[GH-ISSUE #6809] w3m: Initial page loads but cannot navigate an subsequent links #3380

New issue

Open

opened 2026-05-05 09:57:20 -06:00 by gitea-mirror · 8 comments

gitea-mirror commented 2026-05-05 09:57:20 -06:00

Owner

Copy link

Originally created by @cameronj86 on GitHub (Jul 10, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6809

Description

Cannot navigate any pages beyond the landing page for the website www.techmeme.com/m

Steps to Reproduce

1. Create symbolic link w/ firejail & w3m using the default profile
2. w3m www.techmeme.com/m
3. Navigate any of the links
4. Website hangs

Expected behavior

Links load successfully

Actual behavior

Every link hangs with a blank page

Behavior without a profile

Content loads successfully

Additional context

Occasionally some webpages might us JS which w3m can't handle, but I have tried 6 different links w/ firejail vs w/o and only 1 had that issue w/o firejail.

Environment

• Linux 6.12.17-amd64 x86_64
• Debian 13 - Trixie
• w3m version w3m/0.5.3+git20230121
• firejail version 0.9.74

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

Log

Using one of the links returns nothing:
LC_ALL=C firejail w3m https://www.axios.com/2025/07/08/elon-musk-grok-x-twitter-hitler-posts 2>&1 | tee firejail_output.log

Originally created by @cameronj86 on GitHub (Jul 10, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6809 ### Description Cannot navigate any pages beyond the landing page for the website www.techmeme.com/m ### Steps to Reproduce 1. Create symbolic link w/ firejail & w3m using the default profile 2. `w3m www.techmeme.com/m` 3. Navigate any of the links 4. Website hangs ### Expected behavior Links load successfully ### Actual behavior Every link hangs with a blank page ### Behavior without a profile Content loads successfully ### Additional context Occasionally some webpages might us JS which w3m can't handle, but I have tried 6 different links w/ firejail vs w/o and only 1 had that issue w/o firejail. ### Environment - Linux 6.12.17-amd64 x86_64 - Debian 13 - Trixie - w3m version w3m/0.5.3+git20230121 - firejail version 0.9.74 ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. ### Log Using one of the links returns nothing: `LC_ALL=C firejail w3m https://www.axios.com/2025/07/08/elon-musk-grok-x-twitter-hitler-posts 2>&1 | tee firejail_output.log`

gitea-mirror added the

networking

needinfo

labels 2026-05-05 09:57:20 -06:00

gitea-mirror commented 2026-05-05 09:57:22 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 10, 2025):

works in bookworm debian 12 but i don't have images. I narrowed that down to something in disable*,still looking
It could be similar

copy the w3m profile to .config/firejail and try to open it up to see if it starts to work.

EDIT: disable-x11.inc blocks the images, i see blacklist ${RUNUSER}/wayland-* , that could be doing the same under wayland

<!-- gh-comment-id:3057497081 --> @ghost commented on GitHub (Jul 10, 2025): works in bookworm debian 12 but i don't have images. I narrowed that down to something in disable*,still looking It could be similar copy the w3m profile to .config/firejail and try to open it up to see if it starts to work. EDIT: disable-x11.inc blocks the images, i see blacklist ${RUNUSER}/wayland-* , that could be doing the same under wayland

gitea-mirror commented 2026-05-05 09:57:23 -06:00

Author

Owner

Copy link

@cameronj86 commented on GitHub (Jul 11, 2025):

Disabling Wayland didn't improve the situation.

