dbus-user none, but IMO we need eyes on /home/user/.config/firejail/element.profile too so we can try to reproduce. There's only element-desktop.profile (including riot-{desktop,web}.profile) and that is confusing this discussion. @vsatmydynipnet Can you post that file please?

<!-- gh-comment-id:1062498142 --> @ghost commented on GitHub (Mar 9, 2022): @kmk3 @vsatmydynipnet Our current element-desktop.profile only allows user D-Bus to talk to [org.freedesktop.secrets](https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/element-desktop.profile#L20-L21). It's worthwhile to check if the issue still shows with `dbus-user none`, but IMO we need eyes on `/home/user/.config/firejail/element.profile` too so we can try to reproduce. There's only element-desktop.profile (including riot-{desktop,web}.profile) and that is confusing this discussion. @vsatmydynipnet Can you post that file please?

gitea-mirror commented 2026-05-05 09:31:07 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Mar 9, 2022):

I tried

dbus-user none
dbus-system none

which does not help. I have put together all infos in the attachements. If you need more info, let me know.

Thank you for investigating the problem.

File Upload is a problem here:
Something went really wrong, and we can’t process that file.
I try with another comment.

<!-- gh-comment-id:1062735950 --> @vsatmydynipnet commented on GitHub (Mar 9, 2022): I tried dbus-user none dbus-system none which does not help. I have put together all infos in the attachements. If you need more info, let me know. Thank you for investigating the problem. File Upload is a problem here: Something went really wrong, and we can’t process that file. I try with another comment.

gitea-mirror commented 2026-05-05 09:31:08 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Mar 9, 2022):

OK, Upload does not work. I copy the text info here, png upload does not work.....

## Element Profile
## 20200719
## Version 1.00

## you are able to test with:
## /usr/bin/firejail --profile=/home/kmj/.config/firejail/element.profile  /bin/bash
## or start with
## /usr/bin/firejail --profile=/home/kmj/.config/firejail/element.profile  /opt/Element/element-desktop --profile=Profilename

###################################################################
## NOTES:
## Element ist installed in /opt/Element
## home is /opt/Firejail/element
###################################################################

private /opt/Firejail/element
private-cache 

noblacklist ${HOME}/.cache
noblacklist ${HOME}/.cache/chromium
noblacklist ${HOME}/.config/Element
noblacklist ${HOME}/.config
noblacklist ${HOME}/.local
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.config/chromium
noblacklist ${HOME}/.pki

noblacklist /opt/Firejail/element
blacklist /opt/Firejail

## Disable access 
include /etc/firejail/disable-common.inc 
include /etc/firejail/disable-programs.inc 
include /etc/firejail/disable-passwdmgr.inc 
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-exec.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-programs.inc

# from: https://github.com/netblue30/firejail/issues/5023#issuecomment-1062480631
# does not help
#dbus-user none
#dbus-system none

## Filesystem
disable-mnt

SYSTEM INFO

Debian SID

Linux wsvi01.sbg.kmjeuro.com 5.16.0-3-amd64 #1 SMP PREEMPT Debian 5.16.11-1 (2022-02-25) x86_64 GNU/Linux

ii  firejail                                                    0.9.68-3                           amd64        sandbox to restrict the application environment
ii  firejail-profiles                                           0.9.68-3                           all          profiles for the firejail application sandbox
ii  element-desktop                                             1.10.6                             amd64        

<!-- gh-comment-id:1062741486 --> @vsatmydynipnet commented on GitHub (Mar 9, 2022): OK, Upload does not work. I copy the text info here, png upload does not work..... ``` ## Element Profile ## 20200719 ## Version 1.00 ## you are able to test with: ## /usr/bin/firejail --profile=/home/kmj/.config/firejail/element.profile /bin/bash ## or start with ## /usr/bin/firejail --profile=/home/kmj/.config/firejail/element.profile /opt/Element/element-desktop --profile=Profilename ################################################################### ## NOTES: ## Element ist installed in /opt/Element ## home is /opt/Firejail/element ################################################################### private /opt/Firejail/element private-cache noblacklist ${HOME}/.cache noblacklist ${HOME}/.cache/chromium noblacklist ${HOME}/.config/Element noblacklist ${HOME}/.config noblacklist ${HOME}/.local noblacklist ${HOME}/.mozilla noblacklist ${HOME}/.config/chromium noblacklist ${HOME}/.pki noblacklist /opt/Firejail/element blacklist /opt/Firejail ## Disable access include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-exec.inc include /etc/firejail/disable-interpreters.inc include /etc/firejail/disable-programs.inc # from: https://github.com/netblue30/firejail/issues/5023#issuecomment-1062480631 # does not help #dbus-user none #dbus-system none ## Filesystem disable-mnt ``` SYSTEM INFO ``` Debian SID Linux wsvi01.sbg.kmjeuro.com 5.16.0-3-amd64 #1 SMP PREEMPT Debian 5.16.11-1 (2022-02-25) x86_64 GNU/Linux ii firejail 0.9.68-3 amd64 sandbox to restrict the application environment ii firejail-profiles 0.9.68-3 all profiles for the firejail application sandbox ii element-desktop 1.10.6 amd64

