[GH-ISSUE #5698] libreoffice: Warning: failed to launch javaldx #3069

New issue

Open

opened 2026-05-05 09:42:36 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented 2026-05-05 09:42:36 -06:00

Owner

Copy link

Originally created by @marek22k on GitHub (Feb 28, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5698

Description

LibreOffice does not start.

Steps to Reproduce

Steps to reproduce the behavior

1. Install LibreOffice via apt
2. Try to start LibreOffice

Expected behavior

LibreOffice works.

Actual behavior

LibreOffice does not works:

libreoffice 
Reading profile /etc/firejail/libreoffice.profile
Reading profile /etc/firejail/allow-java.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 13370, child pid 13371
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: not remounting /home/marek/.ssh/config
Warning: cleaning all supplementary groups
Child process initialized in 242.49 ms
Warning: failed to launch javaldx - java may not function correctly
ERROR 4 forking process

Parent is shutting down, bye...

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a terminal?

$LC_ALL=C firejail --noprofile libreoffice
Parent pid 13818, child pid 13819
Child process initialized in 23.94 ms
Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features

Parent is shutting down, bye...

Environment

• Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")

$lsb_release -a
No LSB modules are available.
Distributor ID:	Parrot
Description:	Parrot OS 5.2 (Electro Ara)
Release:	5.2
Codename:	ara

based on Debian 11

• Firejail version (firejail --version).

$firejail --version
firejail version 0.9.72

Compile time support:
	- always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file transfer support is enabled
	- firetunnel support is disabled
	- IDS support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
• The error still exists despite several closed issues. None of the already closed issues is marked as "not planed". Therefore I open a new issue.

Workaround

1. Install LibreOffice via Flatpak
2. Run LibreOffice via firejail --ignore=apparmor /usr/bin/libreoffice
3. Add ignore apparmor in /etc/firejail/libreoffice.local

Log

Output of LC_ALL=C firejail /path/to/program

$LC_ALL=C firejail libreoffice 
Reading profile /etc/firejail/libreoffice.profile
Reading profile /etc/firejail/allow-java.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 14731, child pid 14732
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: not remounting /home/marek/.ssh/config
Warning: cleaning all supplementary groups
Child process initialized in 193.21 ms
Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features
Warning: failed to launch javaldx - java may not function correctly
ERROR 4 forking process

Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /path/to/program

https://paste.i2pd.xyz/?1f7331f82321da69#3yggcZ5rkbm3zB7XbPBvJBrQpvNYLgFzSDUDEvuBkNf3
https://gist.github.com/marek22k/0a168124a561cb9053785e74aa1eb13a

Addional logs

$sudo dmesg --follow-new --human | grep apparmor | grep libreoffice results in:

[Feb28 10:15] audit: type=1400 audit(1677575737.939:14756): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/javaldx" pid=18159 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined"
[  +0,000290] audit: type=1400 audit(1677575737.939:14757): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/javaldx" pid=18159 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined"
[  +0,000630] audit: type=1400 audit(1677575737.939:14758): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/soffice.bin" pid=18161 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice"
[  +0,000006] audit: type=1400 audit(1677575737.939:14759): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" pid=18161 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice"
[Feb28 10:16] audit: type=1400 audit(1677575767.952:14760): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/javaldx" pid=18245 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined"
[  +0,000009] audit: type=1400 audit(1677575767.952:14761): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/javaldx" pid=18245 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined"
[  +0,000822] audit: type=1400 audit(1677575767.956:14762): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/soffice.bin" pid=18247 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice"
[  +0,000028] audit: type=1400 audit(1677575767.956:14763): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" pid=18247 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice"
[  +4,121288] audit: type=1400 audit(1677575772.076:14764): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/javaldx" pid=18278 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined"
[  +0,000014] audit: type=1400 audit(1677575772.076:14765): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/javaldx" pid=18278 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined"
[  +0,000692] audit: type=1400 audit(1677575772.076:14766): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/soffice.bin" pid=18280 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice"
[  +0,000010] audit: type=1400 audit(1677575772.076:14767): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" pid=18280 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice"

