[GH-ISSUE #5879] How to whitelist (permit user) to a single directory? #3119

New issue

Closed

opened 2026-05-05 09:45:16 -06:00 by gitea-mirror · 17 comments

gitea-mirror commented 2026-05-05 09:45:16 -06:00

Owner

Copy link

Originally created by @danielkrajnik on GitHub (Jul 3, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5879

Whitelisting a single directory causes other directories to be blacklisted. Is there a method that simply whitelists a directory/file without any side effects?

Sorry if this has been asked before, but I couldn't find any answer to that (not sure how would you find it). I realize that there is a template for this type of issues, but it's a really simple question and I would be really grateful for your help.

Originally created by @danielkrajnik on GitHub (Jul 3, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5879 Whitelisting a single directory causes other directories to be blacklisted. Is there a method that simply whitelists a directory/file without any side effects? Sorry if this has been asked before, but I couldn't find any answer to that (not sure how would you find it). I realize that there is a template for this type of issues, but it's a really simple question and I would be really grateful for your help.

gitea-mirror 2026-05-05 09:45:16 -06:00

• closed this issue
• added the
  question
  label

gitea-mirror commented 2026-05-05 09:45:20 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 3, 2023):

Whitelisting a single directory causes other directories to be blacklisted. Is there a method that simply whitelists a directory/file without any side effects?

If you're asking if there is a kind of whitelisting without blacklisting other directories the answer is no. That's what whitelisting is all about. Perhaps we can offer more help if you provide an example of what you're trying to achieve exactly.

<!-- gh-comment-id:1619165380 --> @ghost commented on GitHub (Jul 3, 2023): > Whitelisting a single directory causes other directories to be blacklisted. Is there a method that simply whitelists a directory/file without any side effects? If you're asking if there is a kind of whitelisting without blacklisting other directories the answer is no. That's what whitelisting is all about. Perhaps we can offer more help if you provide an example of what you're trying to achieve exactly.

gitea-mirror commented 2026-05-05 09:45:20 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 3, 2023):

thunderbird requires access to a directory that stores an .ics file (a calendar). This directory is a symlink in home (~/notes) to a folder in /mnt (/mnt/notes), which user normally has permissions to access. However, when default firejail thunderbird.profile is applied it doesn't see this directory.

I've added thunderbird.local to .config/firejail:

noblacklist ~/notes
whitelist ~/notes

noblacklist /mnt/notes
# whitelist /mnt/notes

however this doesn't work - you can see notes folder from thunderbird, but access is denied.

If you uncomment the whitelist /mnt/notes line thunderbird doesn't start at all - I assume that's because whitelist implicitly blacklists everything else?

Is there another way to give access to that folder/file? A global override?

Thank you for not closing this issuing straight away by the way, I imagine that this same question must be asked all the time and it's probably answered somewhere in the documentation already.

<!-- gh-comment-id:1619182486 --> @danielkrajnik commented on GitHub (Jul 3, 2023): thunderbird requires access to a directory that stores an .ics file (a calendar). This directory is a symlink in home (`~/notes`) to a folder in /mnt (`/mnt/notes`), which user normally has permissions to access. However, when default firejail thunderbird.profile is applied it doesn't see this directory. I've added thunderbird.local to .config/firejail: ``` noblacklist ~/notes whitelist ~/notes noblacklist /mnt/notes # whitelist /mnt/notes ``` however this doesn't work - you can see notes folder from thunderbird, but access is denied. If you uncomment the `whitelist /mnt/notes` line thunderbird doesn't start at all - I assume that's because whitelist implicitly blacklists everything else? Is there another way to give access to that folder/file? A global override? Thank you for not closing this issuing straight away by the way, I imagine that this same question must be asked all the time and it's probably answered somewhere in the documentation already.

gitea-mirror commented 2026-05-05 09:45:21 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 3, 2023):

Thank you for not closing this issuing straight away by the way, I imagine that this same question must be asked all the time and it's probably answered somewhere in the documentation already.

No problem. This isn't all that straightforward if one isn't yet very familiar with the Firejail profiles and the rather large set of options. The reason why your whitelisting isn't working can be found if you follow the include logic. In this case our thunderbird.profile includes firefox-common.profile, which has the option disable-mnt:

33c75b8932/etc/profile-a-l/firefox-common.profile (L58)

So you need to ignore disable-mnt in your thunderbird.local and then whitelisting ${HOME}/notes and /mnt/notes should work. No need for any noblacklist. That option only makes sense to override a previously blacklisted path, which isn't done anywhere for ~/notes in any of our profiles.

