github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #5809] claws-mail: bogofilter fails to create wordlist.db #3098

New issue

Closed

opened 2026-05-05 09:44:11 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:44:11 -06:00

Owner

Originally created by @marek22k on GitHub (Apr 28, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5809

Description

Describe the bug

The wirdlist.db seems to be a SQLite database which is used by Bogofilter. When I run Claws-Mail without firejail and select an email, the file is created. However, when I run Claws-Mail with firejail, no file is created there.

Steps to reproduce the behavior

Install claws-mail from debian backports with bogofilter plugin
Mark some e-mail as ham
Look at the folder ~/.bogofilter/

Expected behavior

A wordlist.db with content

Actual behavior

No wordlist.db

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

A wordlist.db exist:

$file wordlist.db 
wordlist.db: SQLite 3.x database, last written using SQLite version 3034001

Additional context

Any other detail that may help to understand/debug the problem

Environment

Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")
Parrot OS (Debian-based)
Firejail version (firejail --version).

$firejail --version
firejail version 0.9.72

Compile time support:
	- always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file transfer support is enabled
	- firetunnel support is disabled
	- IDS support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

If you use a development version of firejail, also the commit from which it
was compiled (git rev-parse HEAD).

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).

Log

Output of LC_ALL=C firejail /path/to/program

$LC_ALL=C firejail claws-mail 
Reading profile /etc/firejail/claws-mail.profile
Reading profile /etc/firejail/claws-mail.local
Reading profile /etc/firejail/allow-ruby.inc
Reading profile /etc/firejail/email-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Ignoring "dbus-user.talk ca.desrt.dconf" and 5 other dbus-user filter rules.
Parent pid 8358, child pid 8359
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping crypto-policies for private /etc
Warning: skipping gcrypt for private /etc
Warning: skipping gnupg for private /etc
Warning: skipping groups for private /etc
Warning: skipping hosts.conf for private /etc
Warning: skipping pki for private /etc
Private /etc installed in 58.13 ms
Private /usr/etc installed in 0.00 ms
Child process initialized in 296.61 ms
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Warning: an existing sandbox was detected. /usr/bin/claws-mail will run without any additional sandboxing features

(claws-mail:28): dbind-WARNING **: 23:37:52.839: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory

** (claws-mail:28): WARNING **: 23:37:54.841: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error


** (claws-mail:28): WARNING **: 23:37:54.842: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error


** (claws-mail:28): WARNING **: 23:37:54.842: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error


** (claws-mail:28): WARNING **: 23:37:54.842: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error

^C
Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /path/to/program

https://paste.i2pd.xyz/?419441a50f176960#HpvQxz8sbLuNLzwgUMXnZpy1KWDqFw51YSBcPB4Dm15G

Originally created by @marek22k on GitHub (Apr 28, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5809  ### Description _Describe the bug_ The wirdlist.db seems to be a SQLite database which is used by Bogofilter. When I run Claws-Mail without firejail and select an email, the file is created. However, when I run Claws-Mail with firejail, no file is created there. _Steps to reproduce the behavior_ 1. Install claws-mail from debian backports with bogofilter plugin 2. Mark some e-mail as ham 3. Look at the folder `~/.bogofilter/` ### Expected behavior A wordlist.db with content ### Actual behavior No wordlist.db ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ A wordlist.db exist: ``` $file wordlist.db wordlist.db: SQLite 3.x database, last written using SQLite version 3034001 ``` ### Additional context _Any other detail that may help to understand/debug the problem_ ### Environment - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") Parrot OS (Debian-based) - Firejail version (`firejail --version`). ``` $firejail --version firejail version 0.9.72 Compile time support: - always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - firetunnel support is disabled - IDS support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`). ### Checklist  - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` $LC_ALL=C firejail claws-mail Reading profile /etc/firejail/claws-mail.profile Reading profile /etc/firejail/claws-mail.local Reading profile /etc/firejail/allow-ruby.inc Reading profile /etc/firejail/email-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Ignoring "dbus-user.talk ca.desrt.dconf" and 5 other dbus-user filter rules. Parent pid 8358, child pid 8359 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping crypto-policies for private /etc Warning: skipping gcrypt for private /etc Warning: skipping gnupg for private /etc Warning: skipping groups for private /etc Warning: skipping hosts.conf for private /etc Warning: skipping pki for private /etc Private /etc installed in 58.13 ms Private /usr/etc installed in 0.00 ms Child process initialized in 296.61 ms Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Warning: an existing sandbox was detected. /usr/bin/claws-mail will run without any additional sandboxing features (claws-mail:28): dbind-WARNING **: 23:37:52.839: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory ** (claws-mail:28): WARNING **: 23:37:54.841: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error ** (claws-mail:28): WARNING **: 23:37:54.842: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error ** (claws-mail:28): WARNING **: 23:37:54.842: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error ** (claws-mail:28): WARNING **: 23:37:54.842: [2023-04-28 23:37:54] IMAP error on mxe87b.netcup.net: LOGIN error ^C Parent received signal 2, shutting down the child process... Child received signal 2, shutting down the sandbox... Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p>  https://paste.i2pd.xyz/?419441a50f176960#HpvQxz8sbLuNLzwgUMXnZpy1KWDqFw51YSBcPB4Dm15G </p> </details>

