[GH-ISSUE #433] Desktop notifications for blacklist violations

gitea-mirror commented

2026-05-05 05:35:05 -06:00

Owner

Originally created by @netblue30 on GitHub (Apr 13, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/433

From wordpress:

question about desktop notifications for blacklist violations.
Can this be set up something like that like this up here? I think that would be a good thing.

#! /bin/bash
# firejail desktop notification

while true
do
JAIL=$(grep “blacklist violation” /var/log/syslog)
if [ -z “$JAIL” ]
then
sleep 2
else
zenity –warning –title “FIREJAIL” –text “$JAIL” &
sed -i “/blacklist violation/d” /var/log/syslog
fi
done

Originally created by @netblue30 on GitHub (Apr 13, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/433 From wordpress: question about desktop notifications for blacklist violations. Can this be set up something like that like this up here? I think that would be a good thing. ``` #! /bin/bash # firejail desktop notification while true do JAIL=$(grep “blacklist violation” /var/log/syslog) if [ -z “$JAIL” ] then sleep 2 else zenity –warning –title “FIREJAIL” –text “$JAIL” & sed -i “/blacklist violation/d” /var/log/syslog fi done ```

gitea-mirror added the

enhancement

label 2026-05-05 05:35:05 -06:00

gitea-mirror commented

2026-05-05 05:35:08 -06:00

Author

Owner

@curiosity-seeker commented on GitHub (Apr 13, 2016):

I think for distros using systemd it should something like

journalctl | grep -E 'blacklist.*violation'

as there is no syslog.

@curiosity-seeker commented on GitHub (Apr 13, 2016): I think for distros using systemd it should something like `journalctl | grep -E 'blacklist.*violation'` as there is no syslog.

gitea-mirror commented

2026-05-05 05:35:10 -06:00

Author

Owner

@ghost commented on GitHub (Apr 14, 2016):

I think it generally should be more accessible to the user and not a fixed script that firejail distributes. Should be easy to change the command to run, other than copying the script and making your own version out of it. Not everyone wants to run zenity for notifications.

It could be done as some kind of "event-hook". Whenever a blacklist violation (or other events possibly?) happens, run the command specified by the user.

@ghost commented on GitHub (Apr 14, 2016): I think it generally should be more accessible to the user and not a fixed script that firejail distributes. Should be easy to change the command to run, other than copying the script and making your own version out of it. Not everyone wants to run zenity for notifications. It could be done as some kind of "event-hook". Whenever a blacklist violation (or other events possibly?) happens, run the command specified by the user.

gitea-mirror commented

2026-05-05 05:35:13 -06:00

Author

Owner

@netblue30 commented on GitHub (Apr 14, 2016):

The messages are sent to syslog, so they already go to systemd. I'll look into some sort of event-hook as suggested by @avoidr

@netblue30 commented on GitHub (Apr 14, 2016): The messages are sent to syslog, so they already go to systemd. I'll look into some sort of event-hook as suggested by @avoidr

gitea-mirror commented

2026-05-05 05:35:14 -06:00

Author

Owner

@vn971 commented on GitHub (Jul 17, 2016):

By the way, do systemd-based distros actually get syslog events from firejail?
Can somebody report systemd working fine with ferjail?

I've migrated to ArchLinux a couple of months ago and I still can't make firejail and syslog work together. I had to stop using custom seccomp rules for this exact reason.:(

@vn971 commented on GitHub (Jul 17, 2016): By the way, do systemd-based distros actually get syslog events from `firejail`? Can somebody report systemd working fine with ferjail? I've migrated to ArchLinux a couple of months ago and I still can't make firejail and syslog work together. I had to stop using custom seccomp rules for this exact reason.:(

gitea-mirror commented

2026-05-05 05:35:15 -06:00

Author

Owner

@netblue30 commented on GitHub (Jul 18, 2016):

It should work, I send the messages to syslog using the facilities available in glibc. I'll do a short check on Arch.

@netblue30 commented on GitHub (Jul 18, 2016): It should work, I send the messages to syslog using the facilities available in glibc. I'll do a short check on Arch.

gitea-mirror commented

2026-05-05 05:35:17 -06:00

Author

Owner

@vn971 commented on GitHub (Jul 18, 2016):

If you can, that'd be great, thank you! The attempts that failed for me were installing syslog-ng and watching for messages with journalctl -f -n 200.

@vn971 commented on GitHub (Jul 18, 2016): If you can, that'd be great, thank you! The attempts that _failed_ for me were installing `syslog-ng` and watching for messages with `journalctl -f -n 200`.

gitea-mirror commented

2026-05-05 05:35:19 -06:00

Author

Owner

@netblue30 commented on GitHub (Jul 18, 2016):

My understanding is systemd should collect by default all the messages that used to go to syslog. I'll have take a look.

