github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6725] Thunderbird cannot send emails via IMAP when email crypgraphic signing is enabled #3347

New issue
Closed
opened 2026-05-05 09:55:52 -06:00 by gitea-mirror · 14 comments
gitea-mirror commented 2026-05-05 09:55:52 -06:00
Owner
Copy link

Originally created by @ipaqmaster on GitHub (Apr 30, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6725

Description

Describe the bug

When thunderbird launches via firejail it cannot send emails.

Steps to Reproduce

Steps to reproduce the behavior

firejail thunderbird

  1. Run in bash LC_ALL=C firejail /path/to/program (LC_ALL=C to get a consistent
    output in English that can be understood by everybody)
  2. Click on '....'
  3. Scroll down to '....'
  4. See error ERROR

Expected behavior

What you expected to happen

Thunderbird should be allowed to connect to its configured SMTP remote and send an email via it.

Actual behavior

What actually happened

Generic non-descriptive error is thrown: with title ``Send Message ErrorsayingSending of the message failed.` and an [OK] button

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

LC_ALL=C firejail --noprofile /usr/bin/thunderbird worked and thunderbird was able to send the email.

Additional context

Any other detail that may help to understand/debug the problem

Environment

  • Name/version/arch of the Linux kernel (uname -srm): Linux 6.12.23-1-lts x86_64
  • Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Arch Linux
  • Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1, mesa 1:24.3.3-2"):Mozilla Thunderbird 137.0.1`
  • Version of Firejail (firejail --version): firejail version 0.9.74
  • If you use a development version of firejail, also the commit from which it
    was compiled (git rev-parse HEAD): NA

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program 

output goes here

Output of LC_ALL=C firejail --debug /path/to/program 

output goes here

Originally created by @ipaqmaster on GitHub (Apr 30, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6725 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description _Describe the bug_ When thunderbird launches via firejail it cannot send emails. ### Steps to Reproduce _Steps to reproduce the behavior_ `firejail thunderbird` 1. Run in bash `LC_ALL=C firejail /path/to/program` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody) 2. Click on '....' 3. Scroll down to '....' 4. See error `ERROR` ### Expected behavior _What you expected to happen_ Thunderbird should be allowed to connect to its configured SMTP remote and send an email via it. ### Actual behavior _What actually happened_ Generic non-descriptive error is thrown: with title ``Send Message Error` saying `Sending of the message failed.` and an [OK] button ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ `LC_ALL=C firejail --noprofile /usr/bin/thunderbird` worked and thunderbird was able to send the email. ### Additional context _Any other detail that may help to understand/debug the problem_ ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): `Linux 6.12.23-1-lts x86_64` - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): `Arch Linux` - Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1, ` mesa 1:24.3.3-2"): `Mozilla Thunderbird 137.0.1` - Version of Firejail (`firejail --version`): `firejail version 0.9.74` - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`): NA ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` output goes here ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> <!-- If the output is too long to embed it into the comment, create a secret gist at https://gist.github.com/ and link it here. --> ``` output goes here ``` </p> </details>
gitea-mirror 2026-05-05 09:55:52 -06:00
gitea-mirror commented 2026-05-05 09:55:55 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Apr 30, 2025):

Log

The logs are missing.

Try commenting thunderbird.profile and firefox-common.profile until it works to
find out which lines are causing the issue.

<!-- gh-comment-id:2840808300 --> @kmk3 commented on GitHub (Apr 30, 2025): > Log The logs are missing. Try commenting thunderbird.profile and firefox-common.profile until it works to find out which lines are causing the issue.
gitea-mirror commented 2026-05-05 09:55:56 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Aug 2, 2025):

Yep coming back to this as it's annoying. I'll fiddle with the default profile to figure out what needs to be permitted for this one.

Thunderbird is not allowed to make outbound connections it seems, at least to 587/tcp (TLS) which is how one of my mail accounts are configured.

Bizarre.. it just happened and I've restarted thunderbird and now outgoing emails are sending just fine (Confirmed firejail is still being used with ps aux | grep thunderbird.

I will start commenting out parts of thunderbird.profile to figure out what's causing this when it happens again.

<!-- gh-comment-id:3146155785 --> @ipaqmaster commented on GitHub (Aug 2, 2025): Yep coming back to this as it's annoying. I'll fiddle with the default profile to figure out what needs to be permitted for this one. Thunderbird is not allowed to make outbound connections it seems, at least to 587/tcp (TLS) which is how one of my mail accounts are configured. Bizarre.. it just happened and I've restarted thunderbird and now outgoing emails are sending just fine (Confirmed firejail is still being used with `ps aux | grep thunderbird`. I will start commenting out parts of thunderbird.profile to figure out what's causing this when it happens again.
gitea-mirror commented 2026-05-05 09:55:57 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Aug 12, 2025):

I commented netfilter in firefox-common.profile and thunderbird was able to send an email (thunderbird.profile includes firefox-common.profile at the bottom)

<!-- gh-comment-id:3177560840 --> @ipaqmaster commented on GitHub (Aug 12, 2025): I commented `netfilter` in `firefox-common.profile` and thunderbird was able to send an email (`thunderbird.profile` includes `firefox-common.profile` at the bottom)
gitea-mirror commented 2026-05-05 09:55:58 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Aug 12, 2025):

There doesn't seem to be a way to add rules to the default netfilter and I don't think the solution would be to make a custom iptables ruleset just for thunderbird for the netfilter argument to reference, unless that's something this project would consider?