Originally created by @marek22k on GitHub (Feb 28, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5698 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description LibreOffice does not start. ### Steps to Reproduce _Steps to reproduce the behavior_ 1. Install LibreOffice via `apt` 2. Try to start LibreOffice ### Expected behavior LibreOffice works. ### Actual behavior LibreOffice does not works: ``` libreoffice Reading profile /etc/firejail/libreoffice.profile Reading profile /etc/firejail/allow-java.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 13370, child pid 13371 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: not remounting /home/marek/.ssh/config Warning: cleaning all supplementary groups Child process initialized in 242.49 ms Warning: failed to launch javaldx - java may not function correctly ERROR 4 forking process Parent is shutting down, bye... ``` ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ ``` $LC_ALL=C firejail --noprofile libreoffice Parent pid 13818, child pid 13819 Child process initialized in 23.94 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features Parent is shutting down, bye... ``` ### Environment - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") ``` $lsb_release -a No LSB modules are available. Distributor ID: Parrot Description: Parrot OS 5.2 (Electro Ara) Release: 5.2 Codename: ara ``` based on Debian 11 - Firejail version (`firejail --version`). ``` $firejail --version firejail version 0.9.72 Compile time support: - always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - firetunnel support is disabled - IDS support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [X] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [X] I can reproduce the issue without custom modifications (e.g. globals.local). - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - The error still exists despite several closed issues. None of the already closed issues is marked as "not planed". Therefore I open a new issue. ### Workaround 1) Install LibreOffice via Flatpak 2) Run LibreOffice via `firejail --ignore=apparmor /usr/bin/libreoffice` 3) Add `ignore apparmor` in `/etc/firejail/libreoffice.local` ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` $LC_ALL=C firejail libreoffice Reading profile /etc/firejail/libreoffice.profile Reading profile /etc/firejail/allow-java.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 14731, child pid 14732 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: not remounting /home/marek/.ssh/config Warning: cleaning all supplementary groups Child process initialized in 193.21 ms Warning: an existing sandbox was detected. /usr/bin/libreoffice will run without any additional sandboxing features Warning: failed to launch javaldx - java may not function correctly ERROR 4 forking process Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> https://paste.i2pd.xyz/?1f7331f82321da69#3yggcZ5rkbm3zB7XbPBvJBrQpvNYLgFzSDUDEvuBkNf3 https://gist.github.com/marek22k/0a168124a561cb9053785e74aa1eb13a </p> </details> ## Addional logs `$sudo dmesg --follow-new --human | grep apparmor | grep libreoffice` results in: ``` [Feb28 10:15] audit: type=1400 audit(1677575737.939:14756): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/javaldx" pid=18159 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined" [ +0,000290] audit: type=1400 audit(1677575737.939:14757): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/javaldx" pid=18159 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined" [ +0,000630] audit: type=1400 audit(1677575737.939:14758): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/soffice.bin" pid=18161 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice" [ +0,000006] audit: type=1400 audit(1677575737.939:14759): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" pid=18161 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice" [Feb28 10:16] audit: type=1400 audit(1677575767.952:14760): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/javaldx" pid=18245 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined" [ +0,000009] audit: type=1400 audit(1677575767.952:14761): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/javaldx" pid=18245 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined" [ +0,000822] audit: type=1400 audit(1677575767.956:14762): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/soffice.bin" pid=18247 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice" [ +0,000028] audit: type=1400 audit(1677575767.956:14763): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" pid=18247 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice" [ +4,121288] audit: type=1400 audit(1677575772.076:14764): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/javaldx" pid=18278 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined" [ +0,000014] audit: type=1400 audit(1677575772.076:14765): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/javaldx" pid=18278 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&unconfined" [ +0,000692] audit: type=1400 audit(1677575772.076:14766): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="firejail-default" name="/usr/lib/libreoffice/program/soffice.bin" pid=18280 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice" [ +0,000010] audit: type=1400 audit(1677575772.076:14767): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" pid=18280 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="firejail-default//&libreoffice-soffice" ```

gitea-mirror commented 2026-05-05 09:42:38 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Feb 28, 2023):

Warning: failed to launch javaldx - java may not function correctly

That javaldx is indeed not in our current allow-java.inc. I don't know what exactly that file is or does. Check your package manager to see what package installs it and where. Then you can try adding these paths to a ~/.config/firejail/allow-java.local to see if that changes anything for the better.

<!-- gh-comment-id:1447857089 --> @ghost commented on GitHub (Feb 28, 2023): > Warning: failed to launch javaldx - java may not function correctly That `javaldx` is indeed not in our current `allow-java.inc`. I don't know what exactly that file is or does. Check your package manager to see what package installs it and where. Then you can try adding these paths to a ~/.config/firejail/allow-java.local to see if that changes anything for the better.

gitea-mirror commented 2026-05-05 09:42:39 -06:00

Author

Owner

Copy link

@marek22k commented on GitHub (Feb 28, 2023):

apt-file search javaldx returns nothing.

$sudo find / -name javaldx
[some permission denieds]
/usr/lib/libreoffice/program/javaldx

Calling the program:

$/usr/lib/libreoffice/program/javaldx
/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/client:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/server:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/native_threads:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64

$file /usr/lib/libreoffice/program/javaldx
/usr/lib/libreoffice/program/javaldx: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ce9a361665d987d930bb4e06384690ac021139b4, for GNU/Linux 3.2.0, stripped

$/usr/lib/libreoffice/program/javaldx -h

javaldx is necessary to make Java work on some UNIX platforms.It prints a string to std out that consists of directories which have to be included into the LD_LIBRARY_PATH variable.The setting of the variable usually occurs in a shell script that runs javaldx.
The directories are from the chosen java installation. 
Options are: 
--help or -h

So it seems that LibreOffice installed javaldx.