@netblue30 commented on GitHub (Jul 18, 2016): My understanding is systemd should collect by default all the messages that used to go to syslog. I'll have take a look.

gitea-mirror commented

2026-05-05 05:35:20 -06:00

Author

Owner

@reinerh commented on GitHub (Jul 30, 2016):

@vn971 Have you enabled ForwardToSyslog in journald?
Otherwise syslog-ng doesn't receive the logs from journald.

@reinerh commented on GitHub (Jul 30, 2016): @vn971 Have you enabled ForwardToSyslog in journald? Otherwise syslog-ng doesn't receive the logs from journald.

gitea-mirror commented

2026-05-05 05:35:21 -06:00

Author

Owner

@vn971 commented on GitHub (Jul 30, 2016):

@reinerh yes, I have it enabled in /etc/systemd/journald.conf. If you do get notifications on ArchLinux, please mention it, it'd be very interesting to know.

@vn971 commented on GitHub (Jul 30, 2016): @reinerh yes, I have it enabled in /etc/systemd/journald.conf. If you _do_ get notifications on ArchLinux, please mention it, it'd be very interesting to know.

gitea-mirror commented

2026-05-05 05:35:22 -06:00

Author

Owner

@reinerh commented on GitHub (Jul 30, 2016):

I'm not using Arch, but I see blacklist violations for example with firejail --tracelog cd ~/.ssh:

$ tail -f /var/log/syslog | grep blacklist
Jul 30 23:40:40 firejail[2]: blacklist violation - sandbox 24194, exe bash, syscall chdir, path /home/reiner/.ssh
Jul 30 23:40:40 firejail[2]: blacklist violation - sandbox 24194, exe bash, syscall chdir, path /home/reiner/.ssh

@reinerh commented on GitHub (Jul 30, 2016): I'm not using Arch, but I see blacklist violations for example with `firejail --tracelog cd ~/.ssh`: > $ tail -f /var/log/syslog | grep blacklist > Jul 30 23:40:40 firejail[2]: blacklist violation - sandbox 24194, exe bash, syscall chdir, path /home/reiner/.ssh > Jul 30 23:40:40 firejail[2]: blacklist violation - sandbox 24194, exe bash, syscall chdir, path /home/reiner/.ssh

gitea-mirror commented

2026-05-05 05:35:24 -06:00

Author

Owner

@vn971 commented on GitHub (Jul 30, 2016):

@reinerh this one I did (pleasantly and successfully) in ubundu/debian, too... Never so after moving to Arch. (I like Arch very much comparing to ubuntu, so switching back is not something I want..)

@vn971 commented on GitHub (Jul 30, 2016): @reinerh this one I did (pleasantly and successfully) in ubundu/debian, too... Never so after moving to Arch. (I like Arch very much comparing to ubuntu, so switching back is not something I want..)

gitea-mirror commented

2026-05-05 05:35:25 -06:00

Author

Owner

@chocolateboy commented on GitHub (Feb 23, 2018):

I'll look into some sort of event-hook as suggested by @avoidr

I think D-Bus is the standard way to do this (possibly via sd-bus on systemd systems).

@chocolateboy commented on GitHub (Feb 23, 2018): > I'll look into some sort of event-hook as suggested by @avoidr I think D-Bus is the standard way to do this (possibly via [sd-bus](http://0pointer.net/blog/the-new-sd-bus-api-of-systemd.html) on systemd systems).

gitea-mirror commented

2026-05-05 05:35:26 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 22, 2019):

#!/usr/bin/env bash

# Copyright © 2019 rusty-snake
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

function usage {
        echo "Usage:"
        echo "        NOTIFY_TOOL=\"<ZENITY|KDIALOG|NOTIFY_SEND>\" $0"
}

if [ "$1" == "--help" ] || [ "$1" == "-h" ] || [ "$1" == "-?" ]; then
        usage "$@"
        exit 0
fi

if [ ! -v "NOTIFY_TOOL" ]; then
        printf "Error: \"NOTIFY_TOOL\" not set.\n"
        usage "$@"
        exit 1
fi

if [ "$NOTIFY_TOOL" == "ZENITY" ]; then
        notify_cmd="zenity"
        notify_args=(--title "Blacklist violation" --no-wrap --warning --text)
elif [ "$NOTIFY_TOOL" == "KDIALOG" ]; then
        notify_cmd="kdialog"
        notify_args=(--title "Blacklist violation" --sorry)
elif [ "$NOTIFY_TOOL" == "NOTIFY-SEND" ]; then
        notify_cmd="notify-send"
        notify_args=(--icon "dialog-warning" "Blacklist violation")
else
        printf "Error: Invalid value for NOTIFY_TOOL.\n"
        usage "$@"
        exit 1
fi

journalctl --grep="blacklist violation" --output=json --follow | jq --unbuffered ".MESSAGE" | xargs -L1 -P0 "$notify_cmd" "${notify_args[@]}"

