github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #6110] discord: Check failed: . : Permission denied (13) #3184

New issue

Closed

opened 2026-05-05 09:48:17 -06:00 by gitea-mirror · 11 comments

gitea-mirror commented

2026-05-05 09:48:17 -06:00

Owner

Originally created by @imgurbot12 on GitHub (Nov 28, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6110

Description

Hello, love the firejail project and I've used it for years! I've recently come across this error when trying to run discord's latest version 0.0.36 on Ubuntu 22.04 within firejail which causes the entire program to crash:

Child process initialized in 223.74 ms
[1:1128/162312.415736:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13)

Steps to Reproduce

Run in bash LC_ALL=C firejail discord

Behavior without a profile

$ LC_ALL=C firejail --noprofile discord
firejail version 0.9.73

Parent pid 99593, child pid 99594
Base filesystem installed in 0.10 ms
Child process initialized in 9.55 ms
Warning: an existing sandbox was detected. /usr/bin/discord will run without any additional sandboxing features
[1:1129/112108.072421:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13)

Parent is shutting down, bye...

Additional context

Any other detail that may help to understand/debug the problem

Environment

firejail-version: 0.9.66
firejail deb versions:

ii  firejail                                  0.9.66-2                                   amd64        sandbox to restrict the application environment
ii  firejail-profiles                         0.9.66-2                                   all          profiles for the firejail application sandbox

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/discord) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /usr/bin/discord

