[GH-ISSUE #5773] freeoffice-textmaker: cannot create unique identifier

gitea-mirror commented

2026-05-05 09:43:48 -06:00

Owner

Originally created by @hotcapy on GitHub (Mar 31, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5773

Description

Free version of office suite by SoftMaker uses numeric license keys sent by e-mail for app activation.

When launched with Firejail, app's GUI shows the following error:

The application cannot create a unique identifier.
Please make sure the application has sufficient permissions.

After pressing "Retry" button FreeOffice shows it's usual dialogue requiring to enter free license key.
App activated already and works w/o Firejail.

There is nothing special in terminal output.

Steps to Reproduce

Run $ firejail /usr/bin/freeoffice-textmaker.
See error message in FreeOffice GUI.

Expected behavior

FreeOffice successfully gets access to it's product key and opens a new document window.

Actual behavior

FreeOffice requires to register with free license key while actually were registered already.

Behavior without a profile

Works as expected with --noprofile option.

Additional context

Perhaps, FreeOffice stores it's activation information somewhere but can't access it with Firejail.
Unfortunately, I don't know where exactly and wasn't able to find it out.

Environment

Arch Linux
firejail-git v0.9.72.r9306.ab70db5b8 from AUR
freeoffice v1062 from AUR

Checklist

The issues is caused by firejail.
I can reproduce the issue without custom modifications.
The program has a profile.

Log

Output of LC_ALL=C firejail /usr/bin/freeoffice-textmaker

Reading profile /etc/firejail/freeoffice-textmaker.profile
Reading profile /etc/firejail/softmaker-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /home/user/.config/firejail/disable-common.local
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 15901, child pid 15902
Warning: NVIDIA card detected, nogroups command ignored
5 programs installed in 7.47 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Private /etc installed in 35.47 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/doc
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Child process initialized in 131.60 ms

Output of LC_ALL=C firejail --debug /usr/bin/freeoffice-textmaker

https://gist.github.com/hotcapy/eb613d43f612dc9f69a045b75031a699

Originally created by @hotcapy on GitHub (Mar 31, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5773 ### Description Free version of office suite by SoftMaker uses numeric license keys sent by e-mail for app activation. When launched with Firejail, app's GUI shows the following error: ``` The application cannot create a unique identifier. Please make sure the application has sufficient permissions. ``` After pressing "Retry" button FreeOffice shows it's usual dialogue requiring to enter free license key. App activated already and works w/o Firejail. There is nothing special in terminal output. ### Steps to Reproduce 1. Run `$ firejail /usr/bin/freeoffice-textmaker`. 2. See error message in FreeOffice GUI. ### Expected behavior FreeOffice successfully gets access to it's product key and opens a new document window. ### Actual behavior FreeOffice requires to register with free license key while actually were registered already. ### Behavior without a profile Works as expected with `--noprofile` option. ### Additional context Perhaps, FreeOffice stores it's activation information somewhere but can't access it with Firejail. Unfortunately, I don't know where exactly and wasn't able to find it out. ### Environment - Arch Linux - [firejail-git](https://aur.archlinux.org/packages/firejail-git) v0.9.72.r9306.ab70db5b8 from AUR - [freeoffice](https://aur.archlinux.org/packages/freeoffice) v1062 from AUR ### Checklist  - [x] The issues is caused by firejail. - [x] I can reproduce the issue without custom modifications. - [x] The program has a profile. ### Log <details> <summary>Output of <code>LC_ALL=C firejail /usr/bin/freeoffice-textmaker</code></summary> <p> ``` Reading profile /etc/firejail/freeoffice-textmaker.profile Reading profile /etc/firejail/softmaker-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /home/user/.config/firejail/disable-common.local Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 15901, child pid 15902 Warning: NVIDIA card detected, nogroups command ignored 5 programs installed in 7.47 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Private /etc installed in 35.47 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/doc Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Child process initialized in 131.60 ms ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /usr/bin/freeoffice-textmaker</code></summary> <p>  ``` https://gist.github.com/hotcapy/eb613d43f612dc9f69a045b75031a699 ``` </p> </details>

gitea-mirror closed this issue

2026-05-05 09:43:49 -06:00

gitea-mirror commented

2026-05-05 09:43:50 -06:00

Author

Owner

@kmk3 commented on GitHub (Apr 1, 2023):

The application cannot create a unique identifier.
Please make sure the application has sufficient permissions.

