github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #5462] Regression: custom apparmor profile support resulted in broken Firefox #3004

New issue
Open
opened 2026-05-05 09:39:35 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 09:39:35 -06:00
Owner
Copy link

Originally created by @KOLANICH on GitHub (Nov 9, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5462

Description

7f3b6c19a0 (#5274) has resulted in firefox being broken on Kubuntu 21.10 (impish).

apparmor-profiles and apparmor-profiles-extra are installed.

git revert 7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6

and resolution of the conflict mitigate the issue.

Steps to Reproduce

Steps to reproduce the behavior

  1. build firejail from the latest git with apparmor support, install it
  2. run firefox and see it crashed
  3. revert the commit, build, install
  4. enjoy working Firefox

Expected behavior

  • firefox working
  • no regressions, Firefox as an essential software should be tested before merging PRs that have a chance to break it.

Actual behavior

  • the commit breaking Firefox has landed into master

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a terminal?

--- nopr.log	2022-11-09 00:00:00.000000000 +0300
+++ crash.log	2022-11-09 00:00:00.000000000 +0300
@@ -1,4 +1,8 @@
+Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
 Parent pid AAAAA, child pid BBBBB
+Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
+Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
+Warning: cleaning all supplementary groups
 Child process initialized in nn.mm ms
 ATTENTION: default value of option mesa_glthread overridden by environment.
 libEGL warning: MESA-LOADER: failed to retrieve device information
@@ -8,9 +12,14 @@
 libGL error: MESA-LOADER: failed to open amdgpu: /usr/lib/dri/amdgpu_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri)
 libGL error: failed to load driver: amdgpu
 ATTENTION: default value of option mesa_glthread overridden by environment.
+[Socket 82, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7ff11c694ef0 message-type:9109529 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477
 libEGL warning: MESA-LOADER: failed to retrieve device information
 
 ATTENTION: default value of option mesa_glthread overridden by environment.
-libEGL warning: MESA-LOADER: failed to retrieve device information
+[Child 124, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7f30c0393570 message-type:3866642 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477
+Exiting due to channel error.
+ExceptionHandler::GenerateDump cloned child 131
+ExceptionHandler::SendContinueSignalToChild sent continue signal to child
+ExceptionHandler::WaitForContinueSignal waiting for continue signal...
 
-ATTENTION: default value of option mesa_glthread overridden by environment.
+Parent is shutting down, bye...

--- ok.log	2022-11-09 00:00:00.000000000 +0300
+++ crash.log	2022-11-09 00:00:00.000000000 +0300
@@ -5,11 +5,21 @@
 Warning: cleaning all supplementary groups
 Child process initialized in nn.mm ms
 ATTENTION: default value of option mesa_glthread overridden by environment.
+libEGL warning: MESA-LOADER: failed to retrieve device information
+
 ATTENTION: default value of option mesa_glthread overridden by environment.
+libGL error: MESA-LOADER: failed to retrieve device information
+libGL error: MESA-LOADER: failed to open amdgpu: /usr/lib/dri/amdgpu_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri)
+libGL error: failed to load driver: amdgpu
 ATTENTION: default value of option mesa_glthread overridden by environment.
+[Socket 82, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7ff11c694ef0 message-type:9109529 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477
+libEGL warning: MESA-LOADER: failed to retrieve device information
+
 ATTENTION: default value of option mesa_glthread overridden by environment.
-Missing chrome or resource URL: resource://gre/modules/UpdateListener.jsm
-Missing chrome or resource URL: resource://gre/modules/UpdateListener.sys.mjs
-ATTENTION: default value of option mesa_glthread overridden by environment.
-ATTENTION: default value of option mesa_glthread overridden by environment.
+[Child 124, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7f30c0393570 message-type:3866642 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477
+Exiting due to channel error.
+ExceptionHandler::GenerateDump cloned child 131
+ExceptionHandler::SendContinueSignalToChild sent continue signal to child
+ExceptionHandler::WaitForContinueSignal waiting for continue signal...
 
+Parent is shutting down, bye...

