github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6373] DNS problem with "--net=eth0" #3255

New issue
Closed
opened 2026-05-05 09:51:38 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 09:51:38 -06:00
Owner
Copy link

Originally created by @daedalus-rwx on GitHub (Jun 7, 2024).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6373

Description

The Jail don't access internet due to DNS problems.
The problems appear to be related to the system's "resolvectl" service.

Steps to Reproduce

$ firejail --noprofile --net=eth0 /bin/bash

Inside the jail: tests --> results

$ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1)    # network namespace interface name with pid suffix (e.g.: eth0-1234)

$ resolvectl query bbc.co.uk		# --> OK
$ resolvectl query bbc.co.uk -i $IF	# --> OK
$ host bbc.co.uk			# --> error 
$ ping -I $IF -c 2 -q bbc.co.uk		# --> error
$ dig bbc.co.uk				# --> error (connection refused)
$ dig bbc.co.uk @1.1.1.1		# --> error (timeout - no servers could be reached)
$ dig bbc.co.uk @8.8.8.8		# --> error (timeout - no servers could be reached)
$ nslookup bbc.co.uk			# --> error (connection refused)
$ tracepath -b bbc.co.uk		# --> error

Out of the jail

on system shell: tests --> results

$ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1)      # network interface name (e.g.: eth0)

$ resolvectl query bbc.co.uk			# --> OK
$ resolvectl query bbc.co.uk -i $IF		# --> OK
$ host bbc.co.uk				# --> OK
$ ping -I $IF -c 2 -q bbc.co.uk			# --> OK
$ dig bbc.co.uk					# --> OK
$ dig bbc.co.uk @1.1.1.1			# --> OK
$ dig bbc.co.uk @8.8.8.8			# --> OK
$ nslookup bbc.co.uk				# --> OK
$ tracepath -b bbc.co.uk			# --> OK

Additional context 01

$ firejail --profile=firefox --net=eth0 /bin/bash

Inside the jail with firefox profile: tests --> results

$ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1)     # network namespace interface name with pid suffix (e.g.: eth0-1234)

$ resolvectl query bbc.co.uk			# --> error (permission danied)
$ resolvectl query bbc.co.uk -i $IF		# --> error (permission danied)
$ host bbc.co.uk				# --> error (permission danied)
$ ping -I $IF -c 2 -q bbc.co.uk			# --> error (operation not permitted)
$ dig bbc.co.uk					# --> error (permission danied)
$ dig bbc.co.uk @1.1.1.1			# --> error (permission danied)
$ dig bbc.co.uk @8.8.8.8			# --> error (permission danied)
$ nslookup bbc.co.uk				# --> error (permission danied)
$ tracepath -b bbc.co.uk			# --> error (Temporary failure in name resolution)

Additional context 02

$ firejail --noprofile /bin/bash

Inside the jail without --net=eth0: tests --> results

$ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1)   # network namespace interface name with pid suffix (e.g.: eth0-1234)

$ resolvectl query bbc.co.uk			# --> OK
$ resolvectl query bbc.co.uk -i $IF		# --> OK
$ host bbc.co.uk				# --> OK
$ ping -I $IF -c 2 -q bbc.co.uk			# --> OK
$ dig bbc.co.uk					# --> OK
$ dig bbc.co.uk @1.1.1.1			# --> OK
$ dig bbc.co.uk @8.8.8.8			# --> OK
$ nslookup bbc.co.uk				# --> OK
$ tracepath -b bbc.co.uk			# --> OK

Environment

  • Ubuntu 22.04 minimal HyperV VM vanilla install. Vanilla network provided by VM switch.
  • Firejail version 0.9.66