That error message is very uninformative unfortunately, so I'd try one or more
of the generic debugging steps:

Run firejail with --trace to see what files it tries to access
Comment out parts of the profile until you find the line that is causing
problems

@kmk3 commented on GitHub (Apr 1, 2023): > ``` > The application cannot create a unique identifier. > Please make sure the application has sufficient permissions. > ``` That error message is very uninformative unfortunately, so I'd try one or more of the generic debugging steps: * Run firejail with `--trace` to see what files it tries to access * Comment out parts of the profile until you find the line that is causing problems

gitea-mirror commented

2026-05-05 09:43:51 -06:00

Author

Owner

@hotcapy commented on GitHub (Apr 2, 2023):

Creating file softmaker-common.local with line ignore private-etc @tls-ca,SoftMaker fixes this issue.

--trace output:

private-etc enabled: firejail-smfo_trace_bad
private-etc disabled: firejail-smfo_trace_good

I couldn't figure out which files or folders FreeOffice uses in /etc, and my knowledge is not enough to analyze these logs myself.

@hotcapy commented on GitHub (Apr 2, 2023): Creating file `softmaker-common.local` with line `ignore private-etc @tls-ca,SoftMaker` fixes this issue. `--trace` output: 1. `private-etc` enabled: [firejail-smfo_trace_bad](https://gist.github.com/hotcapy/3b785a69881849854eaf34d89cc93df1) 2. `private-etc` disabled: [firejail-smfo_trace_good](https://gist.github.com/hotcapy/acb252186be5633cab925097db9385dd) I couldn't figure out which files or folders FreeOffice uses in `/etc`, and my knowledge is not enough to analyze these logs myself.

gitea-mirror commented

2026-05-05 09:43:52 -06:00

Author

Owner

@kmk3 commented on GitHub (Apr 2, 2023):

@hotcapy on Apr 2:

Creating file softmaker-common.local with line ignore private-etc @tls-ca,SoftMaker fixes this issue.

--trace output:

private-etc enabled: firejail-smfo_trace_bad

private-etc disabled: firejail-smfo_trace_good

I couldn't figure out which files or folders FreeOffice uses in /etc, and
my knowledge is not enough to analyze these logs myself.

I think I found it:

$ grep /etc/ bad.txt  | cut -f 2- -d : | sed -E 's/:0x[0-9a-f]+/:0xabc/' >1
$ grep /etc/ good.txt | cut -f 2- -d : | sed -E 's/:0x[0-9a-f]+/:0xabc/' >2
$ diff 1 2
29,30c29,30
< textmaker:fopen64 /etc/os-release:(nil)
< textmaker:opendir /etc/:0xabc
---
> textmaker:fopen64 /etc/os-release:0xabc
> textmaker:fopen64 /etc/os-release:0xabc

Does it work when adding os-release to private-etc?

@kmk3 commented on GitHub (Apr 2, 2023): @hotcapy [on Apr 2](https://github.com/netblue30/firejail/issues/5773#issuecomment-1493260029): > Creating file `softmaker-common.local` with line `ignore private-etc > @tls-ca,SoftMaker` fixes this issue. > > `--trace` output: > > 1. `private-etc` enabled: [firejail-smfo_trace_bad](https://gist.github.com/hotcapy/3b785a69881849854eaf34d89cc93df1) > 2. `private-etc` disabled: [firejail-smfo_trace_good](https://gist.github.com/hotcapy/acb252186be5633cab925097db9385dd) > > I couldn't figure out which files or folders FreeOffice uses in `/etc`, and > my knowledge is not enough to analyze these logs myself. I think I found it: ```console $ grep /etc/ bad.txt | cut -f 2- -d : | sed -E 's/:0x[0-9a-f]+/:0xabc/' >1 $ grep /etc/ good.txt | cut -f 2- -d : | sed -E 's/:0x[0-9a-f]+/:0xabc/' >2 $ diff 1 2 29,30c29,30 < textmaker:fopen64 /etc/os-release:(nil) < textmaker:opendir /etc/:0xabc --- > textmaker:fopen64 /etc/os-release:0xabc > textmaker:fopen64 /etc/os-release:0xabc ``` Does it work when adding `os-release` to `private-etc`?

gitea-mirror commented

2026-05-05 09:43:53 -06:00

Author

Owner

@hotcapy commented on GitHub (Apr 2, 2023):

Unfortunately, it doesn't.
Here is --trace output with private-etc @tls-ca,SoftMaker,os-release: firejail-smfo_trace_os-release

If it matters, /etc/os-release is a symlink to /usr/lib/os-release in my system.

