github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #5869] google-chrome: blacklisted paths are accessible (dbus) #3114

New issue
Closed
opened 2026-05-05 09:45:06 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 09:45:06 -06:00
Owner
Copy link

Originally created by @wonbug on GitHub (Jun 26, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5869

Description

Chrome (version 114.0.5735.133) - installed via dpkg using the package provided by Google, running on Ubuntu 22.04.2 LTS and using firejail built from master (version 0.9.73) - is not sandboxed to only access ~/Downloads and can read the entire volume content.

Steps to Reproduce

Launch Chrome and open the file selector dialog.

Expected behavior

Google Chrome can only read/write ~/Downloads (and any other directories necessary for runtime)

Actual behavior

Google Chrome can see all files.

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

Nothing, except less stderr

LC_ALL=C firejail --noprofile /opt/google/chrome/google-chrome
firejail version 0.9.73

Parent pid 16197, child pid 16198
Child process initialized in 12.29 ms
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)

Parent is shutting down, bye...

Additional context

Any other detail that may help to understand/debug the problem

Environment

  • Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")
    Ubuntu 22.04.2 LTS
  • Firejail version (firejail --version).
    firejail version 0.9.73
  • If you use a development version of firejail, also the commit from which it
    was compiled (git rev-parse HEAD).
    8ccff4af04

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program 

LC_ALL=C firejail /opt/google/chrome/google-chrome                                                                                            [392/415]
Reading profile /usr/local/etc/firejail/google-chrome.profile
Reading profile /usr/local/etc/firejail/chromium-common.profile
Reading profile /usr/local/etc/firejail/whitelist-run-common.inc
Reading profile /usr/local/etc/firejail/blink-common.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-exec.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/disable-xdg.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc
Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
firejail version 0.9.73

Parent pid 11390, child pid 11391
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Child process initialized in 154.86 ms
[1:1:0626/124729.117367:ERROR:content_main_runner_impl.cc(426)] Unable to load CDM /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object)
[21:21:0626/124729.117367:ERROR:content_main_runner_impl.cc(426)] Unable to load CDM /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object)
[6:33:0626/124729.282411:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:39:0626/124729.918435:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:39:0626/124729.918554:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)

(google-chrome:6): dbind-WARNING **: 12:47:30.112: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such fil e or directory
[6:259:0626/124730.267698:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:259:0626/124730.267714:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:259:0626/124730.267733:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:259:0626/124730.267741:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:259:0626/124730.267770:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied

Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /path/to/program 

Reading profile /usr/local/etc/firejail/google-chrome.profile
Building quoted command line: '/opt/google/chrome/google-chrome' 
Command name #google-chrome#
Found google-chrome.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/chromium-common.profile
Found chromium-common.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-run-common.inc
Found whitelist-run-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/blink-common.profile
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Found blink-common.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-common.inc
Found disable-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-exec.inc
Found disable-exec.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /usr/local/etc/firejail directory
Reading profile /home/wonbug/.config/firejail/disable-programs.local
Found disable-programs.local profile in /home/wonbug/.config/firejail directory
Reading profile /usr/local/etc/firejail/disable-xdg.inc
Found disable-xdg.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Found whitelist-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc
Found whitelist-runuser-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc
Found whitelist-usr-share-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /usr/local/etc/firejail directory
DISPLAY=:0 parsed as 0
Parent pid 20282, child pid 20283
firejail version 0.9.73

Using the local network stack
nogroups command not ignored
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
firejail version 0.9.73

Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/home/wonbug/.cache/ibus/dbus-ApTmjHKt,guid=6032181e97e56011101d8adf6499c1d3
IBUS_DAEMON_PID=5666
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1761 1708 0:28 /etc /etc ro,relatime master:1 - zfs rpool/ROOT/ubuntu_2k41f0 rw,xattr,posixacl
mountid=1761 fsname=/etc dir=/etc fstype=zfs
Mounting noexec /etc
1762 1761 0:28 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/ubuntu_2k41f0 rw,xattr,posixacl
mountid=1762 fsname=/etc dir=/etc fstype=zfs
Mounting read-only /var
1774 1763 0:48 / /var/spool rw,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl
mountid=1774 fsname=/ dir=/var/spool fstype=zfs
Mounting read-only /var/lib
1779 1775 0:53 / /var/lib/dpkg rw,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl
mountid=1779 fsname=/ dir=/var/lib/dpkg fstype=zfs
Mounting read-only /var/lib/AccountsService
1780 1776 0:50 / /var/lib/AccountsService ro,relatime master:69 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/AccountsService rw,xattr,posixacl
mountid=1780 fsname=/ dir=/var/lib/AccountsService fstype=zfs
Mounting read-only /var/lib/NetworkManager
1781 1777 0:51 / /var/lib/NetworkManager ro,relatime master:71 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/NetworkManager rw,xattr,posixacl
mountid=1781 fsname=/ dir=/var/lib/NetworkManager fstype=zfs
Mounting read-only /var/lib/apt
1782 1778 0:52 / /var/lib/apt ro,relatime master:73 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/apt rw,xattr,posixacl
mountid=1782 fsname=/ dir=/var/lib/apt fstype=zfs
Mounting read-only /var/lib/dpkg
1783 1779 0:53 / /var/lib/dpkg ro,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl
mountid=1783 fsname=/ dir=/var/lib/dpkg fstype=zfs
Mounting read-only /var/log
1784 1769 0:45 / /var/log ro,relatime master:57 - zfs rpool/ROOT/ubuntu_2k41f0/var/log rw,xattr,posixacl
mountid=1784 fsname=/ dir=/var/log fstype=zfs
Mounting read-only /var/games
1785 1770 0:44 / /var/games ro,relatime master:59 - zfs rpool/ROOT/ubuntu_2k41f0/var/games rw,xattr,posixacl
mountid=1785 fsname=/ dir=/var/games fstype=zfs
Mounting read-only /var/mail
1786 1771 0:46 / /var/mail ro,relatime master:61 - zfs rpool/ROOT/ubuntu_2k41f0/var/mail rw,xattr,posixacl
mountid=1786 fsname=/ dir=/var/mail fstype=zfs
Mounting read-only /var/snap
1787 1772 0:47 / /var/snap ro,relatime master:63 - zfs rpool/ROOT/ubuntu_2k41f0/var/snap rw,xattr,posixacl
mountid=1787 fsname=/ dir=/var/snap fstype=zfs
Mounting read-only /var/www
1788 1773 0:49 / /var/www ro,relatime master:65 - zfs rpool/ROOT/ubuntu_2k41f0/var/www rw,xattr,posixacl
mountid=1788 fsname=/ dir=/var/www fstype=zfs
Mounting read-only /var/spool
1789 1774 0:48 / /var/spool ro,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl
mountid=1789 fsname=/ dir=/var/spool fstype=zfs
Mounting noexec /var
1885 1884 0:48 / /var/spool ro,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl
mountid=1885 fsname=/ dir=/var/spool fstype=zfs
Mounting noexec /var/lib
1894 1893 0:53 / /var/lib/dpkg ro,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl
mountid=1894 fsname=/ dir=/var/lib/dpkg fstype=zfs
Mounting noexec /var/lib/AccountsService
1895 1888 0:50 / /var/lib/AccountsService ro,nosuid,nodev,noexec,relatime master:69 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/AccountsService rw,xattr,posixacl
mountid=1895 fsname=/ dir=/var/lib/AccountsService fstype=zfs
Mounting noexec /var/lib/NetworkManager
1896 1890 0:51 / /var/lib/NetworkManager ro,nosuid,nodev,noexec,relatime master:71 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/NetworkManager rw,xattr,posixacl
mountid=1896 fsname=/ dir=/var/lib/NetworkManager fstype=zfs
Mounting noexec /var/lib/apt
1897 1892 0:52 / /var/lib/apt ro,nosuid,nodev,noexec,relatime master:73 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/apt rw,xattr,posixacl
mountid=1897 fsname=/ dir=/var/lib/apt fstype=zfs
Mounting noexec /var/lib/dpkg
1898 1894 0:53 / /var/lib/dpkg ro,nosuid,nodev,noexec,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl
mountid=1898 fsname=/ dir=/var/lib/dpkg fstype=zfs