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
Originally created by @daedalus-rwx on GitHub (Jun 7, 2024). Original GitHub issue: https://github.com/netblue30/firejail/issues/6373 ### Description The Jail don't access internet due to DNS problems. The problems appear to be related to the system's "resolvectl" service. ### Steps to Reproduce `$ firejail --noprofile --net=eth0 /bin/bash` #### Inside the jail: tests --> results ```bash $ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1) # network namespace interface name with pid suffix (e.g.: eth0-1234) $ resolvectl query bbc.co.uk # --> OK $ resolvectl query bbc.co.uk -i $IF # --> OK $ host bbc.co.uk # --> error $ ping -I $IF -c 2 -q bbc.co.uk # --> error $ dig bbc.co.uk # --> error (connection refused) $ dig bbc.co.uk @1.1.1.1 # --> error (timeout - no servers could be reached) $ dig bbc.co.uk @8.8.8.8 # --> error (timeout - no servers could be reached) $ nslookup bbc.co.uk # --> error (connection refused) $ tracepath -b bbc.co.uk # --> error ``` ### Out of the jail #### on system shell: tests --> results ```bash $ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1) # network interface name (e.g.: eth0) $ resolvectl query bbc.co.uk # --> OK $ resolvectl query bbc.co.uk -i $IF # --> OK $ host bbc.co.uk # --> OK $ ping -I $IF -c 2 -q bbc.co.uk # --> OK $ dig bbc.co.uk # --> OK $ dig bbc.co.uk @1.1.1.1 # --> OK $ dig bbc.co.uk @8.8.8.8 # --> OK $ nslookup bbc.co.uk # --> OK $ tracepath -b bbc.co.uk # --> OK ``` ### Additional context 01 `$ firejail --profile=firefox --net=eth0 /bin/bash` #### Inside the jail with firefox profile: tests --> results ```bash $ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1) # network namespace interface name with pid suffix (e.g.: eth0-1234) $ resolvectl query bbc.co.uk # --> error (permission danied) $ resolvectl query bbc.co.uk -i $IF # --> error (permission danied) $ host bbc.co.uk # --> error (permission danied) $ ping -I $IF -c 2 -q bbc.co.uk # --> error (operation not permitted) $ dig bbc.co.uk # --> error (permission danied) $ dig bbc.co.uk @1.1.1.1 # --> error (permission danied) $ dig bbc.co.uk @8.8.8.8 # --> error (permission danied) $ nslookup bbc.co.uk # --> error (permission danied) $ tracepath -b bbc.co.uk # --> error (Temporary failure in name resolution) ``` ### Additional context 02 `$ firejail --noprofile /bin/bash` #### Inside the jail without `--net=eth0`: tests --> results ```bash $ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1) # network namespace interface name with pid suffix (e.g.: eth0-1234) $ resolvectl query bbc.co.uk # --> OK $ resolvectl query bbc.co.uk -i $IF # --> OK $ host bbc.co.uk # --> OK $ ping -I $IF -c 2 -q bbc.co.uk # --> OK $ dig bbc.co.uk # --> OK $ dig bbc.co.uk @1.1.1.1 # --> OK $ dig bbc.co.uk @8.8.8.8 # --> OK $ nslookup bbc.co.uk # --> OK $ tracepath -b bbc.co.uk # --> OK ``` ### Environment - Ubuntu 22.04 minimal HyperV VM vanilla install. Vanilla network provided by VM switch. - Firejail version 0.9.66 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [ ] I can reproduce the issue without custom modifications (e.g. globals.local). - [ ] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate).
gitea-mirror 2026-05-05 09:51:38 -06:00
gitea-mirror commented 2026-05-05 09:51:41 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jun 7, 2024):

Firejail version 0.9.66

0.9.66 is no longer supported nor safe to use. Follow the ubuntu install instructions and upgrade ASAP.

<!-- gh-comment-id:2155661628 --> @ghost commented on GitHub (Jun 7, 2024): > Firejail version 0.9.66 `0.9.66` is no longer supported nor safe to use. Follow the [ubuntu](https://github.com/netblue30/firejail#ubuntu) install instructions and upgrade ASAP.
gitea-mirror commented 2026-05-05 09:51:42 -06:00
Author
Owner
Copy link

@daedalus-rwx commented on GitHub (Jun 7, 2024):

0.9.66 is no longer supported nor safe to use. Follow the ubuntu install instructions and upgrade ASAP.

Thanks for the quick response.