gitea-mirror commented 2026-05-05 09:31:08 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Mar 9, 2022):

Okay, I've installed element-desktop on my machine for debugging this. I use Arch Linux, and that OS packages this app differently, not using /opt. So to replicate your setup as close as possible I downloaded this from the matrix repo, extracted and manually copied files into /opt/Element. I also created /opt/Firejail/element and dropped a few files in there. Did the same in /opt/Firejail/zzz just to be able to check if the private /opt/Firejail/element works as it should or not. I'll come back to this in a moment. Using only our element-desktop.profile the app starts fine here. After going through the account creation procedure I can login normally AFAICT (this is my first use of this app, so there's that to consider).

TL;DR
With a proper element-desktop.local, I could upload and download to/from the matrix test-room. Even when adding a private foo line. I couldn't break out of the sandbox to select files via the apps file explorer.

Let me comment on parts of your element.profile. There are several lines that make no sense IMO, and they can be dropped without affecting any functionality or security aspect of the sandbox.

Firstly, paths that are never blacklisted anywhere don't need noblacklist'ing.

noblacklist ${HOME}/.cache
noblacklist ${HOME}/.config
noblacklist ${HOME}/.local

Secondly, I noticed is that you seem to be trying to allow opening links via chromium and firefox. At least that's what these lines suggest to me:

noblacklist ${HOME}/.cache/chromium
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.config/chromium
noblacklist ${HOME}/.pki

I can understand the why, but IMO it's not how to go about this.

Taking out these lines, I proceeded to test the private foo part of this issue report.

$ firejail --profile=~/.config/firejail/element.profile /opt/Element/element-desktop
Error: private directory is not owned by the current user

$ sudo chown -R foo:foo /opt/Firejail

$ firejail --profile=~/.config/firejail/element.profile /opt/Element/element-desktop
Error fcopy: invalid ownership for file /opt/Firejail/element

The output is pretty straightforward and I wonder how your /opt/Firejail{,/element} do in this regard. Owned by your user, something else? We don't know.

At this moment I gave up on element.profile and created a element-desktop.local to check if I could break out of the sandbox, with and without including a private foo option.

$ cat /etc/firejail/element-desktop.local
# Firejail profile for element-desktop
# Persistent local customizations

# extra hardening
include chromium-common-hardened.inc.profile
# private foo in user home
whitelist ${HOME}/Firejail/element
private ${HOME}/Firejail/element
# additional D-Bus filtering
dbus-user.talk ca.desrt.dconf
dbus-user.talk org.freedesktop.Notifications
?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher

With the above setup element-desktop seemed to be working nicely, including downloading/uploading etcetera. Settings persisted. Notifications worked. No trace of any sandbox escape by using the file explorer. I also tried your original private /opt/Firejail after ensuring correct ownerships on those dirs. That didn't work.

I hope this can clarify some things for you. Feel free to ask, I'll keep the app installed for a while.