Reading profile /etc/firejail/discord.profile
Reading profile /home/andrew/.config/firejail/discord.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file
Reading profile /etc/firejail/discord-common.profile
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 81203, child pid 81204
Warning: skipping discord for private /opt
Private /opt installed in 0.12 ms
16 programs installed in 34.37 ms
Warning fcopy: skipping /etc/alternatives/aptitude, cannot find inode
Warning fcopy: skipping /etc/alternatives/csscombine, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzcmp, cannot find inode
Warning fcopy: skipping /etc/alternatives/jar, cannot find inode
Warning fcopy: skipping /etc/alternatives/c++, cannot find inode
Warning fcopy: skipping /etc/alternatives/mogrify, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzcat, cannot find inode
Warning fcopy: skipping /etc/alternatives/composite-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/automake, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/cc, cannot find inode
Warning fcopy: skipping /etc/alternatives/html2markdown, cannot find inode
Warning fcopy: skipping /etc/alternatives/pinentry, cannot find inode
Warning fcopy: skipping /etc/alternatives/animate-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/identify-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/brave-browser, cannot find inode
Warning fcopy: skipping /etc/alternatives/nc, cannot find inode
Warning fcopy: skipping /etc/alternatives/signal-desktop, cannot find inode
Warning fcopy: skipping /etc/alternatives/x-window-manager, cannot find inode
Warning fcopy: skipping /etc/alternatives/ex, cannot find inode
Warning fcopy: skipping /etc/alternatives/rlogin, cannot find inode
Warning fcopy: skipping /etc/alternatives/gnome-text-editor, cannot find inode
Warning fcopy: skipping /etc/alternatives/aclocal, cannot find inode
Warning fcopy: skipping /etc/alternatives/x-terminal-emulator, cannot find inode
Warning fcopy: skipping /etc/alternatives/view, cannot find inode
Warning fcopy: skipping /etc/alternatives/rmt, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzma, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/x-www-browser, cannot find inode
Warning fcopy: skipping /etc/alternatives/montage, cannot find inode
Warning fcopy: skipping /etc/alternatives/c89, cannot find inode
Warning fcopy: skipping /etc/alternatives/vim, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzegrep, cannot find inode
Warning fcopy: skipping /etc/alternatives/netcat, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode
Warning fcopy: skipping /etc/alternatives/cpp, cannot find inode
Warning fcopy: skipping /etc/alternatives/composite, cannot find inode
Warning fcopy: skipping /etc/alternatives/ftp, cannot find inode
Warning fcopy: skipping /etc/alternatives/animate, cannot find inode
Warning fcopy: skipping /etc/alternatives/pinentry-x11, cannot find inode
Warning fcopy: skipping /etc/alternatives/jsondiff, cannot find inode
Warning fcopy: skipping /etc/alternatives/cssparse, cannot find inode
Warning fcopy: skipping /etc/alternatives/mogrify-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/vimdiff, cannot find inode
Warning fcopy: skipping /etc/alternatives/convert-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode
Warning fcopy: skipping /etc/alternatives/stream-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzless, cannot find inode
Warning fcopy: skipping /etc/alternatives/stream, cannot find inode
Warning fcopy: skipping /etc/alternatives/rsh, cannot find inode
Warning fcopy: skipping /etc/alternatives/rvim, cannot find inode
Warning fcopy: skipping /etc/alternatives/montage-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/import-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/telnet, cannot find inode
Warning fcopy: skipping /etc/alternatives/write, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/bibtex, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/pico, cannot find inode
Warning fcopy: skipping /etc/alternatives/vi, cannot find inode
Warning fcopy: skipping /etc/alternatives/csscapture, cannot find inode
Warning fcopy: skipping /etc/alternatives/convert, cannot find inode
Warning fcopy: skipping /etc/alternatives/gnome-www-browser, cannot find inode
Warning fcopy: skipping /etc/alternatives/compare-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/compare, cannot find inode
Warning fcopy: skipping /etc/alternatives/xdvi.bin, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzgrep, cannot find inode
Warning fcopy: skipping /etc/alternatives/display, cannot find inode
Warning fcopy: skipping /etc/alternatives/pybabel, cannot find inode
Warning fcopy: skipping /etc/alternatives/conjure-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzdiff, cannot find inode
Warning fcopy: skipping /etc/alternatives/awk, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzfgrep, cannot find inode
Warning fcopy: skipping /etc/alternatives/rview, cannot find inode
Warning fcopy: skipping /etc/alternatives/unlzma, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/rcp, cannot find inode
Warning fcopy: skipping /etc/alternatives/tabbed, cannot find inode
Warning fcopy: skipping /etc/alternatives/infobrowser, cannot find inode
Warning fcopy: skipping /etc/alternatives/editor, cannot find inode
Warning fcopy: skipping /etc/alternatives/display-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/import, cannot find inode
Warning fcopy: skipping /etc/alternatives/pager, cannot find inode
 ~  firejail discord
Reading profile /etc/firejail/discord.profile
Reading profile /home/andrew/.config/firejail/discord.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file
Reading profile /etc/firejail/discord-common.profile
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 82867, child pid 82868
Warning: skipping discord for private /opt
Private /opt installed in 0.13 ms
16 programs installed in 28.34 ms
Warning fcopy: skipping /etc/alternatives/aptitude, cannot find inode
