github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #5171] signal: cannot reconnect if started without internet connection (resolv.conf) #2903

New issue

Open

opened 2026-05-05 09:34:01 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:34:01 -06:00

Owner

Originally created by @rieje on GitHub (May 31, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5171

Description

Signal desktop client is unable to reconnect if it was started without internet connection. Without firejail, it will normally reconnect even if started without internet connection.

Steps to Reproduce

sudo systemctl stop NetworkManager
firejail signal-desktop
sudo systemctl start NetworkManager

You will see:

Disconnected. Check your network connection. Click to reconnect.

Even if you click to reconnect, it refuses to connect despite internet connection established. Without firejail, it will auto-reconnect without the user having to click reconnect (although that works too).

If Signal is started with connection, then restarting NetworkManager (i.e. terminating internet connection and establishing it again) will work as expected, i.e. it will be possible to re-connect. So the issue is only if Signal is started without internet connection where it will be impossible to reconnect unless you kill the Signal instance and restart.

Environment

Arch Linux v.69
Firejail version 0.9.68

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Disabled internet connection, start capturing the log, then start internet connection. Click "reconnect", Signal fails to reconnect. Terminate Signal and uploaded logs below:

Output of LC_ALL=C firejail /usr/bin/signal-desktop.
Output of LC_ALL=C firejail --debug /usr/bin/signal-desktop.

Originally created by @rieje on GitHub (May 31, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5171 ### Description Signal desktop client is unable to reconnect if it was started without internet connection. Without firejail, it will normally reconnect even if started without internet connection. ### Steps to Reproduce sudo systemctl stop NetworkManager firejail signal-desktop sudo systemctl start NetworkManager You will see: > Disconnected. Check your network connection. Click to reconnect. Even if you click to reconnect, it refuses to connect despite internet connection established. Without firejail, it will auto-reconnect without the user having to click reconnect (although that works too). If Signal is started *with connection*, then restarting NetworkManager (i.e. terminating internet connection and establishing it again) will work as expected, i.e. it will be possible to re-connect. So the issue is only if Signal is started without internet connection where it will be impossible to reconnect unless you kill the Signal instance and restart. ### Environment - Arch Linux v.69 - Firejail version 0.9.68 ### Checklist - [X] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [X] I can reproduce the issue without custom modifications (e.g. globals.local). - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [X] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log Disabled internet connection, start capturing the log, then start internet connection. Click "reconnect", Signal fails to reconnect. Terminate Signal and uploaded logs below: [Output](https://0x0.st/oBtk.txt) of `LC_ALL=C firejail /usr/bin/signal-desktop`. [Output](https://0x0.st/oBtn.txt) of `LC_ALL=C firejail --debug /usr/bin/signal-desktop`.

gitea-mirror added the

networking

label 2026-05-05 09:34:01 -06:00

gitea-mirror commented

2026-05-05 09:34:03 -06:00

Author

Owner

@rusty-snake commented on GitHub (May 31, 2022):

Reading profile /home/rieje/.config/firejail/signal-desktop.local

What's in it?

@rusty-snake commented on GitHub (May 31, 2022): > Reading profile /home/rieje/.config/firejail/signal-desktop.local What's in it?

gitea-mirror commented

2026-05-05 09:34:04 -06:00

Author

Owner

@rusty-snake commented on GitHub (May 31, 2022):

How is /etc/resolv.conf handled?

Is is a symlink? If yes, where does it point to?
Which program changes it? NetworkManager? systemd-networkd?

@rusty-snake commented on GitHub (May 31, 2022): How is `/etc/resolv.conf` handled? Is is a symlink? If yes, where does it point to? Which program changes it? NetworkManager? systemd-networkd?

gitea-mirror commented

2026-05-05 09:34:05 -06:00

Author

Owner

@rieje commented on GitHub (May 31, 2022):

~/.config/firejails/signal-desktop.local:

ignore private-tmp
ignore dbus-user none
dbus-user filter
dbus-user.talk org.kde.StatusNotifierWatcher

/etc/resolv.conf is not a symlink and handled by NetworkManager.

@rieje commented on GitHub (May 31, 2022): ~/.config/firejails/signal-desktop.local: ignore private-tmp ignore dbus-user none dbus-user filter dbus-user.talk org.kde.StatusNotifierWatcher `/etc/resolv.conf` is not a symlink and handled by NetworkManager.

gitea-mirror commented

2026-05-05 09:34:06 -06:00

Author

Owner

@rusty-snake commented on GitHub (May 31, 2022):

/etc/resolv.conf is not a symlink and handled by NetworkManager.

That's likely explains it because signal-desktop.profile uses private-etc.

If /etc/resolv.conf is a file, NetworkManager will write to resolv.conf with creat+write+rename logic. If there is no nameserver set in resolv.conf when the sandbox is started, it will end up without one.

For now you can change /etc/resolv.conf or use dns 1.2.3.4 (in signal-desktop.local).

@rusty-snake commented on GitHub (May 31, 2022): > /etc/resolv.conf is not a symlink and handled by NetworkManager. That's likely explains it because signal-desktop.profile uses `private-etc`. If `/etc/resolv.conf` is a file, NetworkManager will write to resolv.conf with `creat+write+rename` logic. If there is no nameserver set in resolv.conf when the sandbox is started, it will end up without one. For now you can change `/etc/resolv.conf` or use `dns 1.2.3.4` (in signal-desktop.local).

gitea-mirror referenced this issue

2026-05-05 10:22:40 -06:00

[PR #2903] [MERGED] Add unzstd profile #4576

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2903

No description provided.

Rows
Columns