<!-- gh-comment-id:1619207663 --> @ghost commented on GitHub (Jul 3, 2023): > Thank you for not closing this issuing straight away by the way, I imagine that this same question must be asked all the time and it's probably answered somewhere in the documentation already. No problem. This isn't all that straightforward if one isn't yet very familiar with the Firejail profiles and the rather large set of options. The reason why your whitelisting isn't working can be found if you follow the include logic. In this case our thunderbird.profile includes firefox-common.profile, which has the option `disable-mnt`: https://github.com/netblue30/firejail/blob/33c75b89328df03ef3245c7ec6f30759f9619223/etc/profile-a-l/firefox-common.profile#L58 So you need to `ignore disable-mnt` in your thunderbird.local and then whitelisting ${HOME}/notes and /mnt/notes should work. No need for any noblacklist. That option only makes sense to override a previously blacklisted path, which isn't done anywhere for ~/notes in any of our profiles.

gitea-mirror commented 2026-05-05 09:45:22 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 3, 2023):

Sorry, but this doesn't seem to work:

thunderbird.local:

ignore disable-mnt
whitelist ${HOME}/notes
whitelist /mnt/notes

$ thunderbird

Reading profile /etc/firejail/thunderbird.profile
Reading profile /home/user/.config/firejail/thunderbird.local
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-proc.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 1069955, child pid 1069974
Warning: NVIDIA card detected, nogroups command ignored
Warning: cleaning all supplementary groups
Warning: NVIDIA card detected, nogroups command ignored
Warning: cleaning all supplementary groups
Warning: NVIDIA card detected, nogroups command ignored
Warning: cleaning all supplementary groups
Error fstat: fs_whitelist.c:156 whitelist_file: Permission denied
Error: proc 1069955 cannot sync with peer: unexpected EOF
Peer 1069974 unexpectedly exited with status 1

The same happens even if you comment out whitelist ${HOME}/notes

<!-- gh-comment-id:1619220407 --> @danielkrajnik commented on GitHub (Jul 3, 2023): Sorry, but this doesn't seem to work: thunderbird.local: ``` ignore disable-mnt whitelist ${HOME}/notes whitelist /mnt/notes ``` $ thunderbird ```` Reading profile /etc/firejail/thunderbird.profile Reading profile /home/user/.config/firejail/thunderbird.local Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-proc.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 1069955, child pid 1069974 Warning: NVIDIA card detected, nogroups command ignored Warning: cleaning all supplementary groups Warning: NVIDIA card detected, nogroups command ignored Warning: cleaning all supplementary groups Warning: NVIDIA card detected, nogroups command ignored Warning: cleaning all supplementary groups Error fstat: fs_whitelist.c:156 whitelist_file: Permission denied Error: proc 1069955 cannot sync with peer: unexpected EOF Peer 1069974 unexpectedly exited with status 1 ```` The same happens even if you comment out `whitelist ${HOME}/notes `

gitea-mirror commented 2026-05-05 09:45:22 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 3, 2023):

This isn't all that straightforward if one isn't yet very familiar with the Firejail profiles

Would it be useful to add "global overrides" to firejail instead of looking for specific profiles that affect each directory? These problems often come up in the middle of your day when you're focused on something else than solving firejail sandbox, which forces you to remove firejail altogether, run application directly and add it to your later todo list, by the time it may be too late and your previous data may be gone.

Wouldn't it make sense to provide simpler overrides instead (e.g. permit /path/to/directory) ? This feels more like dealing with complexities of selinux labels.

<!-- gh-comment-id:1619224306 --> @danielkrajnik commented on GitHub (Jul 3, 2023): > This isn't all that straightforward if one isn't yet very familiar with the Firejail profiles Would it be useful to add "global overrides" to firejail instead of looking for specific profiles that affect each directory? These problems often come up in the middle of your day when you're focused on something else than solving firejail sandbox, which forces you to remove firejail altogether, run application directly and add it to your later todo list, by the time it may be too late and your previous data may be gone. Wouldn't it make sense to provide simpler overrides instead (e.g. `permit /path/to/directory`) ? This feels more like dealing with complexities of selinux labels.

gitea-mirror commented 2026-05-05 09:45:23 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 3, 2023):

This works for me with only whitelisting ~/notes. Who owns your ~/notes and what are the file permissions on /mnt/notes/foo.isc?