<!-- gh-comment-id:1063371916 --> @ghost commented on GitHub (Mar 9, 2022): Okay, I've installed element-desktop on my machine for debugging this. I use Arch Linux, and that OS packages this app differently, not using /opt. So to replicate your setup as close as possible I downloaded [this](https://packages.riot.im/debian/pool/main/e/element-desktop/element-desktop_1.10.6_amd64.deb) from the matrix repo, extracted and manually copied files into /opt/Element. I also created /opt/Firejail/element and dropped a few files in there. Did the same in /opt/Firejail/zzz just to be able to check if the `private /opt/Firejail/element` works as it should or not. I'll come back to this in a moment. Using only our `element-desktop.profile` the app starts fine here. After going through the account creation procedure I can login normally AFAICT (this is my first use of this app, so there's that to consider). TL;DR With a proper element-desktop.local, I could upload and download to/from the matrix test-room. Even when adding a `private foo` line. I couldn't break out of the sandbox to select files via the apps file explorer. Let me comment on parts of your element.profile. There are several lines that make no sense IMO, and they can be dropped without affecting any functionality or security aspect of the sandbox. Firstly, **paths that are never blacklisted anywhere don't need noblacklist'ing**. ``` noblacklist ${HOME}/.cache noblacklist ${HOME}/.config noblacklist ${HOME}/.local ``` Secondly, I noticed is that you seem to be trying to allow opening links via chromium and firefox. At least that's what these lines suggest to me: ``` noblacklist ${HOME}/.cache/chromium noblacklist ${HOME}/.mozilla noblacklist ${HOME}/.config/chromium noblacklist ${HOME}/.pki ``` I can understand the why, but IMO it's not how to go about this. Taking out these lines, I proceeded to test the `private foo` part of this issue report. ```console $ firejail --profile=~/.config/firejail/element.profile /opt/Element/element-desktop Error: private directory is not owned by the current user ``` $ sudo chown -R foo:foo /opt/Firejail ```console $ firejail --profile=~/.config/firejail/element.profile /opt/Element/element-desktop Error fcopy: invalid ownership for file /opt/Firejail/element ``` The output is pretty straightforward and I wonder how your /opt/Firejail{,/element} do in this regard. Owned by your user, something else? We don't know. At this moment I gave up on element.profile and created a element-desktop.local to check if I could break out of the sandbox, with and without including a `private foo` option. ```console $ cat /etc/firejail/element-desktop.local # Firejail profile for element-desktop # Persistent local customizations # extra hardening include chromium-common-hardened.inc.profile # private foo in user home whitelist ${HOME}/Firejail/element private ${HOME}/Firejail/element # additional D-Bus filtering dbus-user.talk ca.desrt.dconf dbus-user.talk org.freedesktop.Notifications ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher ``` With the above setup element-desktop seemed to be working nicely, including downloading/uploading etcetera. Settings persisted. Notifications worked. No trace of any sandbox escape by using the file explorer. I also tried your original `private /opt/Firejail` after ensuring correct ownerships on those dirs. That didn't work. I hope this can clarify some things for you. Feel free to ask, I'll keep the app installed for a while.

gitea-mirror commented 2026-05-05 09:31:09 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Mar 10, 2022):

Thank you for your work. I tried with your settings and when starting from cli I get this when trying to upload now:

[115:0310/101047.542845:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.
Changing application language to de
Fetching translation json for locale: de
Resetting the UI components after locale change
[7:0310/101058.996248:ERROR:select_file_dialog_impl_portal.cc(698)] Portal returned error: org.freedesktop.DBus.Error.AccessDenied: Portal operation not allowed: Unable to open /proc/6289/root

Download would work as expected

<!-- gh-comment-id:1063831479 --> @vsatmydynipnet commented on GitHub (Mar 10, 2022): Thank you for your work. I tried with your settings and when starting from cli I get this when trying to upload now: ``` [115:0310/101047.542845:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process. Changing application language to de Fetching translation json for locale: de Resetting the UI components after locale change [7:0310/101058.996248:ERROR:select_file_dialog_impl_portal.cc(698)] Portal returned error: org.freedesktop.DBus.Error.AccessDenied: Portal operation not allowed: Unable to open /proc/6289/root ``` Download would work as expected

gitea-mirror commented 2026-05-05 09:31:10 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Mar 10, 2022):

Based on your hints I found a solution:

Found this:
https://github.com/electron/electron/issues/31491
The Upstream issue:
https://bugs.chromium.org/p/chromium/issues/detail?id=1112159

and based on the Info that it worked I moved back Release by Release in
https://packages.riot.im/debian/pool/main/e/element-desktop/

Ended up with 1.10.3 and now all works again, with both of our profiles, but I definitely like yours more then mine.

Thank you so much for investigating here.

<!-- gh-comment-id:1063974963 --> @vsatmydynipnet commented on GitHub (Mar 10, 2022): Based on your hints I found a solution: Found this: https://github.com/electron/electron/issues/31491 The Upstream issue: https://bugs.chromium.org/p/chromium/issues/detail?id=1112159 and based on the Info that it worked I moved back Release by Release in https://packages.riot.im/debian/pool/main/e/element-desktop/ Ended up with 1.10.3 and now all works again, with both of our profiles, but I definitely like yours more then mine. Thank you so much for investigating here.

gitea-mirror commented 2026-05-05 09:31:11 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Mar 10, 2022):

Can we close here?