Mounting noexec /var/log
1899 1806 0:45 / /var/log ro,nosuid,nodev,noexec,relatime master:57 - zfs rpool/ROOT/ubuntu_2k41f0/var/log rw,xattr,posixacl
mountid=1899 fsname=/ dir=/var/log fstype=zfs
Mounting noexec /var/games
1900 1808 0:44 / /var/games ro,nosuid,nodev,noexec,relatime master:59 - zfs rpool/ROOT/ubuntu_2k41f0/var/games rw,xattr,posixacl
mountid=1900 fsname=/ dir=/var/games fstype=zfs
Mounting noexec /var/mail
1901 1851 0:46 / /var/mail ro,nosuid,nodev,noexec,relatime master:61 - zfs rpool/ROOT/ubuntu_2k41f0/var/mail rw,xattr,posixacl
mountid=1901 fsname=/ dir=/var/mail fstype=zfs
Mounting noexec /var/snap
1902 1881 0:47 / /var/snap ro,nosuid,nodev,noexec,relatime master:63 - zfs rpool/ROOT/ubuntu_2k41f0/var/snap rw,xattr,posixacl
mountid=1902 fsname=/ dir=/var/snap fstype=zfs
Mounting noexec /var/www
1903 1883 0:49 / /var/www ro,nosuid,nodev,noexec,relatime master:65 - zfs rpool/ROOT/ubuntu_2k41f0/var/www rw,xattr,posixacl
mountid=1903 fsname=/ dir=/var/www fstype=zfs
Mounting noexec /var/spool
1904 1885 0:48 / /var/spool ro,nosuid,nodev,noexec,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl
mountid=1904 fsname=/ dir=/var/spool fstype=zfs
Mounting read-only /usr
1906 1905 0:42 / /usr/local rw,relatime master:55 - zfs rpool/ROOT/ubuntu_2k41f0/usr/local rw,xattr,posixacl
mountid=1906 fsname=/ dir=/usr/local fstype=zfs
Mounting read-only /usr/local
1907 1906 0:42 / /usr/local ro,relatime master:55 - zfs rpool/ROOT/ubuntu_2k41f0/usr/local rw,xattr,posixacl
mountid=1907 fsname=/ dir=/usr/local fstype=zfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/wonbug/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Creating a new /etc/hostname file
Creating empty /run/firejail/mnt/hostname file
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 588: whitelist ${HOME}/.cache/google-chrome
Debug 609: expanded: /home/wonbug/.cache/google-chrome
Debug 620: new_name: /home/wonbug/.cache/google-chrome
Debug 630: dir: /home/wonbug
Adding whitelist top level directory /home/wonbug
Debug 588: whitelist ${HOME}/.config/google-chrome
Debug 609: expanded: /home/wonbug/.config/google-chrome
Debug 620: new_name: /home/wonbug/.config/google-chrome
Debug 630: dir: /home/wonbug
Debug 588: whitelist ${HOME}/.config/chrome-flags.conf
Debug 609: expanded: /home/wonbug/.config/chrome-flags.conf
Debug 620: new_name: /home/wonbug/.config/chrome-flags.conf
Debug 630: dir: /home/wonbug
Removed path: whitelist ${HOME}/.config/chrome-flags.conf
	new_name: /home/wonbug/.config/chrome-flags.conf
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${HOME}/.config/chrome-flags.config
Debug 609: expanded: /home/wonbug/.config/chrome-flags.config
Debug 620: new_name: /home/wonbug/.config/chrome-flags.config
Debug 630: dir: /home/wonbug
Removed path: whitelist ${HOME}/.config/chrome-flags.config
	new_name: /home/wonbug/.config/chrome-flags.config
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${HOME}/.local/share/pki
Debug 609: expanded: /home/wonbug/.local/share/pki
Debug 620: new_name: /home/wonbug/.local/share/pki
Debug 630: dir: /home/wonbug
Debug 588: whitelist ${HOME}/.pki
Debug 609: expanded: /home/wonbug/.pki
Debug 620: new_name: /home/wonbug/.pki
Debug 630: dir: /home/wonbug
Debug 588: whitelist /usr/share/mozilla/extensions
Debug 609: expanded: /usr/share/mozilla/extensions
Debug 620: new_name: /usr/share/mozilla/extensions
Debug 630: dir: /usr/share
Adding whitelist top level directory /usr/share
Debug 588: whitelist /usr/share/webext
Debug 609: expanded: /usr/share/webext
Debug 620: new_name: /usr/share/webext
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/webext
	new_name: /usr/share/webext
	realpath: (null)
	No such file or directory
Debug 588: whitelist /run/NetworkManager/resolv.conf
Debug 609: expanded: /run/NetworkManager/resolv.conf
Debug 620: new_name: /run/NetworkManager/resolv.conf
Debug 630: dir: /run
Adding whitelist top level directory /run
Debug 588: whitelist /run/avahi-daemon/socket
Debug 609: expanded: /run/avahi-daemon/socket
Debug 620: new_name: /run/avahi-daemon/socket