--- ok.log	2022-11-09 00:00:00.000000000 +0300
+++ nopr.log	2022-11-09 00:00:00.000000000 +0300
@@ -1,15 +1,16 @@
-Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
 Parent pid AAAAA, child pid BBBBB
-Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
-Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
-Warning: cleaning all supplementary groups
 Child process initialized in nn.mm ms
 ATTENTION: default value of option mesa_glthread overridden by environment.
+libEGL warning: MESA-LOADER: failed to retrieve device information
+
 ATTENTION: default value of option mesa_glthread overridden by environment.
+libGL error: MESA-LOADER: failed to retrieve device information
+libGL error: MESA-LOADER: failed to open amdgpu: /usr/lib/dri/amdgpu_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri)
+libGL error: failed to load driver: amdgpu
 ATTENTION: default value of option mesa_glthread overridden by environment.
+libEGL warning: MESA-LOADER: failed to retrieve device information
+
 ATTENTION: default value of option mesa_glthread overridden by environment.
-Missing chrome or resource URL: resource://gre/modules/UpdateListener.jsm
-Missing chrome or resource URL: resource://gre/modules/UpdateListener.sys.mjs
-ATTENTION: default value of option mesa_glthread overridden by environment.
-ATTENTION: default value of option mesa_glthread overridden by environment.
+libEGL warning: MESA-LOADER: failed to retrieve device information
 
+ATTENTION: default value of option mesa_glthread overridden by environment.

Environment

  • Ubuntu impish
firejail version 0.9.71

Compile time support:
	- always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file transfer support is enabled
	- firetunnel support is disabled
	- IDS support is disabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages) - not applicable
Originally created by @KOLANICH on GitHub (Nov 9, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5462 ### Description 7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6 (#5274) has resulted in firefox being broken on Kubuntu 21.10 (impish). `apparmor-profiles` and `apparmor-profiles-extra` are installed. ```bash git revert 7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6 ``` and resolution of the conflict mitigate the issue. ### Steps to Reproduce _Steps to reproduce the behavior_ 1. build `firejail` from the latest git with apparmor support, install it 2. run `firefox` and see it crashed 3. revert the commit, build, install 4. enjoy working Firefox ### Expected behavior * firefox working * no regressions, Firefox as an essential software should be tested before merging PRs that have a chance to break it. ### Actual behavior * the commit breaking Firefox has landed into `master` ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ ```diff --- nopr.log 2022-11-09 00:00:00.000000000 +0300 +++ crash.log 2022-11-09 00:00:00.000000000 +0300 @@ -1,4 +1,8 @@ +Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid AAAAA, child pid BBBBB +Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. +Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, +Warning: cleaning all supplementary groups Child process initialized in nn.mm ms ATTENTION: default value of option mesa_glthread overridden by environment. libEGL warning: MESA-LOADER: failed to retrieve device information @@ -8,9 +12,14 @@ libGL error: MESA-LOADER: failed to open amdgpu: /usr/lib/dri/amdgpu_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri) libGL error: failed to load driver: amdgpu ATTENTION: default value of option mesa_glthread overridden by environment. +[Socket 82, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7ff11c694ef0 message-type:9109529 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477 libEGL warning: MESA-LOADER: failed to retrieve device information ATTENTION: default value of option mesa_glthread overridden by environment. -libEGL warning: MESA-LOADER: failed to retrieve device information +[Child 124, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7f30c0393570 message-type:3866642 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477 +Exiting due to channel error. +ExceptionHandler::GenerateDump cloned child 131 +ExceptionHandler::SendContinueSignalToChild sent continue signal to child +ExceptionHandler::WaitForContinueSignal waiting for continue signal... -ATTENTION: default value of option mesa_glthread overridden by environment. +Parent is shutting down, bye... --- ok.log 2022-11-09 00:00:00.000000000 +0300 +++ crash.log 2022-11-09 00:00:00.000000000 +0300 @@ -5,11 +5,21 @@ Warning: cleaning all supplementary groups Child process initialized in nn.mm ms ATTENTION: default value of option mesa_glthread overridden by environment. +libEGL warning: MESA-LOADER: failed to retrieve device information + ATTENTION: default value of option mesa_glthread overridden by environment. +libGL error: MESA-LOADER: failed to retrieve device information +libGL error: MESA-LOADER: failed to open amdgpu: /usr/lib/dri/amdgpu_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri) +libGL error: failed to load driver: amdgpu ATTENTION: default value of option mesa_glthread overridden by environment. +[Socket 82, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7ff11c694ef0 message-type:9109529 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477 +libEGL warning: MESA-LOADER: failed to retrieve device information + ATTENTION: default value of option mesa_glthread overridden by environment. -Missing chrome or resource URL: resource://gre/modules/UpdateListener.jsm -Missing chrome or resource URL: resource://gre/modules/UpdateListener.sys.mjs -ATTENTION: default value of option mesa_glthread overridden by environment. -ATTENTION: default value of option mesa_glthread overridden by environment. +[Child 124, IPC I/O Child] WARNING: Message needs unreceived descriptors channel:7f30c0393570 message-type:3866642 header()->num_handles:1 num_fds:0 fds_i:0: file /build/firefox-DSRShT/firefox-102.0+build2/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:477 +Exiting due to channel error. +ExceptionHandler::GenerateDump cloned child 131 +ExceptionHandler::SendContinueSignalToChild sent continue signal to child +ExceptionHandler::WaitForContinueSignal waiting for continue signal... +Parent is shutting down, bye... --- ok.log 2022-11-09 00:00:00.000000000 +0300 +++ nopr.log 2022-11-09 00:00:00.000000000 +0300 @@ -1,15 +1,16 @@ -Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid AAAAA, child pid BBBBB -Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. -Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, -Warning: cleaning all supplementary groups Child process initialized in nn.mm ms ATTENTION: default value of option mesa_glthread overridden by environment. +libEGL warning: MESA-LOADER: failed to retrieve device information + ATTENTION: default value of option mesa_glthread overridden by environment. +libGL error: MESA-LOADER: failed to retrieve device information +libGL error: MESA-LOADER: failed to open amdgpu: /usr/lib/dri/amdgpu_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri, suffix _dri) +libGL error: failed to load driver: amdgpu ATTENTION: default value of option mesa_glthread overridden by environment. +libEGL warning: MESA-LOADER: failed to retrieve device information + ATTENTION: default value of option mesa_glthread overridden by environment. -Missing chrome or resource URL: resource://gre/modules/UpdateListener.jsm -Missing chrome or resource URL: resource://gre/modules/UpdateListener.sys.mjs -ATTENTION: default value of option mesa_glthread overridden by environment. -ATTENTION: default value of option mesa_glthread overridden by environment. +libEGL warning: MESA-LOADER: failed to retrieve device information +ATTENTION: default value of option mesa_glthread overridden by environment. ``` ### Environment - Ubuntu impish ``` firejail version 0.9.71 Compile time support: - always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - firetunnel support is disabled - IDS support is disabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` - bd119c5ecd5962ce5f546b9496b305754bb79b1d ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) - not applicable
gitea-mirror commented 2026-05-05 09:39:37 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 9, 2022):