$ ls -l /mnt/notes
total 4
-rw-r--r-- 1 root root 4 Jul  4 01:07 test.txt

$ cat /mnt/notes/test.txt
zzz

$ firejail --quiet --ignore=disable-mnt --whitelist=~/notes --profile=thunderbird cat ~/notes/test.txt
zzz

<!-- gh-comment-id:1619263894 --> @ghost commented on GitHub (Jul 3, 2023): This works for me with only whitelisting ~/notes. Who owns your ~/notes and what are the file permissions on /mnt/notes/foo.isc? ```shell $ ls -l /mnt/notes total 4 -rw-r--r-- 1 root root 4 Jul 4 01:07 test.txt ``` ```shell $ cat /mnt/notes/test.txt zzz ``` ```shell $ firejail --quiet --ignore=disable-mnt --whitelist=~/notes --profile=thunderbird cat ~/notes/test.txt zzz ```

gitea-mirror commented 2026-05-05 09:45:25 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 3, 2023):

Hmm... that's strange.

$ /bin/ls -l /mnt/notes/org-agenda.ics
-rw------- 1 user user 4299 Jul  3 23:16 /mnt/notes/org-agenda.ics

$ firejail --quiet --ignore=disable-mnt --whitelist=~/notes --profile=thunderbird cat ~/notes/org-agenda.ics

Error fstat: fs_whitelist.c:156 whitelist_file: Permission denied
Error: proc 1316532 cannot sync with peer: unexpected EOF
Peer 1316549 unexpectedly exited with status 1

something strange is going on, I've had a vaguely similar error with user permissions 3 days ago when trying to set up librewolf profile in USERRUN directory. firejail may just not like mozilla products (that firefox) or is there any other setting that could affect the way permissions are read?

<!-- gh-comment-id:1619267360 --> @danielkrajnik commented on GitHub (Jul 3, 2023): Hmm... that's strange. ```` $ /bin/ls -l /mnt/notes/org-agenda.ics -rw------- 1 user user 4299 Jul 3 23:16 /mnt/notes/org-agenda.ics ```` ``` $ firejail --quiet --ignore=disable-mnt --whitelist=~/notes --profile=thunderbird cat ~/notes/org-agenda.ics Error fstat: fs_whitelist.c:156 whitelist_file: Permission denied Error: proc 1316532 cannot sync with peer: unexpected EOF Peer 1316549 unexpectedly exited with status 1 ```` something strange is going on, I've had a vaguely similar error with user permissions [3 days ago when trying to set up librewolf profile](https://github.com/netblue30/firejail/issues/4991#issuecomment-1614640283) in USERRUN directory. firejail may just not like mozilla products (that **fire**fox) or is there any other setting that could affect the way permissions are read?

gitea-mirror commented 2026-05-05 09:45:25 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jul 4, 2023):

Who owns the notes directory.

Does it work if you comment the whitelist if the symlink.

<!-- gh-comment-id:1620134695 --> @rusty-snake commented on GitHub (Jul 4, 2023): Who owns the notes directory. Does it work if you comment the whitelist if the symlink.

gitea-mirror commented 2026-05-05 09:45:26 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 4, 2023):

There's nothing in Firejail that dislikes Mozilla software AFAICT. Honestly, I think there's something off with your permissions that's causing this (and the referenced librewolf) issue. If you cannot fix this by using default dir/file permissions, you might want to write a small shell script that temporarily moves this org-agenda.ics out of /mnt/notes BEFORE starting thunderbird and copies it back afterwards. Placing it in either ${HOME}/.cache/thunderbird, ${HOME}/.thunderbird or ${DOWNLOADS} shouldn't need any additional options in a thunderbird.local as these paths are whitelisted in thunderbird.profile by default.

<!-- gh-comment-id:1620154990 --> @ghost commented on GitHub (Jul 4, 2023): There's nothing in Firejail that dislikes Mozilla software AFAICT. Honestly, I think there's something off with your permissions that's causing this (and the referenced librewolf) issue. If you cannot fix this by using default dir/file permissions, you might want to write a small shell script that temporarily moves this `org-agenda.ics` out of /mnt/notes BEFORE starting thunderbird and copies it back afterwards. Placing it in either ${HOME}/.cache/thunderbird, ${HOME}/.thunderbird or ${DOWNLOADS} shouldn't need any additional options in a thunderbird.local as these paths are whitelisted in thunderbird.profile by default.

gitea-mirror commented 2026-05-05 09:45:27 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 4, 2023):

@rusty-snake

Who owns the notes directory.

both directory and symlink are owned by the user

$ /bin/ls -ld /mnt/notes
drwx------ 1 user user 0 Jul  3 17:35 /mnt/notes 

$ /bin/ls -ld ~/notes
lrwxrwxrwx 1 user user 10 Jun 23 00:12 /home/user1/notes -> /mnt/notes

I've tried commenting out the symlink, but then thunderbird won't start. If you comment out both whitelists it starts but doesn't see that folder.