Warning fcopy: skipping /etc/alternatives/csscombine, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzcmp, cannot find inode
Warning fcopy: skipping /etc/alternatives/jar, cannot find inode
Warning fcopy: skipping /etc/alternatives/c++, cannot find inode
Warning fcopy: skipping /etc/alternatives/mogrify, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzcat, cannot find inode
Warning fcopy: skipping /etc/alternatives/composite-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/automake, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/cc, cannot find inode
Warning fcopy: skipping /etc/alternatives/html2markdown, cannot find inode
Warning fcopy: skipping /etc/alternatives/pinentry, cannot find inode
Warning fcopy: skipping /etc/alternatives/animate-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/identify-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/brave-browser, cannot find inode
Warning fcopy: skipping /etc/alternatives/nc, cannot find inode
Warning fcopy: skipping /etc/alternatives/signal-desktop, cannot find inode
Warning fcopy: skipping /etc/alternatives/x-window-manager, cannot find inode
Warning fcopy: skipping /etc/alternatives/ex, cannot find inode
Warning fcopy: skipping /etc/alternatives/rlogin, cannot find inode
Warning fcopy: skipping /etc/alternatives/gnome-text-editor, cannot find inode
Warning fcopy: skipping /etc/alternatives/aclocal, cannot find inode
Warning fcopy: skipping /etc/alternatives/x-terminal-emulator, cannot find inode
Warning fcopy: skipping /etc/alternatives/view, cannot find inode
Warning fcopy: skipping /etc/alternatives/rmt, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzma, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/x-www-browser, cannot find inode
Warning fcopy: skipping /etc/alternatives/montage, cannot find inode
Warning fcopy: skipping /etc/alternatives/c89, cannot find inode
Warning fcopy: skipping /etc/alternatives/vim, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzegrep, cannot find inode
Warning fcopy: skipping /etc/alternatives/netcat, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode
Warning fcopy: skipping /etc/alternatives/cpp, cannot find inode
Warning fcopy: skipping /etc/alternatives/composite, cannot find inode
Warning fcopy: skipping /etc/alternatives/ftp, cannot find inode
Warning fcopy: skipping /etc/alternatives/animate, cannot find inode
Warning fcopy: skipping /etc/alternatives/pinentry-x11, cannot find inode
Warning fcopy: skipping /etc/alternatives/jsondiff, cannot find inode
Warning fcopy: skipping /etc/alternatives/cssparse, cannot find inode
Warning fcopy: skipping /etc/alternatives/mogrify-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/vimdiff, cannot find inode
Warning fcopy: skipping /etc/alternatives/convert-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode
Warning fcopy: skipping /etc/alternatives/stream-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzless, cannot find inode
Warning fcopy: skipping /etc/alternatives/stream, cannot find inode
Warning fcopy: skipping /etc/alternatives/rsh, cannot find inode
Warning fcopy: skipping /etc/alternatives/rvim, cannot find inode
Warning fcopy: skipping /etc/alternatives/montage-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/import-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/telnet, cannot find inode
Warning fcopy: skipping /etc/alternatives/write, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/bibtex, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/pico, cannot find inode
Warning fcopy: skipping /etc/alternatives/vi, cannot find inode
Warning fcopy: skipping /etc/alternatives/csscapture, cannot find inode
Warning fcopy: skipping /etc/alternatives/convert, cannot find inode
Warning fcopy: skipping /etc/alternatives/gnome-www-browser, cannot find inode
Warning fcopy: skipping /etc/alternatives/compare-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/compare, cannot find inode
Warning fcopy: skipping /etc/alternatives/xdvi.bin, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzgrep, cannot find inode
Warning fcopy: skipping /etc/alternatives/display, cannot find inode
Warning fcopy: skipping /etc/alternatives/pybabel, cannot find inode
Warning fcopy: skipping /etc/alternatives/conjure-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzdiff, cannot find inode
Warning fcopy: skipping /etc/alternatives/awk, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzfgrep, cannot find inode
Warning fcopy: skipping /etc/alternatives/rview, cannot find inode
Warning fcopy: skipping /etc/alternatives/unlzma, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/rcp, cannot find inode
Warning fcopy: skipping /etc/alternatives/tabbed, cannot find inode
Warning fcopy: skipping /etc/alternatives/infobrowser, cannot find inode
Warning fcopy: skipping /etc/alternatives/editor, cannot find inode
Warning fcopy: skipping /etc/alternatives/display-im6, cannot find inode
Warning fcopy: skipping /etc/alternatives/import, cannot find inode
Warning fcopy: skipping /etc/alternatives/pager, cannot find inode
Warning fcopy: skipping /etc/alternatives/c99, cannot find inode
Warning fcopy: skipping /etc/alternatives/nawk, cannot find inode
Warning fcopy: skipping /etc/alternatives/identify, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/fakeroot, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/lzmore, cannot find inode
Warning fcopy: skipping /etc/alternatives/mt, cannot find inode
Warning fcopy: skipping /etc/alternatives/www-browser, cannot find inode
Warning fcopy: skipping /etc/alternatives/which, cannot find inode
Warning fcopy: skipping /etc/alternatives/conjure, cannot find inode
Warning: skipping crypto-policies for private /etc
Warning: skipping password for private /etc
Warning fcopy: skipping /etc/pulse/client.conf.d/01-enable-autospawn.conf, cannot find inode
Private /etc installed in 32.99 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: not remounting /run/user/1000/doc
Warning: cleaning all supplementary groups
Child process initialized in 221.71 ms
[1:1128/162926.824688:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13)

Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /path/to/program

https://gist.github.com/imgurbot12/f54ba56ee1a2cb3bc2dc48122477fc37

Edit: I upgraded firejail using the apt-repository listed in the readme for a more recent version and got the same error.

ii  firejail                                  0.9.72-2~0ubuntu22.04.0                    amd64        sandbox to restrict the application environment
ii  firejail-profiles                         0.9.72-2~0ubuntu22.04.0                    all          profiles for the firejail application sandbox

Edit: I cloned master and did an install of 0.9.73 following the instructions on firejail.wordpress.com and received the same error.

Originally created by @imgurbot12 on GitHub (Nov 28, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/6110 ### Description Hello, love the firejail project and I've used it for years! I've recently come across this error when trying to run discord's latest version `0.0.36` on Ubuntu 22.04 within firejail which causes the entire program to crash: ``` Child process initialized in 223.74 ms [1:1128/162312.415736:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13) ``` ### Steps to Reproduce 1. Run in bash `LC_ALL=C firejail discord` ### Behavior without a profile ```bash $ LC_ALL=C firejail --noprofile discord firejail version 0.9.73 Parent pid 99593, child pid 99594 Base filesystem installed in 0.10 ms Child process initialized in 9.55 ms Warning: an existing sandbox was detected. /usr/bin/discord will run without any additional sandboxing features [1:1129/112108.072421:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13) Parent is shutting down, bye... ``` ### Additional context _Any other detail that may help to understand/debug the problem_ ### Environment firejail-version: `0.9.66` firejail deb versions: ``` ii firejail 0.9.66-2 amd64 sandbox to restrict the application environment ii firejail-profiles 0.9.66-2 all profiles for the firejail application sandbox ``` ### Checklist - [X] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/discord`) "fixes" it). - [X] I can reproduce the issue without custom modifications (e.g. globals.local). - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [X] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - [X] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [X] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /usr/bin/discord</code></summary> <p> ``` Reading profile /etc/firejail/discord.profile Reading profile /home/andrew/.config/firejail/discord.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Warning: networking feature is disabled in Firejail configuration file Reading profile /etc/firejail/discord-common.profile Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 81203, child pid 81204 Warning: skipping discord for private /opt Private /opt installed in 0.12 ms 16 programs installed in 34.37 ms Warning fcopy: skipping /etc/alternatives/aptitude, cannot find inode Warning fcopy: skipping /etc/alternatives/csscombine, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/lzcmp, cannot find inode Warning fcopy: skipping /etc/alternatives/jar, cannot find inode Warning fcopy: skipping /etc/alternatives/c++, cannot find inode Warning fcopy: skipping /etc/alternatives/mogrify, cannot find inode Warning fcopy: skipping /etc/alternatives/lzcat, cannot find inode Warning fcopy: skipping /etc/alternatives/composite-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/automake, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/cc, cannot find inode Warning fcopy: skipping /etc/alternatives/html2markdown, cannot find inode Warning fcopy: skipping /etc/alternatives/pinentry, cannot find inode Warning fcopy: skipping /etc/alternatives/animate-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/identify-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/brave-browser, cannot find inode Warning fcopy: skipping /etc/alternatives/nc, cannot find inode Warning fcopy: skipping /etc/alternatives/signal-desktop, cannot find inode Warning fcopy: skipping /etc/alternatives/x-window-manager, cannot find inode Warning fcopy: skipping /etc/alternatives/ex, cannot find inode Warning fcopy: skipping /etc/alternatives/rlogin, cannot find inode Warning fcopy: skipping /etc/alternatives/gnome-text-editor, cannot find inode Warning fcopy: skipping /etc/alternatives/aclocal, cannot find inode Warning fcopy: skipping /etc/alternatives/x-terminal-emulator, cannot find inode Warning fcopy: skipping /etc/alternatives/view, cannot find inode Warning fcopy: skipping /etc/alternatives/rmt, cannot find inode Warning fcopy: skipping /etc/alternatives/lzma, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/x-www-browser, cannot find inode Warning fcopy: skipping /etc/alternatives/montage, cannot find inode Warning fcopy: skipping /etc/alternatives/c89, cannot find inode Warning fcopy: skipping /etc/alternatives/vim, cannot find inode Warning fcopy: skipping /etc/alternatives/lzegrep, cannot find inode Warning fcopy: skipping /etc/alternatives/netcat, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode Warning fcopy: skipping /etc/alternatives/cpp, cannot find inode Warning fcopy: skipping /etc/alternatives/composite, cannot find inode Warning fcopy: skipping /etc/alternatives/ftp, cannot find inode Warning fcopy: skipping /etc/alternatives/animate, cannot find inode Warning fcopy: skipping /etc/alternatives/pinentry-x11, cannot find inode Warning fcopy: skipping /etc/alternatives/jsondiff, cannot find inode Warning fcopy: skipping /etc/alternatives/cssparse, cannot find inode Warning fcopy: skipping /etc/alternatives/mogrify-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/vimdiff, cannot find inode Warning fcopy: skipping /etc/alternatives/convert-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode Warning fcopy: skipping /etc/alternatives/stream-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/lzless, cannot find inode Warning fcopy: skipping /etc/alternatives/stream, cannot find inode Warning fcopy: skipping /etc/alternatives/rsh, cannot find inode Warning fcopy: skipping /etc/alternatives/rvim, cannot find inode Warning fcopy: skipping /etc/alternatives/montage-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/import-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/telnet, cannot find inode Warning fcopy: skipping /etc/alternatives/write, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/bibtex, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode Warning fcopy: skipping /etc/alternatives/pico, cannot find inode Warning fcopy: skipping /etc/alternatives/vi, cannot find inode Warning fcopy: skipping /etc/alternatives/csscapture, cannot find inode Warning fcopy: skipping /etc/alternatives/convert, cannot find inode Warning fcopy: skipping /etc/alternatives/gnome-www-browser, cannot find inode Warning fcopy: skipping /etc/alternatives/compare-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/compare, cannot find inode Warning fcopy: skipping /etc/alternatives/xdvi.bin, cannot find inode Warning fcopy: skipping /etc/alternatives/lzgrep, cannot find inode Warning fcopy: skipping /etc/alternatives/display, cannot find inode Warning fcopy: skipping /etc/alternatives/pybabel, cannot find inode Warning fcopy: skipping /etc/alternatives/conjure-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/lzdiff, cannot find inode Warning fcopy: skipping /etc/alternatives/awk, cannot find inode Warning fcopy: skipping /etc/alternatives/lzfgrep, cannot find inode Warning fcopy: skipping /etc/alternatives/rview, cannot find inode Warning fcopy: skipping /etc/alternatives/unlzma, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode Warning fcopy: skipping /etc/alternatives/rcp, cannot find inode Warning fcopy: skipping /etc/alternatives/tabbed, cannot find inode Warning fcopy: skipping /etc/alternatives/infobrowser, cannot find inode Warning fcopy: skipping /etc/alternatives/editor, cannot find inode Warning fcopy: skipping /etc/alternatives/display-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/import, cannot find inode Warning fcopy: skipping /etc/alternatives/pager, cannot find inode ~ firejail discord Reading profile /etc/firejail/discord.profile Reading profile /home/andrew/.config/firejail/discord.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Warning: networking feature is disabled in Firejail configuration file Reading profile /etc/firejail/discord-common.profile Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 82867, child pid 82868 Warning: skipping discord for private /opt Private /opt installed in 0.13 ms 16 programs installed in 28.34 ms Warning fcopy: skipping /etc/alternatives/aptitude, cannot find inode Warning fcopy: skipping /etc/alternatives/csscombine, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/lzcmp, cannot find inode Warning fcopy: skipping /etc/alternatives/jar, cannot find inode Warning fcopy: skipping /etc/alternatives/c++, cannot find inode Warning fcopy: skipping /etc/alternatives/mogrify, cannot find inode Warning fcopy: skipping /etc/alternatives/lzcat, cannot find inode Warning fcopy: skipping /etc/alternatives/composite-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/automake, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/cc, cannot find inode Warning fcopy: skipping /etc/alternatives/html2markdown, cannot find inode Warning fcopy: skipping /etc/alternatives/pinentry, cannot find inode Warning fcopy: skipping /etc/alternatives/animate-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/identify-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/brave-browser, cannot find inode Warning fcopy: skipping /etc/alternatives/nc, cannot find inode Warning fcopy: skipping /etc/alternatives/signal-desktop, cannot find inode Warning fcopy: skipping /etc/alternatives/x-window-manager, cannot find inode Warning fcopy: skipping /etc/alternatives/ex, cannot find inode Warning fcopy: skipping /etc/alternatives/rlogin, cannot find inode Warning fcopy: skipping /etc/alternatives/gnome-text-editor, cannot find inode Warning fcopy: skipping /etc/alternatives/aclocal, cannot find inode Warning fcopy: skipping /etc/alternatives/x-terminal-emulator, cannot find inode Warning fcopy: skipping /etc/alternatives/view, cannot find inode Warning fcopy: skipping /etc/alternatives/rmt, cannot find inode Warning fcopy: skipping /etc/alternatives/lzma, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/x-www-browser, cannot find inode Warning fcopy: skipping /etc/alternatives/montage, cannot find inode Warning fcopy: skipping /etc/alternatives/c89, cannot find inode Warning fcopy: skipping /etc/alternatives/vim, cannot find inode Warning fcopy: skipping /etc/alternatives/lzegrep, cannot find inode Warning fcopy: skipping /etc/alternatives/netcat, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode Warning fcopy: skipping /etc/alternatives/cpp, cannot find inode Warning fcopy: skipping /etc/alternatives/composite, cannot find inode Warning fcopy: skipping /etc/alternatives/ftp, cannot find inode Warning fcopy: skipping /etc/alternatives/animate, cannot find inode Warning fcopy: skipping /etc/alternatives/pinentry-x11, cannot find inode Warning fcopy: skipping /etc/alternatives/jsondiff, cannot find inode Warning fcopy: skipping /etc/alternatives/cssparse, cannot find inode Warning fcopy: skipping /etc/alternatives/mogrify-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/vimdiff, cannot find inode Warning fcopy: skipping /etc/alternatives/convert-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode Warning fcopy: skipping /etc/alternatives/stream-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/lzless, cannot find inode Warning fcopy: skipping /etc/alternatives/stream, cannot find inode Warning fcopy: skipping /etc/alternatives/rsh, cannot find inode Warning fcopy: skipping /etc/alternatives/rvim, cannot find inode Warning fcopy: skipping /etc/alternatives/montage-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/import-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/telnet, cannot find inode Warning fcopy: skipping /etc/alternatives/write, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/bibtex, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode Warning fcopy: skipping /etc/alternatives/pico, cannot find inode Warning fcopy: skipping /etc/alternatives/vi, cannot find inode Warning fcopy: skipping /etc/alternatives/csscapture, cannot find inode Warning fcopy: skipping /etc/alternatives/convert, cannot find inode Warning fcopy: skipping /etc/alternatives/gnome-www-browser, cannot find inode Warning fcopy: skipping /etc/alternatives/compare-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/compare, cannot find inode Warning fcopy: skipping /etc/alternatives/xdvi.bin, cannot find inode Warning fcopy: skipping /etc/alternatives/lzgrep, cannot find inode Warning fcopy: skipping /etc/alternatives/display, cannot find inode Warning fcopy: skipping /etc/alternatives/pybabel, cannot find inode Warning fcopy: skipping /etc/alternatives/conjure-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/lzdiff, cannot find inode Warning fcopy: skipping /etc/alternatives/awk, cannot find inode Warning fcopy: skipping /etc/alternatives/lzfgrep, cannot find inode Warning fcopy: skipping /etc/alternatives/rview, cannot find inode Warning fcopy: skipping /etc/alternatives/unlzma, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode Warning fcopy: skipping /etc/alternatives/rcp, cannot find inode Warning fcopy: skipping /etc/alternatives/tabbed, cannot find inode Warning fcopy: skipping /etc/alternatives/infobrowser, cannot find inode Warning fcopy: skipping /etc/alternatives/editor, cannot find inode Warning fcopy: skipping /etc/alternatives/display-im6, cannot find inode Warning fcopy: skipping /etc/alternatives/import, cannot find inode Warning fcopy: skipping /etc/alternatives/pager, cannot find inode Warning fcopy: skipping /etc/alternatives/c99, cannot find inode Warning fcopy: skipping /etc/alternatives/nawk, cannot find inode Warning fcopy: skipping /etc/alternatives/identify, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/fakeroot, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/lzmore, cannot find inode Warning fcopy: skipping /etc/alternatives/mt, cannot find inode Warning fcopy: skipping /etc/alternatives/www-browser, cannot find inode Warning fcopy: skipping /etc/alternatives/which, cannot find inode Warning fcopy: skipping /etc/alternatives/conjure, cannot find inode Warning: skipping crypto-policies for private /etc Warning: skipping password for private /etc Warning fcopy: skipping /etc/pulse/client.conf.d/01-enable-autospawn.conf, cannot find inode Private /etc installed in 32.99 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: not remounting /run/user/1000/doc Warning: cleaning all supplementary groups Child process initialized in 221.71 ms [1:1128/162926.824688:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13) Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> https://gist.github.com/imgurbot12/f54ba56ee1a2cb3bc2dc48122477fc37 </p> </details> Edit: I upgraded firejail using the apt-repository listed in the readme for a more recent version and got the same error. ``` ii firejail 0.9.72-2~0ubuntu22.04.0 amd64 sandbox to restrict the application environment ii firejail-profiles 0.9.72-2~0ubuntu22.04.0 all profiles for the firejail application sandbox ``` Edit: I cloned master and did an install of `0.9.73` following the instructions on [firejail.wordpress.com](https://firejail.wordpress.com/download-2/) and received the same error.