<!-- gh-comment-id:3177565138 --> @ipaqmaster commented on GitHub (Aug 12, 2025): There doesn't seem to be a way to add rules to the default netfilter and I don't think the solution would be to make a custom iptables ruleset just for thunderbird for the netfilter argument to reference, unless that's something this project would consider?
gitea-mirror commented 2026-05-05 09:55:59 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Aug 12, 2025):

There does seem to be things like /etc/firejail/webserver.net which means we could make a mailclient.net that could contain iptables rules to allow outbound SMTP ports

<!-- gh-comment-id:3177595742 --> @ipaqmaster commented on GitHub (Aug 12, 2025): There does seem to be things like `/etc/firejail/webserver.net` which means we could make a mailclient.net that could contain iptables rules to allow outbound SMTP ports
gitea-mirror commented 2026-05-05 09:56:00 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Aug 12, 2025):

Strange, the default netfilter rules don't block output for the ports I'm talking about. I'm not sure why omitting the netfilter rule seems to do the trick then.

<!-- gh-comment-id:3177598978 --> @ipaqmaster commented on GitHub (Aug 12, 2025): Strange, the default `netfilter` rules don't block output for the ports I'm talking about. I'm not sure why omitting the `netfilter` rule seems to do the trick then.
gitea-mirror commented 2026-05-05 09:56:02 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Aug 12, 2025):

I commented netfilter in firefox-common.profile and thunderbird was able
to send an email (thunderbird.profile includes firefox-common.profile at
the bottom)

Strange, the default netfilter rules don't block output for the ports I'm
talking about. I'm not sure why omitting the netfilter rule seems to do the
trick then.

For reference, this is the default filter:

It looks like the following profiles have always had netfilter:

  • firefox.profile
  • firefox-common.profile
  • thunderbird.profile

And it looks like the default filter was never changed.

If this is caused by netfilter, then it seems that thunderbird.profile has
been broken in this regard since the beginning.

There does seem to be things like /etc/firejail/webserver.net which means
we could make a mailclient.net that could contain iptables rules to allow
outbound SMTP ports

That sounds great.

If the problem is indeed netfilter, ignore netfilter could be added to
thunderbird.profile for now and later a mailclient.net profile could be added
and included in the profile of every email client.

Feel free to open PRs.

<!-- gh-comment-id:3178651090 --> @kmk3 commented on GitHub (Aug 12, 2025): > I commented `netfilter` in `firefox-common.profile` and thunderbird was able > to send an email (`thunderbird.profile` includes `firefox-common.profile` at > the bottom) > Strange, the default `netfilter` rules don't block output for the ports I'm > talking about. I'm not sure why omitting the `netfilter` rule seems to do the > trick then. For reference, this is the default filter: * <https://github.com/netblue30/firejail/blob/b87974ee26981e8b9b7b912ed8ff471a5ca00451/src/fnetfilter/main.c#L29-L46> It looks like the following profiles have always had `netfilter`: * firefox.profile * firefox-common.profile * thunderbird.profile And it looks like the default filter was never changed. If this is caused by `netfilter`, then it seems that thunderbird.profile has been broken in this regard since the beginning. > There does seem to be things like `/etc/firejail/webserver.net` which means > we could make a mailclient.net that could contain iptables rules to allow > outbound SMTP ports That sounds great. If the problem is indeed `netfilter`, `ignore netfilter` could be added to thunderbird.profile for now and later a mailclient.net profile could be added and included in the profile of every email client. Feel free to open PRs.
gitea-mirror commented 2026-05-05 09:56:02 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 12, 2025):

netfilter is inactive without net IFACE.

<!-- gh-comment-id:3178690678 --> @rusty-snake commented on GitHub (Aug 12, 2025): `netfilter` is inactive without `net IFACE`.
gitea-mirror commented 2026-05-05 09:56:03 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Nov 25, 2025):

Spent some time on this tonight. openssl had no problems connecting to my remotes on 25, 465, 587 and 993. So it had to be thunderbird. And it was.