... cut due to length

Originally created by @wonbug on GitHub (Jun 26, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5869 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Chrome (version 114.0.5735.133) - installed via dpkg using the package provided by Google, running on Ubuntu 22.04.2 LTS and using firejail built from `master` (version 0.9.73) - is not sandboxed to only access ~/Downloads and can read the entire volume content. ### Steps to Reproduce Launch Chrome and open the file selector dialog. ### Expected behavior Google Chrome can only read/write ~/Downloads (and any other directories necessary for runtime) ### Actual behavior Google Chrome can see all files. ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ Nothing, except less stderr ``` LC_ALL=C firejail --noprofile /opt/google/chrome/google-chrome firejail version 0.9.73 Parent pid 16197, child pid 16198 Child process initialized in 12.29 ms libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null) Parent is shutting down, bye... ``` ### Additional context _Any other detail that may help to understand/debug the problem_ ### Environment - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") Ubuntu 22.04.2 LTS - Firejail version (`firejail --version`). firejail version 0.9.73 - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`). 8ccff4af042031dd0511fceaf42a2585b31c2d9b ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [X] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [X] I can reproduce the issue without custom modifications (e.g. globals.local). - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [X] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - [X] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` LC_ALL=C firejail /opt/google/chrome/google-chrome [392/415] Reading profile /usr/local/etc/firejail/google-chrome.profile Reading profile /usr/local/etc/firejail/chromium-common.profile Reading profile /usr/local/etc/firejail/whitelist-run-common.inc Reading profile /usr/local/etc/firejail/blink-common.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-exec.inc Reading profile /usr/local/etc/firejail/disable-interpreters.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/disable-xdg.inc Reading profile /usr/local/etc/firejail/whitelist-common.inc Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc Reading profile /usr/local/etc/firejail/whitelist-var-common.inc firejail version 0.9.73 Parent pid 11390, child pid 11391 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Child process initialized in 154.86 ms [1:1:0626/124729.117367:ERROR:content_main_runner_impl.cc(426)] Unable to load CDM /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object) [21:21:0626/124729.117367:ERROR:content_main_runner_impl.cc(426)] Unable to load CDM /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/wonbug/.config/google-chrome/WidevineCdm/4.10.2652.1/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object) [6:33:0626/124729.282411:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:39:0626/124729.918435:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:39:0626/124729.918554:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null) (google-chrome:6): dbind-WARNING **: 12:47:30.112: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such fil e or directory [6:259:0626/124730.267698:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:259:0626/124730.267714:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:259:0626/124730.267733:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:259:0626/124730.267741:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:259:0626/124730.267770:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> <!-- If the output is too long to embed it into the comment, create a secret gist at https://gist.github.com/ and link it here. --> ``` Reading profile /usr/local/etc/firejail/google-chrome.profile Building quoted command line: '/opt/google/chrome/google-chrome' Command name #google-chrome# Found google-chrome.profile profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/chromium-common.profile Found chromium-common.profile profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-run-common.inc Found whitelist-run-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/blink-common.profile conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Found blink-common.profile profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-common.inc Found disable-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-devel.inc Found disable-devel.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-exec.inc Found disable-exec.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-interpreters.inc Found disable-interpreters.