I did stumble across this comment in #5010 which might be somewhat related because:

1. I'm on Debian
2. It is affecting another browser
3. It references 0.9.74

In the Debian bug 1010569, there is a comment saying that this issue resurfaced with 0.9.74 when private-etc was enabled. I can confirm that a change in /etc/resolv.conf is not propagated

The two things that gives me pause are

1. I am still able to visually see my resolv.conf file if I navigate to file:///etc/resolv.conf in the firejailed w3m tab. My uneducated guess is that this means that the app can still resolve successfully.
2. My w3m file has ignore private-etc enabled

Not sure if it's relevant, but I am running OpenWRT + banIP along with AdGuardHome. Based on my limited reading, firejail doesn't attempt to make any DNS interventions, but if it is, any DoH traffic or traffic on unfamiliar ports is either blocked or redirected which would also lead to non

The inability to navigate between websites does seems DNS-related, altho I cannot understand how techmeme manages to load successfully while every other website is failing. If I go directly to yahoo.com or reddit.com, it never loads for example.

<!-- gh-comment-id:3060164184 --> @cameronj86 commented on GitHub (Jul 11, 2025): Disabling Wayland didn't improve the situation. I did stumble across this comment in #5010 which might be somewhat related because: 1. I'm on Debian 2. It is affecting another browser 3. It references 0.9.74 > In the [Debian bug 1010569](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010569), there is a [comment](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010569#15) saying that this issue resurfaced with 0.9.74 when private-etc was enabled. I can confirm that a change in /etc/resolv.conf is not propagated The two things that gives me pause are 1. I am still able to visually see my resolv.conf file if I navigate to `file:///etc/resolv.conf` in the firejailed w3m tab. My uneducated guess is that this means that the app can still resolve successfully. 2. My w3m file has `ignore private-etc` enabled Not sure if it's relevant, but I am running OpenWRT + banIP along with AdGuardHome. Based on my limited reading, firejail doesn't attempt to make any DNS interventions, but if it is, any DoH traffic or traffic on unfamiliar ports is either blocked or redirected which would also lead to non The inability to navigate between websites does seems DNS-related, altho I cannot understand how techmeme manages to load successfully while every other website is failing. If I go directly to yahoo.com or reddit.com, it never loads for example.

gitea-mirror commented 2026-05-05 09:57:24 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Jul 11, 2025):

LC_ALL=C firejail w3m

Use either just w3m or firejail /usr/bin/w3m to avoid issues like #2877.

There is no obvious error message, so as @pirate486743186 mentioned, you can
copy /etc/firejail/w3m.profile to ~/.config/firejail and comment it until it
works, then post the lines that are causing issues.

You can also try using --trace=trace.txt to see which files it tries to
access and edit the profile accordingly.

Example:

LC_ALL=C firejail --trace=trace.txt /usr/bin/w3m $url

<!-- gh-comment-id:3060648164 --> @kmk3 commented on GitHub (Jul 11, 2025): > ``` > LC_ALL=C firejail w3m > ``` Use either just `w3m` or `firejail /usr/bin/w3m` to avoid issues like #2877. There is no obvious error message, so as @pirate486743186 mentioned, you can copy /etc/firejail/w3m.profile to ~/.config/firejail and comment it until it works, then post the lines that are causing issues. You can also try using `--trace=trace.txt` to see which files it tries to access and edit the profile accordingly. Example: ``` LC_ALL=C firejail --trace=trace.txt /usr/bin/w3m $url ```

gitea-mirror commented 2026-05-05 09:57:24 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 11, 2025):

also try this firejail --noprofile /usr/bin/w3m you'll know if it's firejail it self or something in the profile.

<!-- gh-comment-id:3061755819 --> @ghost commented on GitHub (Jul 11, 2025): also try this `firejail --noprofile /usr/bin/w3m` you'll know if it's firejail it self or something in the profile.

gitea-mirror commented 2026-05-05 09:57:25 -06:00

Author

Owner

Copy link

@cameronj86 commented on GitHub (Jul 19, 2025):

I was having trouble debugging the original file and cannot create a trace for it:

LC_ALL=C firejail --profile=/etc/firejail/w3m.profile --trace=trace2.txt /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs
open: Permission denied
Error: cannot open trace log file trace2.txt for writing
Error: proc 2143408 cannot sync with peer: unexpected EOF
Peer 2143409 unexpectedly exited with status 1