@hotcapy commented on GitHub (Apr 2, 2023): Unfortunately, it doesn't. Here is `--trace` output with `private-etc @tls-ca,SoftMaker,os-release`: [firejail-smfo_trace_os-release](https://gist.github.com/hotcapy/62e468d01653fafcc19516359861ff42) If it matters, `/etc/os-release` is a symlink to `/usr/lib/os-release` in my system. ![screen](https://user-images.githubusercontent.com/80588349/229345054-83c7f7b1-923f-4521-8bd7-33ff06172579.png)

gitea-mirror commented

2026-05-05 09:43:54 -06:00

Author

Owner

@kmk3 commented on GitHub (Apr 2, 2023):

@hotcapy on Apr 2:

Unfortunately, it doesn't. Here is --trace output with private-etc @tls-ca,SoftMaker,os-release:
firejail-smfo_trace_os-release

If it matters, /etc/os-release is a symlink to /usr/lib/os-release in my
system.

There are some differences in the logs, but it's not obvious why:

$ cut -f 2- -d : good.txt | sed -E -e 's/:0x[0-9a-f]+/:0xabc/' \
  -e 's/:[0-9]+$/:123/' | LC_ALL=C sort -u >b
$ cut -f 2- -d : 3.txt    | sed -E -e 's/:0x[0-9a-f]+/:0xabc/' \
  -e 's/:[0-9]+$/:123/' | LC_ALL=C sort -u >c
$ comm -3 b c | grep -v '\.png'
textmaker:connect 7 @var/run/nvidia-xdriver-5de20f80:123
        textmaker:connect 7 @var/run/nvidia-xdriver-f5375995:123
textmaker:connect 8 @var/run/nvidia-xdriver-5de20f80:123
        textmaker:connect 8 @var/run/nvidia-xdriver-f5375995:123
textmaker:fopen /home/user/.icons/Future-cursors/cursors/xterm:(nil)
textmaker:fopen /home/user/.local/share/icons/Future-cursors/cursors/xterm:(nil)
textmaker:fopen /usr/share/icons/Future-cursors/cursors/xterm:0xabc
textmaker:fopen64 /home/user/SoftMaker/Settings/fontfilter.ini:0xabc
textmaker:fopen64 /home/user/SoftMaker/Settings/tmfo21keys.dat:(nil)
textmaker:fopen64 /home/user/SoftMaker/TextMaker 2021 templates/English (US)/Normal.tmvx:0xabc
textmaker:fopen64 /tmp/tmE1OhwU/out00000001.tmp:(nil)
textmaker:fopen64 /tmp/tmE1OhwU/tm00000002.tmp:(nil)
textmaker:fopen64 /tmp/tmE1OhwU/tm00000003.tmp:(nil)
        textmaker:fopen64 /tmp/tmR1ostG/out00000001.tmp:(nil)
        textmaker:fopen64 /tmp/tmR1ostG/tm00000002.tmp:(nil)
        textmaker:fopen64 /tmp/tmR1ostG/tm00000003.tmp:(nil)
textmaker:fopen64 /usr/lib/freeoffice/fonts/Basic Roman-Regular.ttf:0xabc
textmaker:fopen64 /usr/lib/freeoffice/fonts/Basic Sans-Bold.ttf:0xabc
textmaker:fopen64 /usr/share/fonts/TTF/arialbd.ttf:0xabc
textmaker:fopen64 /usr/share/fonts/TTF/times.ttf:0xabc
textmaker:opendir /home/user/SoftMaker/TextMaker 2021 templates/English (US)/:0xabc
textmaker:opendir /tmp/tmE1OhwU/:0xabc
        textmaker:opendir /tmp/tmR1ostG/:0xabc
textmaker:rmdir /tmp/tmE1OhwU/:123
        textmaker:rmdir /tmp/tmR1ostG/:123

So unless someone knows a better way to debug this, I suppose we'll just
comment private-etc in the profile for the time being.