This issue is caused by using openpgp in emails. The error when I send an email with thunderbird is:

JavaScript error: chrome://openpgp/content/modules/mimeEncrypt.sys.mjs, line 377: Error: encryptMessageStart FAILED: -1
console.error: mailnews.send: [Exception... "[JavaScript Error: "encryptMessageStart FAILED: -1" {file: "chrome://openpgp/content/modules/mimeEncrypt.sys.mjs" line: 377}]'[JavaScript Error: "encryptMessageStart FAILED: -1" {file: "chrome://openpgp/content/modules/mimeEncrypt.sys.mjs" line: 377}]' when calling method: [nsIMsgComposeSecure::finishCryptoEncapsulation]"  nsresult: "0x80570021 (NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS)"  location: "JS frame :: resource:///modules/MimeMessage.sys.mjs :: createMessageFile :: line 83"  data: yes]
console.error: mailnews.send: "Sending failed; , exitCode=2153185313, originalMsgURI="

If I go to the top of the email being sent, click the down arrow on OpenPGP and uncheck Digitally Sign, my email sends while using firejail. But not otherwise, which is the default for all emails when you give thunderbird a pgp key to play with.

<!-- gh-comment-id:3574510669 --> @ipaqmaster commented on GitHub (Nov 25, 2025): Spent some time on this tonight. `openssl` had no problems connecting to my remotes on 25, 465, 587 and 993. So it had to be thunderbird. And it was. This issue is caused by using openpgp in emails. The error when I send an email with thunderbird is: ``` JavaScript error: chrome://openpgp/content/modules/mimeEncrypt.sys.mjs, line 377: Error: encryptMessageStart FAILED: -1 console.error: mailnews.send: [Exception... "[JavaScript Error: "encryptMessageStart FAILED: -1" {file: "chrome://openpgp/content/modules/mimeEncrypt.sys.mjs" line: 377}]'[JavaScript Error: "encryptMessageStart FAILED: -1" {file: "chrome://openpgp/content/modules/mimeEncrypt.sys.mjs" line: 377}]' when calling method: [nsIMsgComposeSecure::finishCryptoEncapsulation]" nsresult: "0x80570021 (NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS)" location: "JS frame :: resource:///modules/MimeMessage.sys.mjs :: createMessageFile :: line 83" data: yes] console.error: mailnews.send: "Sending failed; , exitCode=2153185313, originalMsgURI=" ``` If I go to the top of the email being sent, click the down arrow on OpenPGP and uncheck Digitally Sign, my email sends while using firejail. But not otherwise, which is the default for all emails when you give thunderbird a pgp key to play with.
gitea-mirror commented 2026-05-05 09:56:04 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Nov 25, 2025):

Bizarre. I took some stack traces of thunderbird when I send an email to try and find executables or a gnupg sockets I might need to whitelist for this to stop happening.

Then I ran it in firejail again with --debug again, confirming its using the stock thunderbird profile again... and with Digitally Sign checked, as default... the issue is not reproducing 😵

<!-- gh-comment-id:3574575921 --> @ipaqmaster commented on GitHub (Nov 25, 2025): Bizarre. I took some stack traces of thunderbird when I send an email to try and find executables or a gnupg sockets I might need to whitelist for this to stop happening. Then I ran it in firejail again with --debug again, confirming its using the stock thunderbird profile again... and with Digitally Sign checked, as default... the issue is not reproducing 😵
gitea-mirror commented 2026-05-05 09:56:04 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Nov 25, 2025):

It seems running thunderbird without firejail has created whatever special file it was trying to create while firejailed. I'll diff my filesystem.

I rolled back ~/.thunderbird by an hour and it still works, so it's not something in there.

It wasn't until I killed the /usr/bin/gpg-agent --supervised process running as my user that the issue reproduced in firejail. Now I know what it is.

Thunderbird doesn't launch when the .local file contains include ssh.profile

It's not solved by any of these either:

# Not any of these alone or combined
#whitelist ${RUNUSER}/gcr/ssh
#whitelist ${RUNUSER}/gnupg/*/S.gpg-agent.ssh # custom gpg homedir setup
#whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh # default gpg homedir setup
#whitelist ${RUNUSER}/gvfsd-sftp
#whitelist ${RUNUSER}/keyring/ssh

# Or these, even when combined with the above 5
#whitelist ${RUNUSER}/bus
#whitelist ${RUNUSER}/dconf
#whitelist ${RUNUSER}/gdm/Xauthority
#whitelist ${RUNUSER}/ICEauthority
#whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
#whitelist ${RUNUSER}/pulse/native
#whitelist ${RUNUSER}/pipewire-?
#whitelist ${RUNUSER}/wayland-?
#whitelist ${RUNUSER}/xauth_*
#whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]

# It's not this either
#include allow-ssh.inc

# Nope
#noblacklist ${HOME}/.gnupg
#whitelist ${HOME}/.gnupg
#noblacklist ${RUNUSER}
#whitelist ${RUNUSER}

# Nor all together

Commenting include firefox-common.profile allowed thunderbird to prompt for the pgp key for gpg-agent with its key, but took away its charset (Unicode was unicode rectangles with hex values inside them, pasting into my text editor rendered them correctly.)