Updated to version 0.9.72. The problem persists in the same way as described.

<!-- gh-comment-id:2155687412 --> @daedalus-rwx commented on GitHub (Jun 7, 2024): > `0.9.66` is no longer supported nor safe to use. Follow the [ubuntu](https://github.com/netblue30/firejail#ubuntu) install instructions and upgrade ASAP. Thanks for the quick response. Updated to version `0.9.72`. The problem persists in the same way as described.
gitea-mirror commented 2026-05-05 09:51:44 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jun 8, 2024):

I don't have ethernet on my laptop, and I don't use systemd-resolved. Firejail's --dns= feature is incompatible with it. Other than that the below works fine using the wi-fi interface:

$ firejail --noprofile --net=wlp2s0 --ip=192.168.0.80 --dns=1.1.1.1 /bin/bash

Note: the --dns= feature is not supported on systemd-resolved setups.

<!-- gh-comment-id:2155720041 --> @ghost commented on GitHub (Jun 8, 2024): I don't have ethernet on my laptop, and I don't use systemd-resolved. Firejail's --dns= feature is incompatible with it. Other than that the below works fine using the wi-fi interface: `$ firejail --noprofile --net=wlp2s0 --ip=192.168.0.80 --dns=1.1.1.1 /bin/bash` Note: the --dns= feature is not supported on `systemd-resolved` setups.
gitea-mirror commented 2026-05-05 09:51:46 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 8, 2024):

firejail --noprofile --net=eth0 /bin/bash

  • Querys over the resolved D-Bus API still work (if you use firefox.profile you block access to this API).
  • Querys over the loopback DNS fail because of the new network namespace (expected and wanted).

If you use nss-resolve, DNS will work in the most programs if you allow access to the resolved D-Bus API. Alternatively you could also give your system a mork network namespace friendly DNS setup.

<!-- gh-comment-id:2155834467 --> @rusty-snake commented on GitHub (Jun 8, 2024): > firejail --noprofile --net=eth0 /bin/bash - Querys over the resolved D-Bus API still work (if you use firefox.profile you block access to this API). - Querys over the loopback DNS fail because of the new network namespace (expected and wanted). If you use nss-resolve, DNS will work in the most programs if you allow access to the resolved D-Bus API. Alternatively you could also give your system a mork network namespace friendly DNS setup.
gitea-mirror commented 2026-05-05 09:51:47 -06:00
Author
Owner
Copy link

@daedalus-rwx commented on GitHub (Jun 20, 2024):

Using Bridge in Firejail

Step-by-step to enable internet within the jail.

Note

This network configuration requires setting restricted-network no (as opposed to the default yes). This is found in /etc/firejail/firejail.config.

This bridge configuration allows a jailed application to access the internet. For this, an exclusive and dedicated network is created for the jail, completely separated from the host network, through the network namespace functionality used by firejail.

The communication of the network namespace created by the jail with the host's standard network is done through a bridge interface. The system will need to be configured to enable IPv4 packet forwarding, so that a NAT (network address translation) can then forward the packets appropriately, making the packets originating from the bridge network exit through the host's main internet interface, in a masked way.

Tested on an Ubuntu 22.04 system with a Vanilla installation.

Preparations

  1. Identify the main interface on the host that has internet access.
    This can be done using ip a.
    In this example, the interface with internet access is: eth0

  2. Define a network address (or subnet) different from the host.
    In this example, the 10.10.20.0/24 network is different from the network used in eth0.
    Thus, the free and chosen IP for the bridge is: 10.10.20.1/24

  3. Define a name for the bridge.
    The name of the bridge will be: br-jail

On the host

  1. Create a bridge interface.
$ sudo ip link add br-jail type bridge
$ sudo ip link set br-jail up
  1. Assign a different network from the host.
$ sudo ip addr add 10.10.20.1/24 dev br-jail
  1. Firewall: Before enabling IPv4 forwarding in the system
$ sudo ufw enable
$ sudo iptables -P FORWARD DROP
$ sudo iptables -A FORWARD -i br-jail -s 10.10.20.0/24 -o eth0 -j ACCEPT

This step activates the firewall permanently.
Then, it sets the default packet forwarding policy to DENY (DROP) and creates an exclusive exception for br-jail with origin in the 10.10.20.0/24 network. These configurations are lost when the system restarts.

