github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #5990] vscodium: cannot access Arduino code #3149

New issue

Closed

opened 2026-05-05 09:46:53 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 09:46:53 -06:00

Owner

Originally created by @marek22k on GitHub (Sep 6, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5990

Description

Opening code is not possible in VSCodium

Steps to Reproduce

Steps to reproduce the behavior

Run in bash LC_ALL=C firejail /usr/bin/codium (LC_ALL=C to get a consistent
output in English that can be understood by everybody)
Open a file, e. g. /home/marek/Arduino/xinetd/platformio.init
Scroll down to The editor could not be opened due to an unexpteted error: Unable to read file '/home/marek/Arduino/xinetd/platformio.init (NoPermissions (FileSystemError): Error: EACCES: permission denied, stat '/home/marek/Arduino/xinetd/platformio.ini')`

Expected behavior

File can be opened.

Actual behavior

File cannot be opened.

Behavior without a profile

File can be opened.

Environment

Parrot OS (Debian-based)

firejail version 0.9.72

Compile time support:
	- always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file transfer support is enabled
	- firetunnel support is disabled
	- IDS support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

Log

Output of LC_ALL=C firejail /usr/bin/codium

$LC_ALL=C firejail /usr/bin/codium
Reading profile /etc/firejail/codium.profile
Reading profile /etc/firejail/vscodium.profile
Reading profile /etc/firejail/code.profile
Reading profile /etc/firejail/allow-common-devel.inc
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 23597, child pid 23598
Child process initialized in 49.94 ms

Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /usr/bin/codium

https://gist.github.com/marek22k/27d165ce082954678745178dcb7e2bad

Originally created by @marek22k on GitHub (Sep 6, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5990 ### Description Opening code is not possible in VSCodium ### Steps to Reproduce _Steps to reproduce the behavior_ 1. Run in bash `LC_ALL=C firejail /usr/bin/codium` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody) 2. Open a file, e. g. `/home/marek/Arduino/xinetd/platformio.init` 3. Scroll down to `The editor could not be opened due to an unexpteted error: Unable to read file '/home/marek/Arduino/xinetd/platformio.init` (NoPermissions (FileSystemError): Error: EACCES: permission denied, stat '/home/marek/Arduino/xinetd/platformio.ini')` ### Expected behavior File can be opened. ### Actual behavior File cannot be opened. ### Behavior without a profile File can be opened. ### Environment - Parrot OS (Debian-based) ``` firejail version 0.9.72 Compile time support: - always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - firetunnel support is disabled - IDS support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. ### Log <details> <summary>Output of <code>LC_ALL=C firejail /usr/bin/codium</code></summary> <p> ``` $LC_ALL=C firejail /usr/bin/codium Reading profile /etc/firejail/codium.profile Reading profile /etc/firejail/vscodium.profile Reading profile /etc/firejail/code.profile Reading profile /etc/firejail/allow-common-devel.inc Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 23597, child pid 23598 Child process initialized in 49.94 ms Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /usr/bin/codium</code></summary> <p> https://gist.github.com/marek22k/27d165ce082954678745178dcb7e2bad </p> </details>

gitea-mirror closed this issue

2026-05-05 09:46:55 -06:00

gitea-mirror commented

2026-05-05 09:46:56 -06:00

Author

Owner

@ghost commented on GitHub (Sep 6, 2023):

Thank you for reporting.

Easy fix:

$ cat ~/.config/firejail/allow-common-devel.local
noblacklist ${HOME}/.arduino15
noblacklist ${HOME}/Arduino

If that indeed fixes it, can you open a PR?

@ghost commented on GitHub (Sep 6, 2023): Thank you for reporting. Easy fix: ```sh $ cat ~/.config/firejail/allow-common-devel.local noblacklist ${HOME}/.arduino15 noblacklist ${HOME}/Arduino ``` If that indeed fixes it, can you open a PR?

gitea-mirror commented

2026-05-05 09:46:57 -06:00

Author

Owner

@marek22k commented on GitHub (Sep 6, 2023):

It works. I have created a PR.

@marek22k commented on GitHub (Sep 6, 2023): It works. I have created a PR.

gitea-mirror referenced this issue

2026-05-05 10:24:07 -06:00

[PR #3149] [MERGED] Blacklisting openrc paths by defaults #4655

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3149

No description provided.

Rows
Columns