I have to move on for now. But I'm on the right track. Something to do with gpg-agent and speaking with it. Tried a ton more options in my thunderbird.local file related to the rundir to no avail. Will come back to this soon.

<!-- gh-comment-id:3574585116 --> @ipaqmaster commented on GitHub (Nov 25, 2025): It seems running thunderbird without firejail has created whatever special file it was trying to create while firejailed. I'll diff my filesystem. I rolled back ~/.thunderbird by an hour and it still works, so it's not something in there. It wasn't until I killed the `/usr/bin/gpg-agent --supervised` process running as my user that the issue reproduced in firejail. Now I know what it is. Thunderbird doesn't launch when the .local file contains `include ssh.profile` It's not solved by any of these either: ``` # Not any of these alone or combined #whitelist ${RUNUSER}/gcr/ssh #whitelist ${RUNUSER}/gnupg/*/S.gpg-agent.ssh # custom gpg homedir setup #whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh # default gpg homedir setup #whitelist ${RUNUSER}/gvfsd-sftp #whitelist ${RUNUSER}/keyring/ssh # Or these, even when combined with the above 5 #whitelist ${RUNUSER}/bus #whitelist ${RUNUSER}/dconf #whitelist ${RUNUSER}/gdm/Xauthority #whitelist ${RUNUSER}/ICEauthority #whitelist ${RUNUSER}/.mutter-Xwaylandauth.* #whitelist ${RUNUSER}/pulse/native #whitelist ${RUNUSER}/pipewire-? #whitelist ${RUNUSER}/wayland-? #whitelist ${RUNUSER}/xauth_* #whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] # It's not this either #include allow-ssh.inc # Nope #noblacklist ${HOME}/.gnupg #whitelist ${HOME}/.gnupg #noblacklist ${RUNUSER} #whitelist ${RUNUSER} # Nor all together ``` Commenting `include firefox-common.profile` allowed thunderbird to prompt for the pgp key for gpg-agent with its key, but took away its charset (Unicode was unicode rectangles with hex values inside them, pasting into my text editor rendered them correctly.) I have to move on for now. But I'm on the right track. Something to do with gpg-agent and speaking with it. Tried a ton more options in my thunderbird.local file related to the rundir to no avail. Will come back to this soon.
gitea-mirror commented 2026-05-05 09:56:05 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Nov 25, 2025):

Should've seen that from the start.

It's caused by dbus-user none in firefox-common.profile, included in thunderbird.profile.

<!-- gh-comment-id:3574804618 --> @ipaqmaster commented on GitHub (Nov 25, 2025): Should've seen that from the start. It's caused by `dbus-user none` in firefox-common.profile, included in thunderbird.profile.
gitea-mirror commented 2026-05-05 09:56:06 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Nov 25, 2025):

ignore dbus-user in ~/.config/firejail/thunderbird.local "soft-fixes" this, but it asks for a passphrase when gpg-agent is running despite it being allegedly unlocked by the gnome-keyring-daemon process.

<!-- gh-comment-id:3574824046 --> @ipaqmaster commented on GitHub (Nov 25, 2025): `ignore dbus-user` in `~/.config/firejail/thunderbird.local` "soft-fixes" this, but it asks for a passphrase when gpg-agent is running despite it being allegedly unlocked by the gnome-keyring-daemon process.
gitea-mirror commented 2026-05-05 09:56:06 -06:00
Author
Owner
Copy link

@ipaqmaster commented on GitHub (Nov 25, 2025):

Ah... yep...

ignore dbus-user and ignore dbus-system together in the above .local file solves this problem flawlessly. What a ride.

E:

Looks like it's technically caused by this:

1139157 <... read resumed>, "[GNUPG:] FAILURE sign 83886166\n", 1024) = 31
read(140, "gpg: signing failed: pinentry error\n", 4096) = 36

Something about Thunderbird's dbus access doesn't let it communicate with the running gpg-agent, at least not fully.

<!-- gh-comment-id:3574830142 --> @ipaqmaster commented on GitHub (Nov 25, 2025): Ah... yep... `ignore dbus-user` and `ignore dbus-system` together in the above .local file solves this problem flawlessly. What a ride. E: Looks like it's technically caused by this: ``` 1139157 <... read resumed>, "[GNUPG:] FAILURE sign 83886166\n", 1024) = 31 read(140, "gpg: signing failed: pinentry error\n", 4096) = 36 ``` Something about Thunderbird's dbus access doesn't let it communicate with the running gpg-agent, at least not fully.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3347
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?