@rusty-snake commented on GitHub (Aug 22, 2019): ```bash #!/usr/bin/env bash # Copyright © 2019 rusty-snake # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. function usage { echo "Usage:" echo " NOTIFY_TOOL=\"<ZENITY|KDIALOG|NOTIFY_SEND>\" $0" } if [ "$1" == "--help" ] || [ "$1" == "-h" ] || [ "$1" == "-?" ]; then usage "$@" exit 0 fi if [ ! -v "NOTIFY_TOOL" ]; then printf "Error: \"NOTIFY_TOOL\" not set.\n" usage "$@" exit 1 fi if [ "$NOTIFY_TOOL" == "ZENITY" ]; then notify_cmd="zenity" notify_args=(--title "Blacklist violation" --no-wrap --warning --text) elif [ "$NOTIFY_TOOL" == "KDIALOG" ]; then notify_cmd="kdialog" notify_args=(--title "Blacklist violation" --sorry) elif [ "$NOTIFY_TOOL" == "NOTIFY-SEND" ]; then notify_cmd="notify-send" notify_args=(--icon "dialog-warning" "Blacklist violation") else printf "Error: Invalid value for NOTIFY_TOOL.\n" usage "$@" exit 1 fi journalctl --grep="blacklist violation" --output=json --follow | jq --unbuffered ".MESSAGE" | xargs -L1 -P0 "$notify_cmd" "${notify_args[@]}" ```

gitea-mirror commented

2026-05-05 05:35:27 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 23, 2019):

Dependencies:

jq
zenity or kdialog or notify-send (apt: libnotify-bin; rpm: libnotify)

Features:

use journalctl
messages in a window (zenity, kdialog)
desktop notifications (notify-send)

@rusty-snake commented on GitHub (Aug 23, 2019): Dependencies: - jq - zenity or kdialog or notify-send (apt: libnotify-bin; rpm: libnotify) Features: - use journalctl - messages in a window (zenity, kdialog) - desktop notifications (notify-send)

gitea-mirror commented

2026-05-05 05:35:28 -06:00

Author

Owner

@curiosity-seeker commented on GitHub (Aug 23, 2019):

@rusty-snake : Thanks., I was going to test the script but ran into the error:

/usr/bin/env: „bash\r“: Datei oder Verzeichnis nicht gefunden

shellcheck produced the following error several times:

^-- SC1017: Literal carriage return. Run script through tr -d '\r' .

See https://github.com/koalaman/shellcheck/wiki/SC1017

tr -d '\r' < oldscript > newsript fixed the problem.

I will do further testing.

@curiosity-seeker commented on GitHub (Aug 23, 2019): @rusty-snake : Thanks., I was going to test the script but ran into the error: ``` /usr/bin/env: „bash\r“: Datei oder Verzeichnis nicht gefunden ``` `shellcheck` produced the following error several times: ``` ^-- SC1017: Literal carriage return. Run script through tr -d '\r' . ``` See https://github.com/koalaman/shellcheck/wiki/SC1017 `tr -d '\r' < oldscript > newsript` fixed the problem. I will do further testing.

gitea-mirror commented

2026-05-05 05:35:29 -06:00

Author

Owner

@vn971 commented on GitHub (Aug 23, 2019):

But @rusty-snake didn't publish any line breaks, it must be your local editor? Anyway, I moved to using bubblewrap for security isolation, so I'll unsubscribe.

@vn971 commented on GitHub (Aug 23, 2019): But @rusty-snake didn't publish any line breaks, it must be your local editor? Anyway, I moved to using bubblewrap for security isolation, so I'll unsubscribe.

gitea-mirror commented

2026-05-05 05:35:30 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 23, 2019):

~~\r WHAT?! 😱 I use \n (in vim)~~ Maye copy&paste error 😕
For me:

$ shellcheck firejail_blacklist_violation_notify.sh
$

BUG: NOTIFY_SEND vs. NOTIFY-SEND

@rusty-snake commented on GitHub (Aug 23, 2019): ~`\r` WHAT?! :scream: I use `\n` (in vim)~ Maye copy&paste error :confused: For me: ``` $ shellcheck firejail_blacklist_violation_notify.sh $ ``` BUG: `NOTIFY_SEND` vs. `NOTIFY-SEND`

gitea-mirror commented

2026-05-05 05:35:31 -06:00

Author

Owner

@curiosity-seeker commented on GitHub (Aug 24, 2019):

Oops - yes, you're right. I'm using kate as my editor, and that had not happened before. Now it used the Windows/DOS style line terminator. Perhaps a regression in a recent update ...

@curiosity-seeker commented on GitHub (Aug 24, 2019): Oops - yes, you're right. I'm using kate as my editor, and that had not happened before. Now it used the Windows/DOS style line terminator. Perhaps a regression in a recent update ...

gitea-mirror referenced this issue

2026-05-05 10:04:17 -06:00

[PR #314] [MERGED] Epiphany: Fix settings being saved but not loaded #3592

Rows
Columns

[GH-ISSUE #433] Desktop notifications for blacklist violations #314