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-programs.inc Found disable-programs.inc profile in /usr/local/etc/firejail directory Reading profile /home/wonbug/.config/firejail/disable-programs.local Found disable-programs.local profile in /home/wonbug/.config/firejail directory Reading profile /usr/local/etc/firejail/disable-xdg.inc Found disable-xdg.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-common.inc Found whitelist-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc Found whitelist-runuser-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc Found whitelist-usr-share-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-var-common.inc Found whitelist-var-common.inc profile in /usr/local/etc/firejail directory DISPLAY=:0 parsed as 0 Parent pid 20282, child pid 20283 firejail version 0.9.73 Using the local network stack nogroups command not ignored Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. firejail version 0.9.73 Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/home/wonbug/.cache/ibus/dbus-ApTmjHKt,guid=6032181e97e56011101d8adf6499c1d3 IBUS_DAEMON_PID=5666 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1761 1708 0:28 /etc /etc ro,relatime master:1 - zfs rpool/ROOT/ubuntu_2k41f0 rw,xattr,posixacl mountid=1761 fsname=/etc dir=/etc fstype=zfs Mounting noexec /etc 1762 1761 0:28 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/ubuntu_2k41f0 rw,xattr,posixacl mountid=1762 fsname=/etc dir=/etc fstype=zfs Mounting read-only /var 1774 1763 0:48 / /var/spool rw,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl mountid=1774 fsname=/ dir=/var/spool fstype=zfs Mounting read-only /var/lib 1779 1775 0:53 / /var/lib/dpkg rw,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl mountid=1779 fsname=/ dir=/var/lib/dpkg fstype=zfs Mounting read-only /var/lib/AccountsService 1780 1776 0:50 / /var/lib/AccountsService ro,relatime master:69 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/AccountsService rw,xattr,posixacl mountid=1780 fsname=/ dir=/var/lib/AccountsService fstype=zfs Mounting read-only /var/lib/NetworkManager 1781 1777 0:51 / /var/lib/NetworkManager ro,relatime master:71 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/NetworkManager rw,xattr,posixacl mountid=1781 fsname=/ dir=/var/lib/NetworkManager fstype=zfs Mounting read-only /var/lib/apt 1782 1778 0:52 / /var/lib/apt ro,relatime master:73 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/apt rw,xattr,posixacl mountid=1782 fsname=/ dir=/var/lib/apt fstype=zfs Mounting read-only /var/lib/dpkg 1783 1779 0:53 / /var/lib/dpkg ro,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl mountid=1783 fsname=/ dir=/var/lib/dpkg fstype=zfs Mounting read-only /var/log 1784 1769 0:45 / /var/log ro,relatime master:57 - zfs rpool/ROOT/ubuntu_2k41f0/var/log rw,xattr,posixacl mountid=1784 fsname=/ dir=/var/log fstype=zfs Mounting read-only /var/games 1785 1770 0:44 / /var/games ro,relatime master:59 - zfs rpool/ROOT/ubuntu_2k41f0/var/games rw,xattr,posixacl mountid=1785 fsname=/ dir=/var/games fstype=zfs Mounting read-only /var/mail 1786 1771 0:46 / /var/mail ro,relatime master:61 - zfs rpool/ROOT/ubuntu_2k41f0/var/mail rw,xattr,posixacl mountid=1786 fsname=/ dir=/var/mail fstype=zfs Mounting read-only /var/snap 1787 1772 0:47 / /var/snap ro,relatime master:63 - zfs rpool/ROOT/ubuntu_2k41f0/var/snap rw,xattr,posixacl mountid=1787 fsname=/ dir=/var/snap fstype=zfs Mounting read-only /var/www 1788 1773 0:49 / /var/www ro,relatime master:65 - zfs rpool/ROOT/ubuntu_2k41f0/var/www rw,xattr,posixacl mountid=1788 fsname=/ dir=/var/www fstype=zfs Mounting read-only /var/spool 1789 1774 0:48 / /var/spool ro,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl mountid=1789 fsname=/ dir=/var/spool fstype=zfs Mounting noexec /var 1885 1884 0:48 / /var/spool ro,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl mountid=1885 fsname=/ dir=/var/spool fstype=zfs Mounting noexec /var/lib 1894 1893 0:53 / /var/lib/dpkg ro,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl mountid=1894 fsname=/ dir=/var/lib/dpkg fstype=zfs Mounting noexec /var/lib/AccountsService 1895 1888 0:50 / /var/lib/AccountsService ro,nosuid,nodev,noexec,relatime master:69 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/AccountsService rw,xattr,posixacl mountid=1895 fsname=/ dir=/var/lib/AccountsService fstype=zfs Mounting noexec /var/lib/NetworkManager 1896 1890 0:51 / /var/lib/NetworkManager ro,nosuid,nodev,noexec,relatime master:71 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/NetworkManager rw,xattr,posixacl mountid=1896 fsname=/ dir=/var/lib/NetworkManager fstype=zfs Mounting noexec /var/lib/apt 1897 1892 0:52 / /var/lib/apt ro,nosuid,nodev,noexec,relatime