gitea-mirror closed this issue

2026-05-05 09:44:12 -06:00

gitea-mirror commented

2026-05-05 09:44:13 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 29, 2023):

Looks like we should add whitelist ${HOME}/.bogofilter.

@rusty-snake commented on GitHub (Apr 29, 2023): Looks like we should add `whitelist ${HOME}/.bogofilter`.

gitea-mirror commented

2026-05-05 09:44:14 -06:00

Author

Owner

@ghost commented on GitHub (Apr 29, 2023):

Bogofilter is packaged differently on Debian(-based) distributions apparently. On Arch Linux it depends on Perl, has scripts in /usr/share/bogofilter and uses /etc/bogofilter/bogofilter.cf for configuration. Debian uses /etc/bogofilter.cf as far as I could determine.

@marek22k Can you test with the below please?

$ cat ~/.config/firejail/email-common.local
## bogofilter support
# Allow perl (blacklisted by disable-interpreters.inc)
include allow-perl.inc
whitelist ${HOME}/.bogofilter
whitelist /usr/share/bogofilter
private-etc bogofilter,bogofilter.cf

@ghost commented on GitHub (Apr 29, 2023): Bogofilter is packaged differently on Debian(-based) distributions apparently. On [Arch Linux](https://archlinux.org/packages/extra/x86_64/bogofilter/) it depends on Perl, has scripts in /usr/share/bogofilter and uses /etc/bogofilter/bogofilter.cf for configuration. [Debian](https://packages.debian.org/buster-backports/amd64/bogofilter-common/filelist) uses /etc/bogofilter.cf as far as I could determine. @marek22k Can you test with the below please? ```shell $ cat ~/.config/firejail/email-common.local ## bogofilter support # Allow perl (blacklisted by disable-interpreters.inc) include allow-perl.inc whitelist ${HOME}/.bogofilter whitelist /usr/share/bogofilter private-etc bogofilter,bogofilter.cf ```

gitea-mirror commented

2026-05-05 09:44:15 -06:00

Author

Owner

@marek22k commented on GitHub (Apr 29, 2023):

That works!

@marek22k commented on GitHub (Apr 29, 2023): That works!

gitea-mirror commented

2026-05-05 09:44:15 -06:00

Author

Owner

@ghost commented on GitHub (Apr 29, 2023):

That works!

Thanks for confirming. I've opened #5810, so when that gets merged a future release will have it by default. Once that firejail release hits your OS you can remove the above from your email-common.local. Thanks for reporting!

@ghost commented on GitHub (Apr 29, 2023): > That works! Thanks for confirming. I've opened #5810, so when that gets merged a future release will have it by default. Once that firejail release hits your OS you can remove the above from your email-common.local. Thanks for reporting!

gitea-mirror referenced this issue

2026-05-05 10:23:56 -06:00

[PR #3098] [CLOSED] profiles: firecfg: disable CLI archivers #4642

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3098

No description provided.

Rows
Columns