<!-- gh-comment-id:1620218363 --> @danielkrajnik commented on GitHub (Jul 4, 2023): @rusty-snake > Who owns the notes directory. both directory and symlink are owned by the user ``` $ /bin/ls -ld /mnt/notes drwx------ 1 user user 0 Jul 3 17:35 /mnt/notes $ /bin/ls -ld ~/notes lrwxrwxrwx 1 user user 10 Jun 23 00:12 /home/user1/notes -> /mnt/notes ``` I've tried commenting out the symlink, but then thunderbird won't start. If you comment out both whitelists it starts but doesn't see that folder.

gitea-mirror commented 2026-05-05 09:45:27 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 4, 2023):

There's nothing in Firejail that dislikes Mozilla software AFAICT

Sorry, that was just my poor attempt at humour (it just happened that both mozilla products failed around same time, but these are complex programs after all).

there's something off with your permissions

I think so too, it may just manifest itself later on as I keep messing with the system. If I ever find out, will report it back here.

<!-- gh-comment-id:1620230188 --> @danielkrajnik commented on GitHub (Jul 4, 2023): > There's nothing in Firejail that dislikes Mozilla software AFAICT Sorry, that was just my poor attempt at humour (it just happened that both mozilla products failed around same time, but these are complex programs after all). > there's something off with your permissions I think so too, it may just manifest itself later on as I keep messing with the system. If I ever find out, will report it back here.

gitea-mirror commented 2026-05-05 09:45:28 -06:00

Author

Owner

Copy link

@pedrib commented on GitHub (Jul 5, 2023):

Sorry guys don't want to hijack this thread, but I am running some experiments which are very similar to what @danielkrajnik is attempting to do.

1. I have disable-mnt in my globals
2. I want a jailed program to be able to access /mnt

Using --ignore=disable-mnt on the command line works... but adding ignore disable-mnt to the profile doesn't. Is this expected behaviour?

<!-- gh-comment-id:1621049198 --> @pedrib commented on GitHub (Jul 5, 2023): Sorry guys don't want to hijack this thread, but I am running some experiments which are very similar to what @danielkrajnik is attempting to do. 1. I have `disable-mnt` in my globals 2. I want a jailed program to be able to access `/mnt` Using `--ignore=disable-mnt` on the command line works... but adding `ignore disable-mnt` to the profile doesn't. Is this expected behaviour?

gitea-mirror commented 2026-05-05 09:45:28 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 5, 2023):

@pedrib

Using --ignore=disable-mnt on the command line works... but adding ignore disable-mnt to the profile doesn't. Is this expected behaviour?

No, expected behaviour is that an option works both from command line and from inside a profile. If you have disable-mnt in globals.local you need to place an override for it BEFORE that file is included. Placing it in a foo.local override file should automatically take care of this as those get included first, before globals.local. I've been using such a setup for quite a long time myself and it always worked/never broke. Please open a separate issue with code examples of what is and isn't working as expected.

<!-- gh-comment-id:1621094869 --> @ghost commented on GitHub (Jul 5, 2023): @pedrib > Using --ignore=disable-mnt on the command line works... but adding ignore disable-mnt to the profile doesn't. Is this expected behaviour? No, expected behaviour is that an option works both from command line and from inside a profile. If you have disable-mnt in `globals.local` you need to place an override for it `BEFORE` that file is included. Placing it in a `foo.local` override file should automatically take care of this as those get included first, before globals.local. I've been using such a setup for quite a long time myself and it always worked/never broke. Please open a separate issue with code examples of what is and isn't working as expected.

gitea-mirror commented 2026-05-05 09:45:28 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 9, 2023):

This is really frustrating, noblacklist option does absolutely nothing. Programs randomly complain about permissions and there is nothing you can do to configure firejail to allow access to directories.

This is overly complicated and impossible to debug.