I have been able to troubleshoot w/ ~/.config/firejail/w3m.profile and get it working. Here are the differences between the two which point to private-bin as the culprit:

diff /etc/firejail/w3m.profile ~/.config/firejail/w3m.profile 
24c24
< 
---
>  
41c41
< 
---
>  
59c59
< 
---
> #
61c61
< private-bin perl,sh,w3m
---
> #private-bin perl,sh,w3m,less # I added less to get a w3m add-on to work
69c69
< 
---
>  

I was able to get trace w/ LC_ALL. (When I tried w/o, it wouldn't print results. My uneducated guess is that w3m being a TUI is front-running output attempts):
LC_ALL=C firejail --profile=w3m --trace=trace.txt /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs
And here is the command + trace output:

Output of LC_ALL=C firejail --profile=w3m --trace=trace.txt /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs

33:w3m:exec /usr/bin/w3m:0
33:w3m:open /proc/stat:4
33:w3m:stat /home:0
33:w3m:stat /home/cameronj86:0
33:w3m:stat /home/cameronj86/.w3m:0
33:w3m:fopen /etc/w3mconfig:(nil)
33:w3m:fopen /etc/w3m/config:(nil)
33:w3m:fopen /home/cameronj86/.w3m/config:0x564ff395a4a0
33:w3m:open (null):-1
33:w3m:stat /home/cameronj86/.terminfo:-1
33:w3m:stat /etc/terminfo:-1
33:w3m:stat /lib/terminfo:-1
33:w3m:stat /usr/share/terminfo:0
33:w3m:access /usr/share/terminfo/x/xterm-256color:0
33:w3m:setfsuid 1000:1000
33:w3m:setfsgid 1000:1000
33:w3m:fopen /usr/share/terminfo/x/xterm-256color:0x564ff395d820
33:w3m:setfsuid 1000:1000
33:w3m:setfsgid 1000:1000
34:sh:exec /usr/bin/dash:0
34:sh:stat64 /tmp:0
34:sh:stat64 .:0
34:sh:open64 /dev/null:5
35:w3mimgdisplay:exec /usr/lib/w3m/w3mimgdisplay:0
35:w3mimgdisplay:setreuid 1000 1000:0
35:w3mimgdisplay:freopen /dev/null:0x7f4854df54e0
35:w3mimgdisplay:setreuid 1000 1000:0
35:w3mimgdisplay:setreuid 1000 1000:0
35:w3mimgdisplay:socket AF_LOCAL SOCK_STREAM 0:6
35:w3mimgdisplay:connect 6 @/tmp/.X11-unix/X0:0
35:w3mimgdisplay:access /run/user/1000/xauth_gYMrkF:0
35:w3mimgdisplay:fopen /run/user/1000/xauth_gYMrkF:0x55c1ec933530
35:w3mimgdisplay:open /usr/share/X11/XErrorDB:7
35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x55c1ec933530
35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x55c1ec933530
35:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0
35:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x55c1ec933530
35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x55c1ec933530
35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x55c1ec933530
35:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0
35:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x55c1ec933530