<!-- gh-comment-id:1447879145 --> @marek22k commented on GitHub (Feb 28, 2023): `apt-file search javaldx` returns nothing. ``` $sudo find / -name javaldx [some permission denieds] /usr/lib/libreoffice/program/javaldx ``` Calling the program: ``` $/usr/lib/libreoffice/program/javaldx /usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/client:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/server:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/native_threads:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64 ``` ``` $file /usr/lib/libreoffice/program/javaldx /usr/lib/libreoffice/program/javaldx: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ce9a361665d987d930bb4e06384690ac021139b4, for GNU/Linux 3.2.0, stripped ``` ``` $/usr/lib/libreoffice/program/javaldx -h javaldx is necessary to make Java work on some UNIX platforms.It prints a string to std out that consists of directories which have to be included into the LD_LIBRARY_PATH variable.The setting of the variable usually occurs in a shell script that runs javaldx. The directories are from the chosen java installation. Options are: --help or -h ``` So it seems that LibreOffice installed javaldx.

gitea-mirror commented 2026-05-05 09:42:39 -06:00

Author

Owner

Copy link

@marek22k commented on GitHub (Feb 28, 2023):

Then you can try adding these paths to a ~/.config/firejail/allow-java.local to see if that changes anything for the better.

With which command? noblacklist, whitelist, ...

<!-- gh-comment-id:1447882004 --> @marek22k commented on GitHub (Feb 28, 2023): > Then you can try adding these paths to a ~/.config/firejail/allow-java.local to see if that changes anything for the better. With which command? `noblacklist`, `whitelist`, ...

gitea-mirror commented 2026-05-05 09:42:40 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Feb 28, 2023):

Hmm, it might be AppArmor. Have you tried the instructions in the libreoffice.profile yet?

1783cda6aa/etc/profile-a-l/libreoffice.profile (L26-L34)

<!-- gh-comment-id:1448102232 --> @ghost commented on GitHub (Feb 28, 2023): Hmm, it might be AppArmor. Have you tried the instructions in the libreoffice.profile yet? https://github.com/netblue30/firejail/blob/1783cda6aa343512e5f180017d829c79ed27566e/etc/profile-a-l/libreoffice.profile#L26-L34

gitea-mirror commented 2026-05-05 09:42:41 -06:00

Author

Owner

Copy link

@marek22k commented on GitHub (Mar 1, 2023):

As I wrote, it works with ignore apparmor, however my operating system is based on Debian 11 and not 10. Do the instructions also apply to Debian 11?

<!-- gh-comment-id:1450463569 --> @marek22k commented on GitHub (Mar 1, 2023): As I wrote, it works with `ignore apparmor`, however my operating system is based on Debian 11 and not 10. Do the instructions also apply to Debian 11?

gitea-mirror commented 2026-05-05 09:42:41 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Mar 2, 2023):

As I wrote, it works with ignore apparmor, however my operating system is based on Debian 11 and not 10. Do the instructions also apply to Debian 11?

Can't say anything on Debian I'm afraid. I've never used it. But if it works with only ignoring apparmor on Debian 11 we might need to add a comment about that. Let's ping @reinerh, maybe he has a better understanding about these Debian differences.

<!-- gh-comment-id:1451728286 --> @ghost commented on GitHub (Mar 2, 2023): > As I wrote, it works with ignore apparmor, however my operating system is based on Debian 11 and not 10. Do the instructions also apply to Debian 11? Can't say anything on Debian I'm afraid. I've never used it. But if it works with only ignoring apparmor on Debian 11 we might need to add a comment about that. Let's ping @reinerh, maybe he has a better understanding about these Debian differences.

gitea-mirror commented 2026-05-05 09:42:42 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (Mar 2, 2023):

I see the same warning on Debian unstable:

$ firejail libreoffice
Reading profile /etc/firejail/libreoffice.profile
Reading profile /etc/firejail/allow-java.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 1044133, child pid 1044134
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: not remounting /home/reiner/.ssh/authorized_keys
Warning: not remounting /home/reiner/.ssh/config
Warning: cleaning all supplementary groups
Child process initialized in 49.93 ms
Warning: failed to launch javaldx - java may not function correctly

But it's only a warning here, libreoffice seems to run fine. Maybe it's just some specific feature that needs java (or java works even though javaldx does not).
I would say, if ignore apparmor fixes it for you, then please use it.

<!-- gh-comment-id:1452269911 --> @reinerh commented on GitHub (Mar 2, 2023): I see the same warning on Debian unstable: ``` $ firejail libreoffice Reading profile /etc/firejail/libreoffice.profile Reading profile /etc/firejail/allow-java.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 1044133, child pid 1044134 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: not remounting /home/reiner/.ssh/authorized_keys Warning: not remounting /home/reiner/.ssh/config Warning: cleaning all supplementary groups Child process initialized in 49.93 ms Warning: failed to launch javaldx - java may not function correctly ``` But it's only a warning here, libreoffice seems to run fine. Maybe it's just some specific feature that needs java (or java works even though javaldx does not). I would say, if `ignore apparmor` fixes it for you, then please use it.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3069

No description provided.