<!-- gh-comment-id:1627864661 --> @danielkrajnik commented on GitHub (Jul 9, 2023): This is really frustrating, noblacklist option does absolutely nothing. Programs randomly complain about permissions and there is nothing you can do to configure firejail to allow access to directories. This is overly complicated and impossible to debug.

gitea-mirror commented 2026-05-05 09:45:29 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jul 10, 2023):

Simply start with the way it is not accessible. EACCES directs to blacklist options, while ENOENT directs to whitelist options.

<!-- gh-comment-id:1629204724 --> @rusty-snake commented on GitHub (Jul 10, 2023): Simply start with the way it is not accessible. EACCES directs to blacklist options, while ENOENT directs to whitelist options.

gitea-mirror commented 2026-05-05 09:45:29 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 10, 2023):

Thanks, that's really helpful. Yes, I think the error is ENOENT - but iwhitelisting this directory stil doesn't work

Adding neither whitelist nor noblacklist options doesn't work:

firejail --noblacklist=/home/user/exact/path/to/file/location --whitelist=/home/user/exact/path/to/file/location libreoffice

This results in the same error (but now it doesn't see desktop themes)

<!-- gh-comment-id:1629345085 --> @danielkrajnik commented on GitHub (Jul 10, 2023): Thanks, that's really helpful. Yes, I think the error is ENOENT - but iwhitelisting this directory stil doesn't work  Adding neither whitelist nor noblacklist options doesn't work: firejail --noblacklist=/home/user/exact/path/to/file/location --whitelist=/home/user/exact/path/to/file/location libreoffice This results in the same error (but now it doesn't see desktop themes) 

gitea-mirror commented 2026-05-05 09:45:30 -06:00

Author

Owner

Copy link

@danielkrajnik commented on GitHub (Jul 17, 2023):

Solved:

ignore disable-mntThank you for your
whitelist ${HOME}/notes

This is exactly what glitsj16 mentioned in his second comment. I kept messing it up with other unnecessary options there that caused thunderbird to not start at all.

Extra comments:

For me solving this required familiarizing myself for a few days with firejail manual, watching half the channel, meltdown, switch to flatpak, realizing that wine bottles (which are based on flatpak) won't work with wine, returning to firejail and getting a good grasp of the linux system overall (that takes years). The most important moment for me (besides being told about the ignore disable-mnt option) was finding out that you can inspect your sandbox VERY QUICKLY by going into shell with its current profile by running firejail --profile=thunderbird for thunderbird in this instance. This made a huge difference in iterating and finding out which options are working and which don't. It is for obvious reasons much quicker than running thunderbird or any other application itself. Nothing beats the terminal when it comes to startup speed.

One thing, which would have made this process a lot easier I think for anyone without having to put so much effort in learning firejail is showing clearly which profile causes any certain directory to be blacklisted/read-only/temporary (for example in the output of firejail --debug command or in firetools).

Sorry for the misleading title in this issue. I was really confused about firejail's mechanisms at the beginning. Thank you for your patience.

<!-- gh-comment-id:1637255225 --> @danielkrajnik commented on GitHub (Jul 17, 2023): ### Solved: ```` ignore disable-mntThank you for your whitelist ${HOME}/notes ```` This is exactly what [glitsj16](https://github.com/glitsj16) mentioned in his second comment. I kept messing it up with other unnecessary options there that caused thunderbird to not start at all. ### Extra comments: For me solving this required familiarizing myself for a few days with firejail manual, watching [half the channel](https://odysee.com/@netblue30:9), [meltdown](https://github.com/netblue30/firejail/issues/5879#issuecomment-1627864661), switch to flatpak, realizing that wine bottles (which are based on flatpak) [won't work with wine](https://www.reddit.com/r/rhino/comments/zr740l/comment/js22y8m/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button), returning to firejail and getting a good grasp of the linux system overall (that takes years). The most important moment for me (besides being told about the `ignore disable-mnt` option) was finding out that you can inspect your sandbox **VERY QUICKLY** by going into shell with its current profile by running` firejail --profile=thunderbird` for thunderbird in this instance. This made a huge difference in iterating and finding out which options are working and which don't. It is for obvious reasons much quicker than running thunderbird or any other application itself. Nothing beats the terminal when it comes to startup speed. One thing, which would have made this process a lot easier I think for anyone without having to put so much effort in learning firejail is showing clearly which **profile** causes any certain directory to be blacklisted/read-only/temporary (for example in the output of `firejail --debug` command or in firetools). Sorry for the misleading title in this issue. I was really confused about firejail's mechanisms at the beginning. Thank you for your patience.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3119

No description provided.