<!-- gh-comment-id:1064356637 --> @rusty-snake commented on GitHub (Mar 10, 2022): Can we close here?

gitea-mirror commented 2026-05-05 09:31:11 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Mar 10, 2022):

Forgot :-)

<!-- gh-comment-id:1064358203 --> @vsatmydynipnet commented on GitHub (Mar 10, 2022): Forgot :-)

gitea-mirror commented 2026-05-05 09:31:12 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Apr 22, 2022):

Need to come back to this one here. After searching deeper, i found using

element-desktop --disable-gpu-sandbox removes the

[115:0310/101047.542845:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.

error. But every version above 1.10.3

https://packages.riot.im/debian/pool/main/e/element-desktop/

shows the full home in the filesystem, where 1.10.3 only shows the private home. I have to add, that uploading of even allowed files fails with versions above 1.10.3. So in short 1.10.3 works fine, all above versions not.

I do not know the difference between 1.10.3 and higher versions.

Any hint would be greatly appreciated. I will post a link to this issue in element-desktop room on matrix too.

<!-- gh-comment-id:1106300635 --> @vsatmydynipnet commented on GitHub (Apr 22, 2022): Need to come back to this one here. After searching deeper, i found using element-desktop --disable-gpu-sandbox removes the [115:0310/101047.542845:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process. error. But every version above 1.10.3 https://packages.riot.im/debian/pool/main/e/element-desktop/ shows the full home in the filesystem, where 1.10.3 only shows the private home. I have to add, that uploading of even allowed files fails with versions above 1.10.3. So in short 1.10.3 works fine, all above versions not. I do not know the difference between 1.10.3 and higher versions. Any hint would be greatly appreciated. I will post a link to this issue in element-desktop room on matrix too.

gitea-mirror commented 2026-05-05 09:31:13 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Jun 24, 2022):

Coming back to this problem I have the same problem using chromium under Debian Sid.

If i start the chromium profile using sh to check access:

/usr/bin/firejail --profile=/home/myuser/.config/firejail/chromium-KMJ.profile /bin/sh

i do see the private home as shown in the screenshot from mc. i do have no access to list the original folders of my home dir which also has mounted shares from truenas. At least i found no way to list any other homedirs except private home.

If i use chromium,

/usr/bin/firejail --profile=/home/myuser/.config/firejail/chromium-KMJ.profile /usr/bin/chromium --proxy-server=192.168.2.1:3128 %U

the same thing as with Element happens. Chromium is able to list all directories and files of the original homedir.

So chromium has a way to break out of firejail, accessing the original homedir except the private home set in the config.

I can not upload images here, so cant add the screenshots.

Edit:

NVIDIA Card installed

<!-- gh-comment-id:1165361872 --> @vsatmydynipnet commented on GitHub (Jun 24, 2022): Coming back to this problem I have the same problem using chromium under Debian Sid. If i start the chromium profile using sh to check access: /usr/bin/firejail --profile=/home/myuser/.config/firejail/chromium-KMJ.profile /bin/sh i do see the private home as shown in the screenshot from mc. i do have no access to list the original folders of my home dir which also has mounted shares from truenas. At least i found no way to list any other homedirs except private home. If i use chromium, /usr/bin/firejail --profile=/home/myuser/.config/firejail/chromium-KMJ.profile /usr/bin/chromium --proxy-server=192.168.2.1:3128 %U the same thing as with Element happens. Chromium is able to list all directories and files of the original homedir. So chromium has a way to break out of firejail, accessing the original homedir except the private home set in the config. I can not upload images here, so cant add the screenshots. Edit: NVIDIA Card installed

gitea-mirror commented 2026-05-05 09:31:14 -06:00

Author

Owner

Copy link

@vsatmydynipnet commented on GitHub (Jun 24, 2022):

edited above

<!-- gh-comment-id:1165371206 --> @vsatmydynipnet commented on GitHub (Jun 24, 2022): edited above

gitea-mirror commented 2026-05-05 09:31:14 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 24, 2022):

I can not upload images here, so cant add the screenshots.

OT: If you use uB in medium/hard mode or similar add-ons you need to allow amazonaws.com.

<!-- gh-comment-id:1165680054 --> @rusty-snake commented on GitHub (Jun 24, 2022): > I can not upload images here, so cant add the screenshots. OT: If you use uB in medium/hard mode or similar add-ons you need to allow `amazonaws.com`.

gitea-mirror referenced this issue 2026-05-05 09:34:38 -06:00

[GH-ISSUE #5196] Remove shell command (Weechat and Irssi cannot work with firejail if you use fish shell) #2913

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2857

No description provided.