Note

The current step aims to reinforce security before enabling packet forwarding in the system.
The next step enables packet forwarding by the system.

  1. Enable packet forwarding in the system
$ sudo sysctl -w net.ipv4.ip_forward=1
  1. NAT for packets originating from the bridge network to exit through eth0
$ sudo iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/24 -j MASQUERADE

Start firejail

$ firejail --noprofile --net=br-jail --dns=8.8.8.8 --dns=8.8.4.4 /bin/bash

At this point, it is necessary to ensure the DNS configuration for the jail.
The --dns= functionality of firejail overlays the /etc/resolv.conf file inside the jail with up to 4 DNS's. This ensures that the jail does not use the standard DNS resolution of Ubuntu, via systemd-resolved (internal server), making resolvectl status settings ineffective within the jail.

Inside the jail - Connectivity test

$ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1)      # network interface name (e.g.: eth0)

$ resolvectl query bbc.co.uk			# --> OK
$ resolvectl query bbc.co.uk -i $IF		# --> OK
$ host bbc.co.uk				# --> OK
$ ping -I $IF -c 2 -q bbc.co.uk			# --> OK
$ dig bbc.co.uk					# --> OK
$ dig bbc.co.uk @1.1.1.1			# --> OK
$ dig bbc.co.uk @8.8.8.8			# --> OK
$ nslookup bbc.co.uk				# --> OK
$ tracepath -b bbc.co.uk			# --> OK

Warning

Firewall
The settings in step 3 can be made permanent using:

sudo ufw enable
sudo ufw default deny forward
sudo ufw route allow in on br3 from 10.0.5.0/24 out on eth0

Warning

Permanence
Except for the sudo ufw enable command in step 3, all other configurations (ip, iptables, and sysctl) are temporary and will disappear when the system restarts.

