[GH-ISSUE #6015] vscodium: nodejs extension fails to execute a command correctly #3159

New issue

Closed

opened 2026-05-05 09:47:07 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented 2026-05-05 09:47:07 -06:00

Owner

Copy link

Originally created by @SjoerdV on GitHub (Sep 20, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6015

Description

When firejail is managing Visual Studio Code (code OR codium) sandbox firejail /usr/bin/codium . --no-sandbox --unity-launch
The 'AsciiDoc' extension (NODEJS) fails to export an .adoc file to PDF. I imagine a lot of extensions execute external programs from within the vscode sandbox, so this might be a more generic issue.

Steps to Reproduce

1. The 'AsciiDoc' extension (NODEJS) has a command 'Export document as PDF' which triggers /home/user/.vscode-oss/extensions/asciidoctor.asciidoctor-vscode-3.1.5/dist/src/commands/exportAsPDF.js
2. This starts a program /usr/local/bin/asciidoctor-pdf symlinked to /var/lib/gems/2.7.0/gems/asciidoctor-pdf-2.3.9/bin/asciidoctor-pdf
3. Which returns the error: /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require': /var/lib/gems/2.7.0/gems/date-3.3.3/lib/date_core.so: failed to map segment from shared object - /var/lib/gems/2.7.0/gems/date-3.3.3/lib/date_core.so (LoadError)

A lot of paths are involved but I noblacklisted them all. Also the executing of the .rb file needs an .so file loaded, this might complicate things

Expected behavior

The pdf file should be saved correctly

Actual behavior

eror occured (see above)

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

Same error!

What changed calling /path/to/program in a
terminal?

Error goes away and PDF is saved correctly

Additional context

AppArmor is disabled for the code or codium app, so that is not an issue.

I have tried a lot of code.local ignore statements, but it did not help

I tried --build to build my own profile, but it only added a bunch of whitelist statements that I don't want.

I tried syscalls.sh but my journal did not detect a single syscall

Environment

• Linux distribution and version: LMDE5 (Debian Bullseye)
• Firejail version: 0.9.72 (used the backports version)

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Parent pid 156953, child pid 156954
Child process initialized in 3.58 ms

Output of LC_ALL=C firejail --debug /path/to/program

Building quoted command line: '/usr/bin/codium' './notebook.code-workspace' '--new-window' '--no-sandbox' '--unity-launch' 
Command name #codium#
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 156115, child pid 156116
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
863 812 259:5 /etc /etc ro,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro
mountid=863 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
864 863 259:5 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro
mountid=864 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
865 812 259:5 /var /var ro,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro
mountid=865 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
866 865 259:5 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro
mountid=866 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
867 812 259:5 /usr /usr ro,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro
mountid=867 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/<USER>/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /sys/fs
Disable /sys/module
Current directory: /home/<USER>/test
DISPLAY=:0 parsed as 0
Mounting read-only /run/firejail/mnt/seccomp
1001 860 0:54 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1001 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             120 .
drwxr-xr-x root     root             160 ..
-rw-r--r-- <USER>   <USER>           632 seccomp
-rw-r--r-- <USER>   <USER>           432 seccomp.32
-rw-r--r-- <USER>   <USER>             0 seccomp.postexec
-rw-r--r-- <USER>   <USER>             0 seccomp.postexec32
No active seccomp files
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
execvp argument 0: /usr/bin/codium
execvp argument 1: ./notebook.code-workspace
execvp argument 2: --new-window
execvp argument 3: --no-sandbox
execvp argument 4: --unity-launch
Child process initialized in 4.99 ms
monitoring pid 2

Sandbox monitor: waitpid 2 retval 2 status 0
Sandbox monitor: monitoring 19
monitoring pid 19

Output of firejail /path/to/program

Reading profile /etc/firejail/codium.profile
Reading profile /etc/firejail/vscodium.profile
Reading profile /etc/firejail/code.profile
Reading profile /etc/firejail/allow-common-devel.inc
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 158231, child pid 158232
Warning: NVIDIA card detected, nogroups command ignored
Warning: cleaning all supplementary groups
Child process initialized in 43.91 ms