Might be intentionally and not a regression.

Also, in this pull request, aa_change_onexec is replaced by aa_stack_onexec that prevents transition from more-restricted domain to less-restricted domain, and also allows transition with "No New Privileges" restriction enabled.

<!-- gh-comment-id:1309192623 --> @rusty-snake commented on GitHub (Nov 9, 2022): Might be intentionally and not a regression. > Also, in this pull request, aa_change_onexec is replaced by aa_stack_onexec that prevents transition from more-restricted domain to less-restricted domain, and also allows transition with "No New Privileges" restriction enabled.
gitea-mirror commented 2026-05-05 09:39:38 -06:00
Author
Owner
Copy link

@ChrysoliteAzalea commented on GitHub (Nov 12, 2022):

I'd like to ask, is the issue related to the custom AppArmor support, or with specific AppArmor profile? Can Firefox be run with firejail-default or unconfined profile? If it's running under custom AppArmor profile, are there related AppArmor denial messages in the audit journal?

<!-- gh-comment-id:1312376800 --> @ChrysoliteAzalea commented on GitHub (Nov 12, 2022): I'd like to ask, is the issue related to the custom AppArmor support, or with specific AppArmor profile? Can Firefox be run with **firejail-default** or **unconfined** profile? If it's running under custom AppArmor profile, are there related AppArmor denial messages in the audit journal?
gitea-mirror commented 2026-05-05 09:39:38 -06:00
Author
Owner
Copy link

@ChrysoliteAzalea commented on GitHub (Nov 12, 2022):

I've built Firejail from source today, and now I'm running Firefox under Firejail just fine. However, I use a custom AppArmor profile I've written myself (in my case, Firefox runs under firefox//&firejail-default AppArmor domain), and the AppArmor policy may differ between systems. Therefore, it may be an issue with AppArmor denying something important for a browser. For example, it may deny ptrace and signals due to security context mismatch, as well as some D-Bus access (if it's also mediated by AppArmor).