33:w3m:fopen /home/cameronj86/.w3m/mailcap:0x564ff395d820
33:w3m:fopen /etc/w3m/mailcap:(nil)
33:w3m:fopen /etc/mailcap:0x564ff395d820
33:w3m:fopen /home/cameronj86/.w3m/mime.types:(nil)
33:w3m:fopen /etc/mime.types:(nil)
33:w3m:fopen /home/cameronj86/.w3m/urimethodmap:(nil)
33:w3m:fopen /etc/w3m/urimethodmap:(nil)
36:sh:exec /usr/bin/dash:0
36:sh:stat64 /tmp:0
36:sh:stat64 .:0
36:sh:open64 /dev/null:5
37:w3mimgdisplay:exec /usr/lib/w3m/w3mimgdisplay:0
37:w3mimgdisplay:setreuid 1000 1000:0
37:w3mimgdisplay:freopen /dev/null:0x7ff3d22a44e0
37:w3mimgdisplay:setreuid 1000 1000:0
37:w3mimgdisplay:setreuid 1000 1000:0
37:w3mimgdisplay:socket AF_LOCAL SOCK_STREAM 0:6
37:w3mimgdisplay:connect 6 @/tmp/.X11-unix/X0:0
37:w3mimgdisplay:access /run/user/1000/xauth_gYMrkF:0
37:w3mimgdisplay:fopen /run/user/1000/xauth_gYMrkF:0x5653f1799530
37:w3mimgdisplay:open /usr/share/X11/XErrorDB:7
37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x5653f1799530
37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x5653f1799530
37:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0
37:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x5653f1799530
37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x5653f1799530
37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x5653f1799530
37:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0
37:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x5653f1799530
33:w3m:stat /home/cameronj86/.w3m/passwd:-1
33:w3m:stat /home/cameronj86/.netrc:-1
33:w3m:stat /home/cameronj86/.w3m/pre_form:-1
33:w3m:fopen /home/cameronj86/.w3m/siteconf:(nil)
33:w3m:fopen /etc/w3m/keymap:(nil)
33:w3m:fopen /home/cameronj86/.w3m/keymap:0x564ff395d820
33:w3m:fopen /etc/w3m/mouse:(nil)
33:w3m:fopen /home/cameronj86/.w3m/mouse:(nil)
33:w3m:fopen /etc/w3m/menu:(nil)
33:w3m:fopen /home/cameronj86/.w3m/menu:(nil)
33:w3m:fopen /home/cameronj86/.w3m/cookie:0x564ff395d820
33:w3m:fopen /home/cameronj86/.w3m/history:(nil)
33:w3m:fopen64 /run/systemd/machines/spectrum.ieee.org:(nil)
33:w3m:socket AF_INET SOCK_STREAM IPPROTO_TCP:4
33:w3m:connect 4 146.75.93.91 port 443:0
33:w3m:fopen64 /usr/lib/ssl/openssl.cnf:0x564ff395d820
33:w3m:fopen64 /usr/lib/ssl/cert.pem:0x564ff395d820
33:w3m:stat /etc/ssl/certs/5938fa15.0:-1
33:w3m:stat /usr/lib/ssl/certs/5938fa15.0:-1
33:w3m:open /dev/null:5
33:w3m:stat /home/cameronj86/.w3m/w3mtmp33-0.gz:0
33:w3m:open /home/cameronj86/.w3m/w3mtmp33-0.gz:4
33:w3m:open /dev/null:5
33:w3m:stat /home/cameronj86/.w3m/history:-1
33:w3m:unlink /home/cameronj86/.w3m/w3mtmp33-0.gz:0
33:w3m:unlink /home/cameronj86/.w3m/w3mtmp33-0.gz:-1