Originally created by @SjoerdV on GitHub (Sep 20, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/6015 ### Description When firejail is managing Visual Studio Code (code OR codium) sandbox `firejail /usr/bin/codium . --no-sandbox --unity-launch` The 'AsciiDoc' extension (NODEJS) fails to export an .adoc file to PDF. I imagine a lot of extensions execute external programs from within the vscode sandbox, so this might be a more generic issue. ### Steps to Reproduce 1. The 'AsciiDoc' extension (NODEJS) has a command 'Export document as PDF' which triggers `/home/user/.vscode-oss/extensions/asciidoctor.asciidoctor-vscode-3.1.5/dist/src/commands/exportAsPDF.js` 1. This starts a program `/usr/local/bin/asciidoctor-pdf` symlinked to `/var/lib/gems/2.7.0/gems/asciidoctor-pdf-2.3.9/bin/asciidoctor-pdf` 1. Which returns the error: /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require': /var/lib/gems/2.7.0/gems/date-3.3.3/lib/date_core.so: failed to map segment from shared object - /var/lib/gems/2.7.0/gems/date-3.3.3/lib/date_core.so (LoadError) A lot of paths are involved but I `noblacklist`ed them all. Also the executing of the `.rb` file needs an `.so` file loaded, this might complicate things ### Expected behavior The pdf file should be saved correctly ### Actual behavior eror occured (see above) ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ Same error! _What changed calling `/path/to/program` in a terminal?_ Error goes away and PDF is saved correctly ### Additional context AppArmor is disabled for the `code` or `codium` app, so that is not an issue. I have tried a lot of `code.local` `ignore` statements, but it did not help I tried `--build` to build my own profile, but it only added a bunch of `whitelist` statements that I don't want. I tried `syscalls.sh` but my journal did not detect a single syscall ### Environment - Linux distribution and version: LMDE5 (Debian Bullseye) - Firejail version: 0.9.72 (used the backports version) ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` Parent pid 156953, child pid 156954 Child process initialized in 3.58 ms ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` Building quoted command line: '/usr/bin/codium' './notebook.code-workspace' '--new-window' '--no-sandbox' '--unity-launch' Command name #codium# DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 156115, child pid 156116 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 863 812 259:5 /etc /etc ro,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro mountid=863 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 864 863 259:5 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro mountid=864 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 865 812 259:5 /var /var ro,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro mountid=865 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 866 865 259:5 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro mountid=866 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 867 812 259:5 /usr /usr ro,relatime master:1 - ext4 /dev/nvme0n1p5 rw,errors=remount-ro mountid=867 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/<USER>/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /sys/fs Disable /sys/module Current directory: /home/<USER>/test DISPLAY=:0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp 1001 860 0:54 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1001 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 160 .. -rw-r--r-- <USER> <USER> 632 seccomp -rw-r--r-- <USER> <USER> 432 seccomp.32 -rw-r--r-- <USER> <USER> 0 seccomp.postexec -rw-r--r-- <USER> <USER> 0 seccomp.postexec32 No active seccomp files Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) execvp argument 0: /usr/bin/codium execvp argument 1: ./notebook.code-workspace execvp argument 2: --new-window execvp argument 3: --no-sandbox execvp argument 4: --unity-launch Child process initialized in 4.99 ms monitoring pid 2 Sandbox monitor: waitpid 2 retval 2 status 0 Sandbox monitor: monitoring 19 monitoring pid 19 ``` </p> </details> <details> <summary>Output of <code>firejail /path/to/program</code></summary> <p> ``` Reading profile /etc/firejail/codium.profile Reading profile /etc/firejail/vscodium.profile Reading profile /etc/firejail/code.profile Reading profile /etc/firejail/allow-common-devel.inc Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 158231, child pid 158232 Warning: NVIDIA card detected, nogroups command ignored Warning: cleaning all supplementary groups Child process initialized in 43.91 ms ``` </p> </details>

gitea-mirror 2026-05-05 09:47:07 -06:00

• closed this issue
• added the
  question
  label

gitea-mirror commented 2026-05-05 09:47:09 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Sep 20, 2023):

Thanks for your detailed reporting. The complexities involved here sure don't make it easy to come up with a quick one-liner fix. So please bare with me in the following.

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?
Same error!

I noticed that your debug log shows Mounting noexec /var, which might explain why the symlinked asciidoctor-pdf under /var/lib borks (steps 2 & 3 from your STR). When --noprofile also fails, that points me in the direction of troubles caused by a noexec somewhere down the line. Which IMO is also the reason why extra noblacklisting doesn't help in this context.

I'd try the below first (not exactly sure what nodejs might expect from the sandbox):

ignore noexec /tmp
ignore private-tmp

Also, instead of using --noprofile, try using noprofile.profile. The latter creates the weakest possible sandbox and is only another debug tool. If I'm at all having eyes on your issue I'd expect that to work due to the writable-var. Would be interesting if you could post output from

