github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #5472] virtualbox: cannot access shared folders: Permission denied #3008

New issue

Closed

opened 2026-05-05 09:39:41 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 09:39:41 -06:00

Owner

Originally created by @s1s1fo on GitHub (Nov 13, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5472

Description

Working in Ubuntu inside a VirtualBox machine where I have multiple shared folders shared from the host machine with the guest machine. Although I have whitelisted and noblacklisted several of those folders I get permission denied when trying to access them from programs such as Clementine or Digikam.

Log

E.g. having:

noblacklist ${HOME}/sharedFolders/sharedFolder
whitelist ${HOME}/sharedFolders/sharedFolder

I get:

Mounting noexec /home/sam/sharedFolders/sharedFolder
3663 3658 0:50 / /home/sam/sharedFolders/sharedFolder rw,nosuid,nodev,noexec,relatime master:516 - vboxsf #sharedFolder rw,iocharset=utf8,uid=0,gid=999,dmode=0770,fmode=0770,tag=VBoxAutomounter
mountid=3663 fsname=/ dir=/home/sam/sharedFolders/sharedFolder fstype=vboxsf
...
Debug 599: dir: /home/sam
Debug 553: whitelist ${HOME}/sharedFolders/sharedFolder
Debug 574: expanded: /home/sam/sharedFolders/sharedFolder
Debug 585: new_name: /home/sam/sharedFolders/sharedFolder
Debug 599: dir: /home/sam
...
Whitelisting /home/sam/sharedFolders/sharedFolder
3025 3020 0:50 / /home/sam/sharedFolders/sharedFolder rw,nodev,relatime master:516 - vboxsf #sharedFolder rw,iocharset=utf8,uid=0,gid=999,dmode=0770,fmode=0770,tag=VBoxAutomounter
mountid=3025 fsname=/ dir=/home/sam/sharedFolders/sharedFolder fstype=vboxsf
...
Mounting noexec /home/sam/sharedFolders/sharedFolder
3253 3252 0:50 /digikamDB /home/sam/sharedFolders/sharedFolder/digikamDB rw,nodev,relatime master:516 - vboxsf #sharedFolder rw,iocharset=utf8,uid=0,gid=999,dmode=0770,fmode=0770,tag=VBoxAutomounter
...
inotify_add_watch(/home/sam/sharedFolders/sharedFolder) failed: (Permission denied)

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a terminal?

Works like a charm!

Environment

Linux distribution and version: Ubuntu 22.04
Firejail version: firejail version 0.9.66

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it). ✔
I can reproduce the issue without custom modifications (e.g. globals.local).⨯ Custom modifications en several profiles, e.g /etc/digikamDB.profile as shown in log.

Other info:

What owner and permission does it have inside and outside of the sandbox? Is it a FUSE filesystem? ⇒ Not sure, the problem is with several folders from the host machine mounted by virtualbox in a folder of the guest machine.
Are they ever blacklisted? ⇒ NO

I guess it has something to do with Virtualbox shared folders but I may be wrong.
Thanks

Originally created by @s1s1fo on GitHub (Nov 13, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5472  ### Description Working in Ubuntu inside a VirtualBox machine where I have multiple shared folders shared from the host machine with the guest machine. Although I have whitelisted and noblacklisted several of those folders I get permission denied when trying to access them from programs such as Clementine or Digikam. ### Log E.g. having: noblacklist ${HOME}/sharedFolders/sharedFolder whitelist ${HOME}/sharedFolders/sharedFolder I get: ``` Mounting noexec /home/sam/sharedFolders/sharedFolder 3663 3658 0:50 / /home/sam/sharedFolders/sharedFolder rw,nosuid,nodev,noexec,relatime master:516 - vboxsf #sharedFolder rw,iocharset=utf8,uid=0,gid=999,dmode=0770,fmode=0770,tag=VBoxAutomounter mountid=3663 fsname=/ dir=/home/sam/sharedFolders/sharedFolder fstype=vboxsf ... Debug 599: dir: /home/sam Debug 553: whitelist ${HOME}/sharedFolders/sharedFolder Debug 574: expanded: /home/sam/sharedFolders/sharedFolder Debug 585: new_name: /home/sam/sharedFolders/sharedFolder Debug 599: dir: /home/sam ... Whitelisting /home/sam/sharedFolders/sharedFolder 3025 3020 0:50 / /home/sam/sharedFolders/sharedFolder rw,nodev,relatime master:516 - vboxsf #sharedFolder rw,iocharset=utf8,uid=0,gid=999,dmode=0770,fmode=0770,tag=VBoxAutomounter mountid=3025 fsname=/ dir=/home/sam/sharedFolders/sharedFolder fstype=vboxsf ... Mounting noexec /home/sam/sharedFolders/sharedFolder 3253 3252 0:50 /digikamDB /home/sam/sharedFolders/sharedFolder/digikamDB rw,nodev,relatime master:516 - vboxsf #sharedFolder rw,iocharset=utf8,uid=0,gid=999,dmode=0770,fmode=0770,tag=VBoxAutomounter ... inotify_add_watch(/home/sam/sharedFolders/sharedFolder) failed: (Permission denied) ``` ### Behavior without a profile #### What changed calling LC_ALL=C firejail --noprofile /path/to/program in a terminal? Works like a charm! ### Environment - Linux distribution and version: Ubuntu 22.04 - Firejail version: firejail version 0.9.66 ### Checklist The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it). ✔ I can reproduce the issue without custom modifications (e.g. globals.local).⨯ Custom modifications en several profiles, e.g /etc/digikamDB.profile as shown in log. ### Other info: - What owner and permission does it have inside and outside of the sandbox? Is it a FUSE filesystem? ⇒ Not sure, the problem is with several folders from the host machine mounted by virtualbox in a folder of the guest machine. - Are they ever blacklisted? ⇒ NO I guess it has something to do with Virtualbox shared folders but I may be wrong. Thanks

gitea-mirror

2026-05-05 09:39:41 -06:00

closed this issue
added the
needinfo
label

gitea-mirror commented

2026-05-05 09:39:44 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 13, 2022):

uid=0,gid=999,dmode=0770,fmode=0770

What owner and permission does it have inside and outside of the sandbox? Is it a FUSE filesystem?

noblacklist ${HOME}/sharedFolders/sharedFolder

Are they ever blacklisted?

@rusty-snake commented on GitHub (Nov 13, 2022): > uid=0,gid=999,dmode=0770,fmode=0770 What owner and permission does it have inside and outside of the sandbox? Is it a FUSE filesystem? > noblacklist ${HOME}/sharedFolders/sharedFolder Are they ever blacklisted?

gitea-mirror commented

2026-05-05 09:39:45 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 13, 2022):

You should give more information about your environment and test cases.

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a terminal?

Environment

Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")

Firejail version (firejail --version).

If you use a development version of firejail, also the commit from which it was compiled (git rev-parse HEAD).

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).

I can reproduce the issue without custom modifications (e.g. globals.local).

@rusty-snake commented on GitHub (Nov 13, 2022): You should give more information about your environment and test cases. > ### Behavior without a profile > > _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ > > ### Environment > > - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") > - Firejail version (`firejail --version`). > - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`). > > ### Checklist > > - [ ] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). > - [ ] I can reproduce the issue without custom modifications (e.g. globals.local).

gitea-mirror commented

2026-05-05 09:39:46 -06:00

Author

Owner

@s1s1fo commented on GitHub (Nov 13, 2022):

Added the info to my original comment.

@s1s1fo commented on GitHub (Nov 13, 2022): Added the info to my original comment.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3008

No description provided.

Rows
Columns