[GH-ISSUE #6684] firedragon: program does not start #3335

New issue

Open

opened 2026-05-05 09:55:21 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented 2026-05-05 09:55:21 -06:00

Owner

Copy link

Originally created by @tetoNidan on GitHub (Mar 16, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6684

Description

Firedragon does not start under firejail

Steps to Reproduce

Steps to reproduce the behavior

1. Run in bash LC_ALL=C firejail /usr/bin/firedragon (LC_ALL=C to get a consistent
   output in English that can be understood by everybody)
2. There is a popup saying something about not finding a profile. See terminal output below (Log).

Expected behavior

A web browser to start.

Actual behavior

I get a popup saying something about not finding profile. The terminal output is below.

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

Everything works without a profile. Starting with firejail --noprofile and usr/bin/firedragon result in a fully functional web browser.

Additional context

I copied the /etc/firejail/firedragon.profile to ~/.config/firejail/firedragon.profile and edited the suggested for Arch users. Both commented out and uncommented doesnt seem to have a difference.

Environment

• Name/version/arch of the Linux kernel (uname -srm): Linux 6.13.6-arch1-1-surface x86_64
• Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Arch: Garuda
• Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1,
  mesa 1:24.3.3-2"): FireDragon FireDragon 11.24.0-1
• Version of Firejail (firejail --version): firejail version 0.9.72
• If you use a development version of firejail, also the commit from which it
  was compiled (git rev-parse HEAD): Not development version. Installed from Arch extra

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • [ ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.: Not sure what u2f is and I dont want to allow DRM.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages): Not appimage

Log

Output of LC_ALL=C firejail /path/to/program

firejail firedragon 
Reading profile /home/tool/.config/firejail/firedragon.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-proc.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 49544, child pid 49545
52 programs installed in 83.29 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Warning: cleaning all supplementary groups
Warning: Replacing profile instead of stacking it. It is a legacy behavior that can result in relaxation of the protection. It is here as a temporary measure to unbreak the software that has been broken by switching to the stacking behavior.
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 231.33 ms
[59, Main Thread] WARNING: Settings portal not found: Could not connect: Permission denied: 'glib warning', file /home/builder/build/src/firedragon-catppuccin-v11.24.0-1/toolkit/xre/nsSigHandlers.cpp:187
 
(firedragon:59): Gdk-WARNING **: 07:05:27.823: Settings portal not found: Could not connect: Permission denied
 
Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /path/to/program

https://gist.github.com/tetoNidan/0def4e0bdea0cd329d652db0a8bc3b50

way to big.

Amended: Here is my firedragon.profile

# Firejail profile for FireDragon
# Description: Librewolf fork with enhanced KDE integration
# This file is overwritten after every install/update
# Persistent local customizations
include firedragon.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.cache/firedragon
noblacklist ${HOME}/.firedragon

mkdir ${HOME}/.cache/firedragon
mkdir ${HOME}/.firedragon
whitelist ${HOME}/.cache/firedragon
whitelist ${HOME}/.firedragon

# Add the next lines to your firedragon.local if you want to use the migration wizard.
#noblacklist ${HOME}/.mozilla
#whitelist ${HOME}/.mozilla

# FireDragon requires a shell to launch on Arch. We can possibly remove sh though.
# Add the next line to your firedragon.local to enable private-bin.
private-bin bash,dbus-launch,dbus-send,env,firedragon,python*,sh,which

# Redirect
include firefox-common.profile

Originally created by @tetoNidan on GitHub (Mar 16, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6684 ### Description Firedragon does not start under firejail ### Steps to Reproduce _Steps to reproduce the behavior_ 1. Run in bash `LC_ALL=C firejail /usr/bin/firedragon` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody) 2. There is a popup saying something about not finding a profile. See terminal output below (Log). ### Expected behavior A web browser to start. ### Actual behavior I get a popup saying something about not finding profile. The terminal output is below. ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ Everything works without a `profile`. Starting with `firejail --noprofile` and `usr/bin/firedragon` result in a fully functional web browser. ### Additional context I copied the `/etc/firejail/firedragon.profile` to `~/.config/firejail/firedragon.profile` and edited the suggested for `Arch` users. Both commented out and uncommented doesnt seem to have a difference. ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): `Linux 6.13.6-arch1-1-surface x86_64` - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): `Arch: Garuda` - Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1, mesa 1:24.3.3-2"): `FireDragon FireDragon 11.24.0-1` - Version of Firejail (`firejail --version`): `firejail version 0.9.72` - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`): Not development version. Installed from Arch `extra` ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers.: Not sure what `u2f` is and I dont want to allow `DRM`. - [x] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages): Not appimage ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` firejail firedragon Reading profile /home/tool/.config/firejail/firedragon.profile Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-proc.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 49544, child pid 49545 52 programs installed in 83.29 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Warning: cleaning all supplementary groups Warning: Replacing profile instead of stacking it. It is a legacy behavior that can result in relaxation of the protection. It is here as a temporary measure to unbreak the software that has been broken by switching to the stacking behavior. Warning: Cannot confine the application using AppArmor. Maybe firejail-default AppArmor profile is not loaded into the kernel. As root, run "aa-enforce firejail-default" to load it. Child process initialized in 231.33 ms [59, Main Thread] WARNING: Settings portal not found: Could not connect: Permission denied: 'glib warning', file /home/builder/build/src/firedragon-catppuccin-v11.24.0-1/toolkit/xre/nsSigHandlers.cpp:187 (firedragon:59): Gdk-WARNING **: 07:05:27.823: Settings portal not found: Could not connect: Permission denied Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> <!-- If the output is too long to embed it into the comment, create a secret gist at https://gist.github.com/ and link it here. --> https://gist.github.com/tetoNidan/0def4e0bdea0cd329d652db0a8bc3b50 ``` way to big. ``` </p> </details> Amended: Here is my firedragon.profile ``` # Firejail profile for FireDragon # Description: Librewolf fork with enhanced KDE integration # This file is overwritten after every install/update # Persistent local customizations include firedragon.local # Persistent global definitions include globals.local noblacklist ${HOME}/.cache/firedragon noblacklist ${HOME}/.firedragon mkdir ${HOME}/.cache/firedragon mkdir ${HOME}/.firedragon whitelist ${HOME}/.cache/firedragon whitelist ${HOME}/.firedragon # Add the next lines to your firedragon.local if you want to use the migration wizard. #noblacklist ${HOME}/.mozilla #whitelist ${HOME}/.mozilla # FireDragon requires a shell to launch on Arch. We can possibly remove sh though. # Add the next line to your firedragon.local to enable private-bin. private-bin bash,dbus-launch,dbus-send,env,firedragon,python*,sh,which # Redirect include firefox-common.profile ```