master:73 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/apt rw,xattr,posixacl mountid=1897 fsname=/ dir=/var/lib/apt fstype=zfs Mounting noexec /var/lib/dpkg 1898 1894 0:53 / /var/lib/dpkg ro,nosuid,nodev,noexec,relatime master:75 - zfs rpool/ROOT/ubuntu_2k41f0/var/lib/dpkg rw,xattr,posixacl mountid=1898 fsname=/ dir=/var/lib/dpkg fstype=zfs Mounting noexec /var/log 1899 1806 0:45 / /var/log ro,nosuid,nodev,noexec,relatime master:57 - zfs rpool/ROOT/ubuntu_2k41f0/var/log rw,xattr,posixacl mountid=1899 fsname=/ dir=/var/log fstype=zfs Mounting noexec /var/games 1900 1808 0:44 / /var/games ro,nosuid,nodev,noexec,relatime master:59 - zfs rpool/ROOT/ubuntu_2k41f0/var/games rw,xattr,posixacl mountid=1900 fsname=/ dir=/var/games fstype=zfs Mounting noexec /var/mail 1901 1851 0:46 / /var/mail ro,nosuid,nodev,noexec,relatime master:61 - zfs rpool/ROOT/ubuntu_2k41f0/var/mail rw,xattr,posixacl mountid=1901 fsname=/ dir=/var/mail fstype=zfs Mounting noexec /var/snap 1902 1881 0:47 / /var/snap ro,nosuid,nodev,noexec,relatime master:63 - zfs rpool/ROOT/ubuntu_2k41f0/var/snap rw,xattr,posixacl mountid=1902 fsname=/ dir=/var/snap fstype=zfs Mounting noexec /var/www 1903 1883 0:49 / /var/www ro,nosuid,nodev,noexec,relatime master:65 - zfs rpool/ROOT/ubuntu_2k41f0/var/www rw,xattr,posixacl mountid=1903 fsname=/ dir=/var/www fstype=zfs Mounting noexec /var/spool 1904 1885 0:48 / /var/spool ro,nosuid,nodev,noexec,relatime master:67 - zfs rpool/ROOT/ubuntu_2k41f0/var/spool rw,xattr,posixacl mountid=1904 fsname=/ dir=/var/spool fstype=zfs Mounting read-only /usr 1906 1905 0:42 / /usr/local rw,relatime master:55 - zfs rpool/ROOT/ubuntu_2k41f0/usr/local rw,xattr,posixacl mountid=1906 fsname=/ dir=/usr/local fstype=zfs Mounting read-only /usr/local 1907 1906 0:42 / /usr/local ro,relatime master:55 - zfs rpool/ROOT/ubuntu_2k41f0/usr/local rw,xattr,posixacl mountid=1907 fsname=/ dir=/usr/local fstype=zfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/wonbug/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Creating a new /etc/hostname file Creating empty /run/firejail/mnt/hostname file Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 588: whitelist ${HOME}/.cache/google-chrome Debug 609: expanded: /home/wonbug/.cache/google-chrome Debug 620: new_name: /home/wonbug/.cache/google-chrome Debug 630: dir: /home/wonbug Adding whitelist top level directory /home/wonbug Debug 588: whitelist ${HOME}/.config/google-chrome Debug 609: expanded: /home/wonbug/.config/google-chrome Debug 620: new_name: /home/wonbug/.config/google-chrome Debug 630: dir: /home/wonbug Debug 588: whitelist ${HOME}/.config/chrome-flags.conf Debug 609: expanded: /home/wonbug/.config/chrome-flags.conf Debug 620: new_name: /home/wonbug/.config/chrome-flags.conf Debug 630: dir: /home/wonbug Removed path: whitelist ${HOME}/.config/chrome-flags.conf new_name: /home/wonbug/.config/chrome-flags.conf realpath: (null) No such file or directory Debug 588: whitelist ${HOME}/.config/chrome-flags.config Debug 609: expanded: /home/wonbug/.config/chrome-flags.config Debug 620: new_name: /home/wonbug/.config/chrome-flags.config Debug 630: dir: /home/wonbug Removed path: whitelist ${HOME}/.config/chrome-flags.config new_name: /home/wonbug/.config/chrome-flags.config realpath: (null) No such file or directory Debug 588: whitelist ${HOME}/.local/share/pki Debug 609: expanded: /home/wonbug/.local/share/pki Debug 620: new_name: /home/wonbug/.local/share/pki Debug 630: dir: /home/wonbug Debug 588: whitelist ${HOME}/.pki Debug 609: expanded: /home/wonbug/.pki Debug 620: new_name: /home/wonbug/.pki Debug 630: dir: /home/wonbug Debug 588: whitelist /usr/share/mozilla/extensions Debug 609: expanded: /usr/share/mozilla/extensions Debug 620: new_name: /usr/share/mozilla/extensions Debug 630: dir: /usr/share Adding whitelist top level directory /usr/share Debug 588: whitelist /usr/share/webext Debug 609: expanded: /usr/share/webext Debug 620: new_name: /usr/share/webext Debug 630: dir: /usr/share Removed path: whitelist /usr/share/webext new_name: /usr/share/webext realpath: (null) No such file or directory Debug 588: whitelist /run/NetworkManager/resolv.conf Debug 609: expanded: /run/NetworkManager/resolv.conf Debug 620: new_name: /run/NetworkManager/resolv.conf Debug 630: dir: /run Adding whitelist top level directory /run Debug 588: whitelist /run/avahi-daemon/socket Debug 609: expanded: /run/avahi-daemon/socket Debug 620: new_name: /run/avahi-daemon/socket ``` ... cut due to length </p> </details>
gitea-mirror 2026-05-05 09:45:06 -06:00
  • closed this issue
  • added the
    notabug
         label
gitea-mirror commented 2026-05-05 09:45:08 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jun 27, 2023):