<!-- gh-comment-id:3092509880 --> @cameronj86 commented on GitHub (Jul 19, 2025): I was having trouble debugging the original file and cannot create a trace for it: ```bash LC_ALL=C firejail --profile=/etc/firejail/w3m.profile --trace=trace2.txt /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs open: Permission denied Error: cannot open trace log file trace2.txt for writing Error: proc 2143408 cannot sync with peer: unexpected EOF Peer 2143409 unexpectedly exited with status 1 ``` I have been able to troubleshoot w/ `~/.config/firejail/w3m.profile` and get it working. Here are the differences between the two which point to private-bin as the culprit: ```bash diff /etc/firejail/w3m.profile ~/.config/firejail/w3m.profile 24c24 < --- > 41c41 < --- > 59c59 < --- > # 61c61 < private-bin perl,sh,w3m --- > #private-bin perl,sh,w3m,less # I added less to get a w3m add-on to work 69c69 < --- > ``` I was able to get trace w/ `LC_ALL`. (When I tried w/o, it wouldn't print results. My uneducated guess is that w3m being a TUI is front-running output attempts): `LC_ALL=C firejail --profile=w3m --trace=trace.txt /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs` And here is the command + trace output: <details> <summary>Output of <code>LC_ALL=C firejail --profile=w3m --trace=trace.txt /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs</code></summary> <p> ``` 33:w3m:exec /usr/bin/w3m:0 33:w3m:open /proc/stat:4 33:w3m:stat /home:0 33:w3m:stat /home/cameronj86:0 33:w3m:stat /home/cameronj86/.w3m:0 33:w3m:fopen /etc/w3mconfig:(nil) 33:w3m:fopen /etc/w3m/config:(nil) 33:w3m:fopen /home/cameronj86/.w3m/config:0x564ff395a4a0 33:w3m:open (null):-1 33:w3m:stat /home/cameronj86/.terminfo:-1 33:w3m:stat /etc/terminfo:-1 33:w3m:stat /lib/terminfo:-1 33:w3m:stat /usr/share/terminfo:0 33:w3m:access /usr/share/terminfo/x/xterm-256color:0 33:w3m:setfsuid 1000:1000 33:w3m:setfsgid 1000:1000 33:w3m:fopen /usr/share/terminfo/x/xterm-256color:0x564ff395d820 33:w3m:setfsuid 1000:1000 33:w3m:setfsgid 1000:1000 34:sh:exec /usr/bin/dash:0 34:sh:stat64 /tmp:0 34:sh:stat64 .:0 34:sh:open64 /dev/null:5 35:w3mimgdisplay:exec /usr/lib/w3m/w3mimgdisplay:0 35:w3mimgdisplay:setreuid 1000 1000:0 35:w3mimgdisplay:freopen /dev/null:0x7f4854df54e0 35:w3mimgdisplay:setreuid 1000 1000:0 35:w3mimgdisplay:setreuid 1000 1000:0 35:w3mimgdisplay:socket AF_LOCAL SOCK_STREAM 0:6 35:w3mimgdisplay:connect 6 @/tmp/.X11-unix/X0:0 35:w3mimgdisplay:access /run/user/1000/xauth_gYMrkF:0 35:w3mimgdisplay:fopen /run/user/1000/xauth_gYMrkF:0x55c1ec933530 35:w3mimgdisplay:open /usr/share/X11/XErrorDB:7 35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x55c1ec933530 35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x55c1ec933530 35:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0 35:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x55c1ec933530 