@kmk3 commented on GitHub (Apr 2, 2023): @hotcapy [on Apr 2](https://github.com/netblue30/firejail/issues/5773#issuecomment-1493281150): > Unfortunately, it doesn't. Here is `--trace` output with `private-etc > @tls-ca,SoftMaker,os-release`: > [firejail-smfo_trace_os-release](https://gist.github.com/hotcapy/62e468d01653fafcc19516359861ff42) > > If it matters, `/etc/os-release` is a symlink to `/usr/lib/os-release` in my > system. There are some differences in the logs, but it's not obvious why: ```console $ cut -f 2- -d : good.txt | sed -E -e 's/:0x[0-9a-f]+/:0xabc/' \ -e 's/:[0-9]+$/:123/' | LC_ALL=C sort -u >b $ cut -f 2- -d : 3.txt | sed -E -e 's/:0x[0-9a-f]+/:0xabc/' \ -e 's/:[0-9]+$/:123/' | LC_ALL=C sort -u >c $ comm -3 b c | grep -v '\.png' textmaker:connect 7 @var/run/nvidia-xdriver-5de20f80:123 textmaker:connect 7 @var/run/nvidia-xdriver-f5375995:123 textmaker:connect 8 @var/run/nvidia-xdriver-5de20f80:123 textmaker:connect 8 @var/run/nvidia-xdriver-f5375995:123 textmaker:fopen /home/user/.icons/Future-cursors/cursors/xterm:(nil) textmaker:fopen /home/user/.local/share/icons/Future-cursors/cursors/xterm:(nil) textmaker:fopen /usr/share/icons/Future-cursors/cursors/xterm:0xabc textmaker:fopen64 /home/user/SoftMaker/Settings/fontfilter.ini:0xabc textmaker:fopen64 /home/user/SoftMaker/Settings/tmfo21keys.dat:(nil) textmaker:fopen64 /home/user/SoftMaker/TextMaker 2021 templates/English (US)/Normal.tmvx:0xabc textmaker:fopen64 /tmp/tmE1OhwU/out00000001.tmp:(nil) textmaker:fopen64 /tmp/tmE1OhwU/tm00000002.tmp:(nil) textmaker:fopen64 /tmp/tmE1OhwU/tm00000003.tmp:(nil) textmaker:fopen64 /tmp/tmR1ostG/out00000001.tmp:(nil) textmaker:fopen64 /tmp/tmR1ostG/tm00000002.tmp:(nil) textmaker:fopen64 /tmp/tmR1ostG/tm00000003.tmp:(nil) textmaker:fopen64 /usr/lib/freeoffice/fonts/Basic Roman-Regular.ttf:0xabc textmaker:fopen64 /usr/lib/freeoffice/fonts/Basic Sans-Bold.ttf:0xabc textmaker:fopen64 /usr/share/fonts/TTF/arialbd.ttf:0xabc textmaker:fopen64 /usr/share/fonts/TTF/times.ttf:0xabc textmaker:opendir /home/user/SoftMaker/TextMaker 2021 templates/English (US)/:0xabc textmaker:opendir /tmp/tmE1OhwU/:0xabc textmaker:opendir /tmp/tmR1ostG/:0xabc textmaker:rmdir /tmp/tmE1OhwU/:123 textmaker:rmdir /tmp/tmR1ostG/:123 ``` So unless someone knows a better way to debug this, I suppose we'll just comment `private-etc` in the profile for the time being.

gitea-mirror commented

2026-05-05 09:43:54 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 2, 2023):

Since it works w/o private-etc:

Create a private-etc line with everything:

unalias ls; ls /etc | tr '\n' ','

Remove privileged stuff like sudoers that let it fail.

Make sure it works.

Remove stuff to find the needed one.

@rusty-snake commented on GitHub (Apr 2, 2023): Since it works w/o private-etc: Create a `private-etc` line with everything: ``` unalias ls; ls /etc | tr '\n' ',' ``` Remove privileged stuff like `sudoers` that let it fail. Make sure it works. Remove stuff to find the needed one.

gitea-mirror commented

2026-05-05 09:43:55 -06:00

Author

Owner

@hotcapy commented on GitHub (Apr 2, 2023):

Found it! For whatever reason, it is /etc/fstab :-)
private-etc @tls-ca,SoftMaker,fstab (or just fstab) works with all FreeOffice apps (TextMaker, PlanMaker, Presentations).

@hotcapy commented on GitHub (Apr 2, 2023): Found it! For whatever reason, it is `/etc/fstab` :-) `private-etc @tls-ca,SoftMaker,fstab` (or just `fstab`) works with all FreeOffice apps (TextMaker, PlanMaker, Presentations).

gitea-mirror commented

2026-05-05 09:43:56 -06:00

Author

Owner

@kmk3 commented on GitHub (Apr 3, 2023):

(Offtopic)

@rusty-snake on Apr 2:

unalias ls; ls /etc | tr '\n' ','

To ignore shell aliases and functions for a single invocation, command can be
used:

command ls /etc

This also works (though it's a bit less obvious and I don't know how portable
it is):

\ls /etc

Both leave existing aliases intact in the current shell.