gitea-mirror

2026-05-05 09:48:17 -06:00

closed this issue
added the
needinfo

notabug
labels

gitea-mirror commented

2026-05-05 09:48:20 -06:00

Author

Owner

@kmk3 commented on GitHub (Nov 29, 2023):

Child process initialized in 223.74 ms
[1:1128/162312.415736:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13)

Edit: I cloned master and did an install of 0.9.73 following the
instructions on
firejail.wordpress.com and
received the same error.

The error message appears to come from discord itself and is unfortunately not
very informative.

For debugging I'd suggest to stay on 0.9.73 and comment lines in
discord.profile (and in the .profile files that it includes) until it works to
try to narrow down which lines are causing issues.

@kmk3 commented on GitHub (Nov 29, 2023): > ``` > Child process initialized in 223.74 ms > [1:1128/162312.415736:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13) > ``` > Edit: I cloned master and did an install of `0.9.73` following the > instructions on > [firejail.wordpress.com](https://firejail.wordpress.com/download-2/) and > received the same error. The error message appears to come from discord itself and is unfortunately not very informative. For debugging I'd suggest to stay on 0.9.73 and comment lines in discord.profile (and in the .profile files that it includes) until it works to try to narrow down which lines are causing issues.

gitea-mirror commented

2026-05-05 09:48:21 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 29, 2023):

You removed the behavior w/o a profile from the template. What was the result?

@rusty-snake commented on GitHub (Nov 29, 2023): You removed the behavior w/o a profile from the template. What was the result?

gitea-mirror commented

2026-05-05 09:48:22 -06:00

Author

Owner

@imgurbot12 commented on GitHub (Nov 29, 2023):

You removed the behavior w/o a profile from the template. What was the result?

whoops. I mean to remove the actual/expected behavior since i felt that was pretty obvious lol, but that one was cut by accident. Sorry about that. Original comment was edited to include the result. Surprisingly the same error still occurs even without a profile.

@imgurbot12 commented on GitHub (Nov 29, 2023): > You removed the behavior w/o a profile from the template. What was the result? whoops. I mean to remove the actual/expected behavior since i felt that was pretty obvious lol, but that one was cut by accident. Sorry about that. Original comment was edited to include the result. Surprisingly the same error still occurs even without a profile.

gitea-mirror commented

2026-05-05 09:48:23 -06:00

Author

Owner

@imgurbot12 commented on GitHub (Nov 29, 2023):

@kmk3 I did try and play around with profiles a little bit with no success. I'm not much of an expert on how the whole profile config system works but half the time firejail claimed it couldn't find the binary after i had removed some include.

After a bit of tinkering I had commented out almost all of the actual discord portions of the profile and then it moves to electron so maybe this an electron related issue? I have no idea.

@imgurbot12 commented on GitHub (Nov 29, 2023): @kmk3 I did try and play around with profiles a little bit with no success. I'm not much of an expert on how the whole profile config system works but half the time firejail claimed it couldn't find the binary after i had removed some include. After a bit of tinkering I had commented out almost all of the actual discord portions of the profile and then it moves to electron so maybe this an electron related issue? I have no idea.

gitea-mirror commented

2026-05-05 09:48:25 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 29, 2023):

Surprisingly the same error still occurs even without a profile.

What I feared. The very short error from discord had a hint towards processes and even with --noprofile a new pid-namespace is created. You can try with sudo unshare -p sudo -u $USER /usr/bin/discord. This unfortunately means there is no (easy) fix.

@rusty-snake commented on GitHub (Nov 29, 2023): > Surprisingly the same error still occurs even without a profile. What I feared. The very short error from discord had a hint towards processes and even with `--noprofile` a new pid-namespace is created. You can try with `sudo unshare -p sudo -u $USER /usr/bin/discord`. This unfortunately means there is no (easy) fix.

gitea-mirror commented

2026-05-05 09:48:26 -06:00

Author

Owner

@imgurbot12 commented on GitHub (Nov 29, 2023):

This unfortunately means there is no (easy) fix.

Ah, that's unfortunate. Running the command you recommended by itself and with firejail --noprofile in front of it does work. trying to run it with profile enabled gives a likely intended sudo permissions error Error: execute permission denied for /usr/bin/sudo

What's the process to fix something like this? You said it has to do with pid-namespaces. Is there a way for firejail to support that?

@imgurbot12 commented on GitHub (Nov 29, 2023): > This unfortunately means there is no (easy) fix. Ah, that's unfortunate. Running the command you recommended by itself and with `firejail --noprofile` in front of it does work. trying to run it with profile enabled gives a likely intended sudo permissions error `Error: execute permission denied for /usr/bin/sudo` What's the process to fix something like this? You said it has to do with pid-namespaces. Is there a way for firejail to support that?

gitea-mirror commented

2026-05-05 09:48:27 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 29, 2023):

What's the process to fix something like this? You said it has to do with pid-namespaces. Is there a way for firejail to support that?

If something requires a shared pid-namespace, there is currently no solution. However it also does not make really sense to fix it as a sandbox with a shared pid-namespace is very very weak. And only give you a false feeling of security IMHO.

Running the command you recommended by itself

Which could mean it could be something else than the pid-namespace? Maybe try with --profile=noprofile.

Error: execute permission denied for /usr/bin/sudo

Because it is blacklisted.

noblacklisting does not help as there might see be no root and nnp.