35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x55c1ec933530 35:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x55c1ec933530 35:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0 35:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x55c1ec933530 33:w3m:fopen /home/cameronj86/.w3m/mailcap:0x564ff395d820 33:w3m:fopen /etc/w3m/mailcap:(nil) 33:w3m:fopen /etc/mailcap:0x564ff395d820 33:w3m:fopen /home/cameronj86/.w3m/mime.types:(nil) 33:w3m:fopen /etc/mime.types:(nil) 33:w3m:fopen /home/cameronj86/.w3m/urimethodmap:(nil) 33:w3m:fopen /etc/w3m/urimethodmap:(nil) 36:sh:exec /usr/bin/dash:0 36:sh:stat64 /tmp:0 36:sh:stat64 .:0 36:sh:open64 /dev/null:5 37:w3mimgdisplay:exec /usr/lib/w3m/w3mimgdisplay:0 37:w3mimgdisplay:setreuid 1000 1000:0 37:w3mimgdisplay:freopen /dev/null:0x7ff3d22a44e0 37:w3mimgdisplay:setreuid 1000 1000:0 37:w3mimgdisplay:setreuid 1000 1000:0 37:w3mimgdisplay:socket AF_LOCAL SOCK_STREAM 0:6 37:w3mimgdisplay:connect 6 @/tmp/.X11-unix/X0:0 37:w3mimgdisplay:access /run/user/1000/xauth_gYMrkF:0 37:w3mimgdisplay:fopen /run/user/1000/xauth_gYMrkF:0x5653f1799530 37:w3mimgdisplay:open /usr/share/X11/XErrorDB:7 37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x5653f1799530 37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x5653f1799530 37:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0 37:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x5653f1799530 37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.alias:0x5653f1799530 37:w3mimgdisplay:fopen /usr/share/X11/locale/locale.dir:0x5653f1799530 37:w3mimgdisplay:access /usr/share/X11/locale/C/XLC_LOCALE:0 37:w3mimgdisplay:fopen /usr/share/X11/locale/C/XLC_LOCALE:0x5653f1799530 33:w3m:stat /home/cameronj86/.w3m/passwd:-1 33:w3m:stat /home/cameronj86/.netrc:-1 33:w3m:stat /home/cameronj86/.w3m/pre_form:-1 33:w3m:fopen /home/cameronj86/.w3m/siteconf:(nil) 33:w3m:fopen /etc/w3m/keymap:(nil) 33:w3m:fopen /home/cameronj86/.w3m/keymap:0x564ff395d820 33:w3m:fopen /etc/w3m/mouse:(nil) 33:w3m:fopen /home/cameronj86/.w3m/mouse:(nil) 33:w3m:fopen /etc/w3m/menu:(nil) 33:w3m:fopen /home/cameronj86/.w3m/menu:(nil) 33:w3m:fopen /home/cameronj86/.w3m/cookie:0x564ff395d820 33:w3m:fopen /home/cameronj86/.w3m/history:(nil) 33:w3m:fopen64 /run/systemd/machines/spectrum.ieee.org:(nil) 33:w3m:socket AF_INET SOCK_STREAM IPPROTO_TCP:4 33:w3m:connect 4 146.75.93.91 port 443:0 33:w3m:fopen64 /usr/lib/ssl/openssl.cnf:0x564ff395d820 33:w3m:fopen64 /usr/lib/ssl/cert.pem:0x564ff395d820 33:w3m:stat /etc/ssl/certs/5938fa15.0:-1 33:w3m:stat /usr/lib/ssl/certs/5938fa15.0:-1 33:w3m:open /dev/null:5 33:w3m:stat /home/cameronj86/.w3m/w3mtmp33-0.gz:0 33:w3m:open /home/cameronj86/.w3m/w3mtmp33-0.gz:4 33:w3m:open /dev/null:5 33:w3m:stat /home/cameronj86/.w3m/history:-1 33:w3m:unlink /home/cameronj86/.w3m/w3mtmp33-0.gz:0 33:w3m:unlink /home/cameronj86/.w3m/w3mtmp33-0.gz:-1 ``` </p> </details>