$ firejail --profile=noprofile.profile /path/to/program

<!-- gh-comment-id:1726756463 --> @ghost commented on GitHub (Sep 20, 2023): Thanks for your detailed reporting. The complexities involved here sure don't make it easy to come up with a quick one-liner fix. So please bare with me in the following. > What changed calling LC_ALL=C firejail --noprofile /path/to/program in a terminal? Same error! I noticed that your debug log shows `Mounting noexec /var`, which might explain why the symlinked asciidoctor-pdf under /var/lib borks (steps 2 & 3 from your STR). When `--noprofile` also fails, that points me in the direction of troubles caused by a `noexec` somewhere down the line. Which IMO is also the reason why extra noblacklisting doesn't help in this context. I'd try the below first (not exactly sure what nodejs might expect from the sandbox): ``` ignore noexec /tmp ignore private-tmp ``` Also, instead of using `--noprofile`, try using [noprofile.profile](https://github.com/netblue30/firejail/blob/master/etc/profile-m-z/noprofile.profile). The latter creates the weakest possible sandbox and is only another debug tool. If I'm at all having eyes on your issue I'd expect that to work due to the `writable-var`. Would be interesting if you could post output from ```sh $ firejail --profile=noprofile.profile /path/to/program ```

gitea-mirror commented 2026-05-05 09:47:10 -06:00

Author

Owner

Copy link

@SjoerdV commented on GitHub (Sep 20, 2023):

hi @glitsj16 thanks for your swift reply. The results are as follows:

adding

ignore noexec /tmp
ignore private-tmp

... has no effect

Output of firejail --profile=noprofile.profile /path/to/program

Reading profile /etc/firejail/noprofile.profile
Parent pid 168762, child pid 168763
Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied
Child process initialized in 79.90 ms

Now the extension works as expected indeed! But this is nearly the same as running without a sandbox, I guess.

What bugs me is that it seems there are no 'file not found' or 'can not execute' errors here, but a rather vague 'failed to map segment from shared object' error. Seems like something 'in memory' process is being blocked...
Hope you have any more ideas ;-)

<!-- gh-comment-id:1728341116 --> @SjoerdV commented on GitHub (Sep 20, 2023): hi @glitsj16 thanks for your swift reply. The results are as follows: 1) adding ``` ignore noexec /tmp ignore private-tmp ``` ... has no effect 2) <details> <summary>Output of <code>firejail --profile=noprofile.profile /path/to/program</code></summary> <p> ``` Reading profile /etc/firejail/noprofile.profile Parent pid 168762, child pid 168763 Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied Child process initialized in 79.90 ms ``` Now the extension works as expected indeed! But this is nearly the same as running without a sandbox, I guess. </p> </details> What bugs me is that it seems there are no 'file not found' or 'can not execute' errors here, but a rather vague 'failed to map segment from shared object' error. Seems like something 'in memory' process is being blocked... Hope you have any more ideas ;-)

gitea-mirror commented 2026-05-05 09:47:10 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Sep 20, 2023):

Now the extension works as expected indeed! But this is nearly the same as running without a sandbox, I guess.

Correct. You'll need to integrate (some of the) noprofile.profile options into your code.local to keep a reasonably tight sandbox. My guess is the writable-var option probably will suffice, but some of the other ones might be needed too. Experiment and I'm pretty confident you'll have this working soon.

<!-- gh-comment-id:1728367170 --> @ghost commented on GitHub (Sep 20, 2023): > Now the extension works as expected indeed! But this is nearly the same as running without a sandbox, I guess. Correct. You'll need to `integrate` (some of the) noprofile.profile options into your `code.local` to keep a reasonably tight sandbox. My guess is the `writable-var` option probably will suffice, but some of the other ones might be needed too. Experiment and I'm pretty confident you'll have this working soon.

gitea-mirror commented 2026-05-05 09:47:11 -06:00

Author

Owner

Copy link

@SjoerdV commented on GitHub (Sep 20, 2023):

Now the extension works as expected indeed! But this is nearly the same as running without a sandbox, I guess.

Correct. You'll need to integrate (some of the) noprofile.profile options into your code.local to keep a reasonably tight sandbox. My guess is the writable-var option probably will suffice, but some of the other ones might be needed too. Experiment and I'm pretty confident you'll have this working soon.

That's a great pointer, thanks! adding writable-var did the trick. Thanks again!

EDIT: my code.local file already had writable-run-user

<!-- gh-comment-id:1728371084 --> @SjoerdV commented on GitHub (Sep 20, 2023): > > Now the extension works as expected indeed! But this is nearly the same as running without a sandbox, I guess. > > Correct. You'll need to `integrate` (some of the) noprofile.profile options into your `code.local` to keep a reasonably tight sandbox. My guess is the `writable-var` option probably will suffice, but some of the other ones might be needed too. Experiment and I'm pretty confident you'll have this working soon. That's a great pointer, thanks! adding `writable-var` did the trick. Thanks again! EDIT: my `code.local` file already had `writable-run-user`

gitea-mirror referenced this issue 2026-05-05 10:24:17 -06:00

[PR #3159] [MERGED] Add profiles for common (la)tex commands #4662

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3159

No description provided.