@kmk3 commented on GitHub (Apr 3, 2023): (Offtopic) @rusty-snake [on Apr 2](https://github.com/netblue30/firejail/issues/5773#issuecomment-1493306798): > ``` > unalias ls; ls /etc | tr '\n' ',' > ``` To ignore shell aliases and functions for a single invocation, `command` can be used: ```sh command ls /etc ``` This also works (though it's a bit less obvious and I don't know how portable it is): ```sh \ls /etc ``` Both leave existing aliases intact in the current shell.

gitea-mirror commented

2026-05-05 09:43:56 -06:00

Author

Owner

@kmk3 commented on GitHub (Apr 3, 2023):

@hotcapy on Apr 3:

Found it! For whatever reason, it is /etc/fstab :-) private-etc @tls-ca,SoftMaker,fstab (or just fstab) works with all FreeOffice apps
(TextMaker, PlanMaker, Presentations).

Nice, could you open a PR to fix it?

@kmk3 commented on GitHub (Apr 3, 2023): @hotcapy [on Apr 3](https://github.com/netblue30/firejail/issues/5773#issuecomment-1493327809): > Found it! For whatever reason, it is `/etc/fstab` :-) `private-etc > @tls-ca,SoftMaker,fstab` (or just `fstab`) works with all FreeOffice apps > (TextMaker, PlanMaker, Presentations). Nice, could you open a PR to fix it?

gitea-mirror commented

2026-05-05 09:43:56 -06:00

Author

Owner

@hotcapy commented on GitHub (Apr 3, 2023):

Nice, could you open a PR to fix it?

I can only hope that I did it right. It was my first pull request ever :)

Before this day I used GitHub just as source of various software to download, be it Linux stuff, tools for games or flashable .zips for Android. And as place to read wiki's for all of those.

@hotcapy commented on GitHub (Apr 3, 2023): > Nice, could you open a PR to fix it? I can only hope that I did it right. It was my first pull request ever :) Before this day I used GitHub just as source of various software to download, be it Linux stuff, tools for games or flashable .zips for Android. And as place to read wiki's for all of those.

gitea-mirror commented

2026-05-05 09:43:57 -06:00

Author

Owner

@kmk3 commented on GitHub (Apr 5, 2023):

@hotcapy on Apr 3:

Nice, could you open a PR to fix it?

I can only hope that I did it right.

I have a few suggestions, but overall it looks good.

It was my first pull request ever :)

Before this day I used GitHub just as source of various software to download,
be it Linux stuff, tools for games or flashable .zips for Android. And as
place to read wiki's for all of those.

Glad to see more people contributing!

There are over 1000 profiles, so we depend on the community to keep them up to
date, especially for programs that are relatively less common.

@kmk3 commented on GitHub (Apr 5, 2023): @hotcapy [on Apr 3](https://github.com/netblue30/firejail/issues/5773#issuecomment-1494967213): > > Nice, could you open a PR to fix it? > > I can only hope that I did it right. I have a few suggestions, but overall it looks good. > It was my first pull request ever :) > > Before this day I used GitHub just as source of various software to download, > be it Linux stuff, tools for games or flashable .zips for Android. And as > place to read wiki's for all of those. Glad to see more people contributing! There are over 1000 profiles, so we depend on the community to keep them up to date, especially for programs that are relatively less common.

gitea-mirror commented

2026-05-05 09:43:57 -06:00

Author

Owner

@hotcapy commented on GitHub (Apr 5, 2023):

I have a few suggestions, but overall it looks good.

Thank you for providing detailed instructions, without them I couldn't done it.
All this is new to me, so reading the article you shared was very interesting and helpful!

@hotcapy commented on GitHub (Apr 5, 2023): > I have a few suggestions, but overall it looks good. Thank you for providing detailed instructions, without them I couldn't done it. All this is new to me, so reading the article you shared was very interesting and helpful!

gitea-mirror commented

2026-05-05 09:43:58 -06:00

Author

Owner

@kmk3 commented on GitHub (Apr 6, 2023):

@hotcapy on Apr 5:

I have a few suggestions, but overall it looks good.

Thank you for providing detailed instructions, without them I couldn't done
it. All this is new to me, so reading the article you shared was very
interesting and helpful!

Happy to hear that!

@kmk3 commented on GitHub (Apr 6, 2023): @hotcapy [on Apr 5](https://github.com/netblue30/firejail/issues/5773#issuecomment-1498065609): > > I have a few suggestions, but overall it looks good. > > Thank you for providing detailed instructions, without them I couldn't done > it. All this is new to me, so reading the article you shared was very > interesting and helpful! Happy to hear that!

gitea-mirror referenced this issue

2026-05-05 10:23:50 -06:00

[PR #3088] [MERGED] Add brave redirect profiles #4638

gitea-mirror referenced this issue

2026-05-05 10:23:56 -06:00

[PR #3098] [CLOSED] profiles: firecfg: disable CLI archivers #4642