gitea-mirror commented 2026-05-05 09:57:25 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 20, 2025):

maybe an addon is misbehaving
try firejail --build /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs use it normally, then exit.

it will automatically build a profile, you can have a look at private-bin for the difference (dash=sh)

<!-- gh-comment-id:3093523094 --> @ghost commented on GitHub (Jul 20, 2025): maybe an addon is misbehaving try `firejail --build /usr/bin/w3m https://spectrum.ieee.org/carfax-used-pcs` use it normally, then exit. it will automatically build a profile, you can have a look at private-bin for the difference (dash=sh)

gitea-mirror commented 2026-05-05 09:57:26 -06:00

Author

Owner

Copy link

@cameronj86 commented on GitHub (Jul 21, 2025):

Gave it a shot and the suggested lib was:
private-bin less,gzip,dash,w3m,

gzip was new so I added that but still no dice. There's a lot of changes relative to the stock file AFAICS.

Suggested Build & Stock profile

Build

# Save this file as "application.profile" (change "application" with the
# program name) in ~/.config/firejail directory. Firejail will find it
# automatically every time you sandbox your application.
#
# Run "firejail application" to test it. In the file there are
# some other commands you can try. Enable them by removing the "#".

# Firejail profile for /usr/bin/w3m
# Persistent local customizations
#include /usr/bin/w3m.local
# Persistent global definitions
#include globals.local

### Basic Blacklisting ###
### Enable as many of them as you can! A very important one is
### "disable-exec.inc". This will make among other things your home
### and /tmp directories non-executable.
include disable-common.inc      # dangerous directories like ~/.ssh and ~/.gnupg
#include disable-devel.inc      # development tools such as gcc and gdb
#include disable-exec.inc       # non-executable directories such as /var, /tmp, and /home
#include disable-interpreters.inc       # perl, python, lua etc.
include disable-programs.inc    # user configuration for programs such as firefox, vlc etc.
#include disable-shell.inc      # sh, bash, zsh etc.
#include disable-xdg.inc        # standard user directories: Documents, Pictures, Videos, Music

### Home Directory Whitelisting ###
### If something goes wrong, this section is the first one to comment out.
### Instead, you'll have to relay on the basic blacklisting above.
whitelist ${HOME}/.lesshsQ
whitelist ${HOME}/.mailcap
whitelist ${HOME}/.lesshst
whitelist ${HOME}/.local/state
whitelist ${HOME}/.less
whitelist ${HOME}/.lesskey
whitelist ${HOME}/.netrc
whitelist ${HOME}/.w3m
include whitelist-common.inc

### Filesystem Whitelisting ###
whitelist /run/systemd/machines/www.wired.com
whitelist /run/systemd/machines/www.techmeme.com
whitelist /run/systemd/machines/techmeme.com
whitelist /run/systemd/machines/spectrum.ieee.org
include whitelist-run-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

#apparmor       # if you have AppArmor running, try this one!
caps.drop all
ipc-namespace
netfilter
#no3d   # disable 3D acceleration
#nodvd  # disable DVD and CD devices
#nogroups       # disable supplementary user groups
#noinput        # disable input devices
nonewprivs
noroot
#notpm  # disable TPM devices
#notv   # disable DVB TV devices
#nou2f  # disable U2F devices
#novideo        # disable video capture devices
protocol unix,inet,inet6,
#net eth0
netfilter
seccomp !chroot # allowing chroot, just in case this is an Electron app
#tracelog       # send blacklist violations to syslog

#disable-mnt    # no access to /mnt, /media, /run/mount and /run/media
private-bin less,gzip,dash,w3m,
#private-cache  # run with an empty ~/.cache directory
private-dev
private-etc ssl,sysless,syslesskey,mime.types,mailcap,terminfo,w3m,w3mconfig,
#private-lib
#private-tmp
# File accessed in /tmp directory:
# /tmp/yFhDxU/output.html,/tmp/yFhDxU/input.html,

#dbus-user none
#dbus-system none

#memory-deny-write-execute

Default

# Firejail profile for w3m
# Description: WWW browsable pager with excellent tables/frames support
# This file is overwritten after every install/update
quiet
# Persistent local customizations
include w3m.local
# Persistent global definitions
include globals.local

# Add the next lines to your w3m.local if you want to use w3m-img on a vconsole.
ignore nogroups
ignore private-dev
ignore private-etc

noblacklist ${HOME}/.w3m

#blacklist ${RUNUSER}/wayland-*

# Allow /bin/sh (blacklisted by disable-shell.inc)
include allow-bin-sh.inc

# Allow perl (blacklisted by disable-interpreters.inc)
include allow-perl.inc

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc
include disable-shell.inc
include disable-x11.inc
include disable-xdg.inc

mkdir ${HOME}/.w3m
whitelist /usr/share/w3m
whitelist ${DOWNLOADS}
whitelist ${HOME}/.w3m
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

caps.drop all
ipc-namespace
machine-id
netfilter
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
tracelog

disable-mnt
private-bin perl,sh,w3m
private-cache
private-dev
private-etc @tls-ca,mailcap
private-tmp