gitea-mirror commented 2026-05-05 09:55:23 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Mar 23, 2025):

Does it work with firejail-git?

<!-- gh-comment-id:2746316140 --> @kmk3 commented on GitHub (Mar 23, 2025): Does it work with [firejail-git](https://github.com/netblue30/firejail?tab=readme-ov-file#building)?

gitea-mirror commented 2026-05-05 09:55:23 -06:00

Author

Owner

Copy link

@tetoNidan commented on GitHub (Mar 23, 2025):

Just tried with building firejsil-git from source, Same error in the console. I didn't know that you could copy the GUI popup error notification box. Here is the Error displayed in the GUI Your FireDragon profile cannot be loaded. It may be missing or inaccessible.

Would you like a new copy of the --debug terminal output? I don't think anything has changed. The standard terminal output is below.

firejail /usr/bin/firedragon 
Reading profile /home/tool/.config/firejail/firedragon.profile
Reading profile /usr/local/etc/firejail/firefox-common.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-exec.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-proc.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Reading profile /usr/local/etc/firejail/whitelist-run-common.inc
Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc
Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
firejail version 0.9.74

Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Ignoring "dbus-user.talk org.freedesktop.portal.Documents".
Parent pid 23661, child pid 23662
52 programs installed in 53.36 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning fcopy: cannot create symbolic link /etc/xdg/autostart/libinput-gestures.desktop
Private /etc installed in 45.15 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Base filesystem installed in 29.64 ms
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 180.52 ms
[90, Main Thread] WARNING: Settings portal not found: Could not connect: Permission denied: 'glib warning', file /home/builder/build/src/firedragon-catppuccin-v11.24.0-1/toolkit/xre/nsSigHandlers.cpp:187

(firedragon:90): Gdk-WARNING **: 12:25:27.677: Settings portal not found: Could not connect: Permission denied

Thought I should mention, thanks for your teams work BTW! It is much appreciated.

Edit: Noticed that the more info tag was added. How can I help?

<!-- gh-comment-id:2746356179 --> @tetoNidan commented on GitHub (Mar 23, 2025): Just tried with building firejsil-git from source, Same error in the console. I didn't know that you could copy the GUI popup error notification box. Here is the Error displayed in the GUI `Your FireDragon profile cannot be loaded. It may be missing or inaccessible.` Would you like a new copy of the --debug terminal output? I don't think anything has changed. The standard terminal output is below. ``` firejail /usr/bin/firedragon Reading profile /home/tool/.config/firejail/firedragon.profile Reading profile /usr/local/etc/firejail/firefox-common.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-exec.inc Reading profile /usr/local/etc/firejail/disable-interpreters.inc Reading profile /usr/local/etc/firejail/disable-proc.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Reading profile /usr/local/etc/firejail/whitelist-common.inc Reading profile /usr/local/etc/firejail/whitelist-run-common.inc Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc Reading profile /usr/local/etc/firejail/whitelist-var-common.inc firejail version 0.9.74 Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Ignoring "dbus-user.talk org.freedesktop.portal.Documents". Parent pid 23661, child pid 23662 52 programs installed in 53.36 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning fcopy: cannot create symbolic link /etc/xdg/autostart/libinput-gestures.desktop Private /etc installed in 45.15 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Base filesystem installed in 29.64 ms Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 180.52 ms [90, Main Thread] WARNING: Settings portal not found: Could not connect: Permission denied: 'glib warning', file /home/builder/build/src/firedragon-catppuccin-v11.24.0-1/toolkit/xre/nsSigHandlers.cpp:187 (firedragon:90): Gdk-WARNING **: 12:25:27.677: Settings portal not found: Could not connect: Permission denied ``` Thought I should mention, thanks for your teams work BTW! It is much appreciated. Edit: Noticed that the `more info` tag was added. How can I help?

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3335

No description provided.