@rusty-snake commented on GitHub (Nov 29, 2023): > What's the process to fix something like this? You said it has to do with pid-namespaces. Is there a way for firejail to support that? If something requires a shared pid-namespace, there is currently no solution. However it also does not make really sense to fix it as a sandbox with a shared pid-namespace is very very weak. And only give you a false feeling of security IMHO. > Running the command you recommended by itself Which could mean it could be something else than the pid-namespace? Maybe try with `--profile=noprofile`. > Error: execute permission denied for /usr/bin/sudo Because it is blacklisted. noblacklisting does not help as there might see be no root and nnp.

gitea-mirror commented

2026-05-05 09:48:28 -06:00

Author

Owner

@imgurbot12 commented on GitHub (Nov 29, 2023):

Which could mean it could be something else than the pid-namespace? Maybe try with --profile=noprofile.

Maybe I'm misunderstanding or I wasn't clear enough but that is what I did.
Both sudo unshare -p sudo -u $USER /usr/bin/discord and firejail --noprofile sudo unshare -p sudo -u $USER /usr/bin/discord
do work and discord boots up properly.
firejail --profile=noprofile sudo unshare -p sudo -u $USER /usr/bin/discord also works.

...there is currently no solution. However it also does not make really sense to fix it as a sandbox with a shared pid-namespace is very very weak. And only give you a false feeling of security IMHO.

Wow, that sucks. I use firejail with discord because I don't really trust it as a program nor the company that operates it all that much, but its something I use to communicate with a lot of people. Does this mean the current design of discord essentially negates most of the value from putting it any sort of sandbox? So there's no way to secure it or lock it down?

@imgurbot12 commented on GitHub (Nov 29, 2023): > Which could mean it could be something else than the pid-namespace? Maybe try with --profile=noprofile. Maybe I'm misunderstanding or I wasn't clear enough but that is what I did. Both `sudo unshare -p sudo -u $USER /usr/bin/discord` and `firejail --noprofile sudo unshare -p sudo -u $USER /usr/bin/discord` do work and discord boots up properly. `firejail --profile=noprofile sudo unshare -p sudo -u $USER /usr/bin/discord` also works. > ...there is currently no solution. However it also does not make really sense to fix it as a sandbox with a shared pid-namespace is very very weak. And only give you a false feeling of security IMHO. Wow, that sucks. I use firejail with discord because I don't really trust it as a program nor the company that operates it all that much, but its something I use to communicate with a lot of people. Does this mean the current design of discord essentially negates most of the value from putting it any sort of sandbox? So there's no way to secure it or lock it down?

gitea-mirror commented

2026-05-05 09:48:29 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 30, 2023):

Can you try just firejail --profile=noprofile /usr/bin/discord

@rusty-snake commented on GitHub (Nov 30, 2023): Can you try just `firejail --profile=noprofile /usr/bin/discord`

gitea-mirror commented

2026-05-05 09:48:30 -06:00

Author

Owner

@imgurbot12 commented on GitHub (Nov 30, 2023):

Can you try just firejail --profile=noprofile /usr/bin/discord

same error:

$ firejail --profile=noprofile /usr/bin/discord
firejail version 0.9.73

Parent pid 99593, child pid 99594
Base filesystem installed in 0.10 ms
Child process initialized in 9.55 ms
Warning: an existing sandbox was detected. /usr/bin/discord will run without any additional sandboxing features
[1:1129/112108.072421:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13)

Parent is shutting down, bye...

@imgurbot12 commented on GitHub (Nov 30, 2023): > Can you try just `firejail --profile=noprofile /usr/bin/discord` same error: ``` $ firejail --profile=noprofile /usr/bin/discord firejail version 0.9.73 Parent pid 99593, child pid 99594 Base filesystem installed in 0.10 ms Child process initialized in 9.55 ms Warning: an existing sandbox was detected. /usr/bin/discord will run without any additional sandboxing features [1:1129/112108.072421:FATAL:proc_util.cc(97)] Check failed: . : Permission denied (13) Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 09:48:31 -06:00

Author

Owner

@imgurbot12 commented on GitHub (May 21, 2024):

After an upgrade to the OS from ubuntu 22.04 to 24.04 this is magically fixed so I'm just closing the issue seeing no work is being done on this. Thanks

@imgurbot12 commented on GitHub (May 21, 2024): After an upgrade to the OS from ubuntu 22.04 to 24.04 this is magically fixed so I'm just closing the issue seeing no work is being done on this. Thanks

gitea-mirror referenced this issue

2026-05-05 10:25:00 -06:00

[PR #3265] [MERGED] Fine-grained DBus sandboxing #4701

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3184

No description provided.

Rows
Columns