<!-- gh-comment-id:2179641481 --> @daedalus-rwx commented on GitHub (Jun 20, 2024): ## Using Bridge in Firejail Step-by-step to enable internet within the jail. > [!note] > This network configuration requires setting `restricted-network no` (as opposed to the default `yes`). This is found in `/etc/firejail/firejail.config`. This bridge configuration allows a jailed application to access the internet. For this, an exclusive and dedicated network is created for the jail, completely separated from the host network, through the network namespace functionality used by firejail. The communication of the network namespace created by the jail with the host's standard network is done through a `bridge` interface. The system will need to be configured to enable IPv4 packet forwarding, so that a NAT (network address translation) can then forward the packets appropriately, making the packets originating from the `bridge` network exit through the host's main internet interface, in a masked way. Tested on an Ubuntu 22.04 system with a Vanilla installation. ### Preparations 1. **Identify the main interface on the host that has internet access.** This can be done using `ip a`. In this example, the interface with internet access is: `eth0` 2. **Define a network address (or subnet) different from the host.** In this example, the `10.10.20.0/24` network is different from the network used in `eth0`. Thus, the free and chosen IP for the bridge is: `10.10.20.1/24` 3. **Define a name for the `bridge`.** The name of the bridge will be: `br-jail` ### On the host 1. **Create a bridge interface.** ```bash $ sudo ip link add br-jail type bridge $ sudo ip link set br-jail up ``` 2. **Assign a different network from the host.** ```bash $ sudo ip addr add 10.10.20.1/24 dev br-jail ``` 3. **Firewall: Before enabling IPv4 forwarding in the system** ```bash $ sudo ufw enable $ sudo iptables -P FORWARD DROP $ sudo iptables -A FORWARD -i br-jail -s 10.10.20.0/24 -o eth0 -j ACCEPT ``` This step activates the firewall permanently. Then, it sets the default packet forwarding policy to `DENY` (DROP) and creates an exclusive exception for `br-jail` with origin in the `10.10.20.0/24` network. These configurations are lost when the system restarts. > [!note] > The current step aims to reinforce security before enabling packet forwarding in the system. > The next step enables packet forwarding by the system. 4. **Enable packet forwarding in the system** ```bash $ sudo sysctl -w net.ipv4.ip_forward=1 ``` 5. **NAT for packets originating from the bridge network to exit through `eth0`** ```bash $ sudo iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/24 -j MASQUERADE ``` ### Start firejail ```bash $ firejail --noprofile --net=br-jail --dns=8.8.8.8 --dns=8.8.4.4 /bin/bash ``` At this point, it is necessary to ensure the DNS configuration for the jail. The `--dns=` functionality of firejail overlays the `/etc/resolv.conf` file inside the jail with up to 4 DNS's. This ensures that the jail does not use the standard DNS resolution of Ubuntu, via `systemd-resolved` (internal server), making `resolvectl status` settings ineffective within the jail. ### Inside the jail - Connectivity test ```bash $ IF=$(ip -o link show | awk -F': ' '/: eth/{print $2; exit}' | cut -d'@' -f1) # network interface name (e.g.: eth0) $ resolvectl query bbc.co.uk # --> OK $ resolvectl query bbc.co.uk -i $IF # --> OK $ host bbc.co.uk # --> OK $ ping -I $IF -c 2 -q bbc.co.uk # --> OK $ dig bbc.co.uk # --> OK $ dig bbc.co.uk @1.1.1.1 # --> OK $ dig bbc.co.uk @8.8.8.8 # --> OK $ nslookup bbc.co.uk # --> OK $ tracepath -b bbc.co.uk # --> OK ``` > [!WARNING] > **Firewall** > The settings in step 3 can be made permanent using: > ```bash > sudo ufw enable > sudo ufw default deny forward > sudo ufw route allow in on br3 from 10.0.5.0/24 out on eth0 > ``` > [!warning] > **Permanence** > Except for the `sudo ufw enable` command in step 3, all other configurations (`ip`, `iptables`, and `sysctl`) are temporary and will disappear when the system restarts.
gitea-mirror commented 2026-05-05 09:51:48 -06:00
Author
Owner
Copy link

@daedalus-rwx commented on GitHub (Jun 20, 2024):

(...) Alternatively you could also give your system a mork network namespace friendly DNS setup.

This configuration is in accordance with the alternative?

<!-- gh-comment-id:2179644598 --> @daedalus-rwx commented on GitHub (Jun 20, 2024): > (...) Alternatively you could also give your system a mork network namespace friendly DNS setup. [This](https://github.com/netblue30/firejail/issues/6373#issuecomment-2179641481) configuration is in accordance with the alternative?
gitea-mirror commented 2026-05-05 09:51:49 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 20, 2024):

This network configuration requires setting restricted-network no (as opposed to the default yes). This is found in /etc/firejail/firejail.config.

The upstream default is yes. However some distros (Debian) change the default in their packages.

This ensures that the jail does not use the standard DNS resolution of Ubuntu, via systemd-resolved (internal server), making resolvectl status settings ineffective within the jail.

Maybe this depends also on nsswitch.conf.

<!-- gh-comment-id:2179815844 --> @rusty-snake commented on GitHub (Jun 20, 2024): > This network configuration requires setting restricted-network no (as opposed to the default yes). This is found in /etc/firejail/firejail.config. The upstream default is yes. However some distros (Debian) change the default in their packages. > This ensures that the jail does not use the standard DNS resolution of Ubuntu, via systemd-resolved (internal server), making resolvectl status settings ineffective within the jail. Maybe this depends also on nsswitch.conf.
gitea-mirror commented 2026-05-05 09:51:49 -06:00
Author
Owner
Copy link

@daedalus-rwx commented on GitHub (Jun 20, 2024):

Thank you very much, everyone.
And thank you for your work on this project.

<!-- gh-comment-id:2181064716 --> @daedalus-rwx commented on GitHub (Jun 20, 2024): Thank you very much, everyone. And thank you for your work on this project.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3255
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?