<!-- gh-comment-id:1312380710 --> @ChrysoliteAzalea commented on GitHub (Nov 12, 2022): I've built Firejail from source today, and now I'm running Firefox under Firejail just fine. However, I use a custom AppArmor profile I've written myself (in my case, Firefox runs under **firefox//&firejail-default** AppArmor domain), and the AppArmor policy may differ between systems. Therefore, it may be an issue with AppArmor denying something important for a browser. For example, it may deny ptrace and signals due to security context mismatch, as well as some D-Bus access (if it's also mediated by AppArmor).
gitea-mirror commented 2026-05-05 09:39:39 -06:00
Author
Owner
Copy link

@KOLANICH commented on GitHub (Nov 15, 2022):

  1. Providing profiles via --apparmor (including usr.bin.firefox used in Ubuntu) doesn't result in any positive changes
  2. There is the following line in the dmesg

```apparmor="DENIED" operation="file_lock" profile="firefox" name="~/.cache/mesa_shader_cache/0f/hash.tmp" pid=1047295 comm="firefox:disk$0" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000``

Allowing this dir in firefox aa profile doesn't help.

<!-- gh-comment-id:1315729029 --> @KOLANICH commented on GitHub (Nov 15, 2022): 1. Providing profiles via `--apparmor` (including `usr.bin.firefox` used in Ubuntu) doesn't result in any positive changes 2. There is the following line in the dmesg ```apparmor="DENIED" operation="file_lock" profile="firefox" name="~/.cache/mesa_shader_cache/0f/hash.tmp" pid=1047295 comm="firefox:disk$0" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000`` Allowing this dir in firefox aa profile doesn't help.
gitea-mirror commented 2026-05-05 09:39:40 -06:00
Author
Owner
Copy link

@curiosityseeker commented on GitHub (Nov 16, 2022):

However, I use a custom AppArmor profile I've written myself (in my case, Firefox runs under firefox//&firejail-default

Same here if I use

apparmor firefox

or, alternatively,

apparmor /etc/apparmor.d/firefox

in my firefox.local.

In other words, it's not working as intended. My custom AA profile is only used with ignore apparmor.

Note also that I've added include <abstractions/base.d/firejail-base> to my firefox AA profile. See here.

<!-- gh-comment-id:1316972717 --> @curiosityseeker commented on GitHub (Nov 16, 2022): > However, I use a custom AppArmor profile I've written myself (in my case, Firefox runs under **firefox//&firejail-default** Same here if I use `apparmor firefox` or, alternatively, `apparmor /etc/apparmor.d/firefox` in my `firefox.local`. In other words, it's not working as intended. My custom AA profile is **only** used with `ignore apparmor`. Note also that I've added `include <abstractions/base.d/firejail-base>` to my firefox AA profile. See [here](https://github.com/netblue30/firejail/blob/master/etc/apparmor/firejail-base).
gitea-mirror commented 2026-05-05 09:39:40 -06:00
Author
Owner
Copy link

@ChrysoliteAzalea commented on GitHub (Nov 17, 2022):

I think that, in order to figure out the reason of a bug, we need to know exactly what is blocked by AppArmor that is needed by Firefox. You can find it in the audit log.

<!-- gh-comment-id:1318330050 --> @ChrysoliteAzalea commented on GitHub (Nov 17, 2022): I think that, in order to figure out the reason of a bug, we need to know exactly what is blocked by AppArmor that is needed by Firefox. You can find it in the audit log.
gitea-mirror commented 2026-05-05 09:39:40 -06:00
Author
Owner
Copy link

@ChrysoliteAzalea commented on GitHub (Nov 17, 2022):

Alright, this is the profile that I use (note that this profile is using a modified abstraction nameservice2 -- I've made it because of execution rules conflict). Also, there is a xattr attachment -- you may need to remove it or set the extended attribute in order for this profile to attach correctly (as far as I know, it only affects automatic profile attachment and doesn't affect named transitions).

firefoxprofile.tar.gz

<!-- gh-comment-id:1318332421 --> @ChrysoliteAzalea commented on GitHub (Nov 17, 2022): Alright, this is the profile that I use (note that this profile is using a modified abstraction **nameservice2** -- I've made it because of execution rules conflict). Also, there is a xattr attachment -- you may need to remove it or set the extended attribute in order for this profile to attach correctly (as far as I know, it only affects automatic profile attachment and doesn't affect named transitions). [firefoxprofile.tar.gz](https://github.com/netblue30/firejail/files/10029810/firefoxprofile.tar.gz)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3004
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?