Launch Chrome and open the file selector dialog.

Google Chrome can see all files.

It likely uses dbus / xdg-desktop-portal.

Does it still happen with --dbus-user=none?

Example:

LC_ALL=C firejail --dbus-user=none /opt/google/chrome/google-chrome
<!-- gh-comment-id:1608790240 --> @kmk3 commented on GitHub (Jun 27, 2023): > Launch Chrome and open the file selector dialog. > Google Chrome can see all files. It likely uses dbus / xdg-desktop-portal. Does it still happen with `--dbus-user=none`? Example: ```sh LC_ALL=C firejail --dbus-user=none /opt/google/chrome/google-chrome ```
gitea-mirror commented 2026-05-05 09:45:09 -06:00
Author
Owner
Copy link

@wonbug commented on GitHub (Jun 27, 2023):

@kmk3 yes that appears to be it. With the dbus flag, Chrome cannot see other directories in HOME besides Downloads, thank you!

<!-- gh-comment-id:1609778361 --> @wonbug commented on GitHub (Jun 27, 2023): @kmk3 yes that appears to be it. With the dbus flag, Chrome cannot see other directories in HOME besides Downloads, thank you!
gitea-mirror commented 2026-05-05 09:45:10 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 27, 2023):

Chrome cannot see other directories in HOME besides Downloads

To nitpick on the formulations for a correct FTR.

  • Of course it can see stuff like ~/.config/chrome.
  • It never could see other stuff like ~/Documents. Even without --dbus-user=none.
<!-- gh-comment-id:1609792329 --> @rusty-snake commented on GitHub (Jun 27, 2023): > Chrome cannot see other directories in HOME besides Downloads To nitpick on the formulations for a correct FTR. - Of course it can see stuff like `~/.config/chrome`. - It never could see other stuff like ~/Documents. Even without `--dbus-user=none`.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3114
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?