dbus-user none
dbus-system none

memory-deny-write-execute
read-write ${HOME}/.w3m
restrict-namespaces

<!-- gh-comment-id:3099420684 --> @cameronj86 commented on GitHub (Jul 21, 2025): Gave it a shot and the suggested lib was: `private-bin less,gzip,dash,w3m,` gzip was new so I added that but still no dice. There's a lot of changes relative to the stock file AFAICS. <details><summary>Suggested Build & Stock profile</summary> <p> ##### Build ```bash # Save this file as "application.profile" (change "application" with the # program name) in ~/.config/firejail directory. Firejail will find it # automatically every time you sandbox your application. # # Run "firejail application" to test it. In the file there are # some other commands you can try. Enable them by removing the "#". # Firejail profile for /usr/bin/w3m # Persistent local customizations #include /usr/bin/w3m.local # Persistent global definitions #include globals.local ### Basic Blacklisting ### ### Enable as many of them as you can! A very important one is ### "disable-exec.inc". This will make among other things your home ### and /tmp directories non-executable. include disable-common.inc # dangerous directories like ~/.ssh and ~/.gnupg #include disable-devel.inc # development tools such as gcc and gdb #include disable-exec.inc # non-executable directories such as /var, /tmp, and /home #include disable-interpreters.inc # perl, python, lua etc. include disable-programs.inc # user configuration for programs such as firefox, vlc etc. #include disable-shell.inc # sh, bash, zsh etc. #include disable-xdg.inc # standard user directories: Documents, Pictures, Videos, Music ### Home Directory Whitelisting ### ### If something goes wrong, this section is the first one to comment out. ### Instead, you'll have to relay on the basic blacklisting above. whitelist ${HOME}/.lesshsQ whitelist ${HOME}/.mailcap whitelist ${HOME}/.lesshst whitelist ${HOME}/.local/state whitelist ${HOME}/.less whitelist ${HOME}/.lesskey whitelist ${HOME}/.netrc whitelist ${HOME}/.w3m include whitelist-common.inc ### Filesystem Whitelisting ### whitelist /run/systemd/machines/www.wired.com whitelist /run/systemd/machines/www.techmeme.com whitelist /run/systemd/machines/techmeme.com whitelist /run/systemd/machines/spectrum.ieee.org include whitelist-run-common.inc include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc #apparmor # if you have AppArmor running, try this one! caps.drop all ipc-namespace netfilter #no3d # disable 3D acceleration #nodvd # disable DVD and CD devices #nogroups # disable supplementary user groups #noinput # disable input devices nonewprivs noroot #notpm # disable TPM devices #notv # disable DVB TV devices #nou2f # disable U2F devices #novideo # disable video capture devices protocol unix,inet,inet6, #net eth0 netfilter seccomp !chroot # allowing chroot, just in case this is an Electron app #tracelog # send blacklist violations to syslog #disable-mnt # no access to /mnt, /media, /run/mount and /run/media private-bin less,gzip,dash,w3m, #private-cache # run with an empty ~/.cache directory private-dev private-etc ssl,sysless,syslesskey,mime.types,mailcap,terminfo,w3m,w3mconfig, #private-lib #private-tmp # File accessed in /tmp directory: # /tmp/yFhDxU/output.html,/tmp/yFhDxU/input.html, #dbus-user none #dbus-system none #memory-deny-write-execute ``` ##### Default ```bash # Firejail profile for w3m # Description: WWW browsable pager with excellent tables/frames support # This file is overwritten after every install/update quiet # Persistent local customizations include w3m.local # Persistent global definitions include globals.local # Add the next lines to your w3m.local if you want to use w3m-img on a vconsole. ignore nogroups ignore private-dev ignore private-etc noblacklist ${HOME}/.w3m #blacklist ${RUNUSER}/wayland-* # Allow /bin/sh (blacklisted by disable-shell.inc) include allow-bin-sh.inc # Allow perl (blacklisted by disable-interpreters.inc) include allow-perl.inc include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-programs.inc include disable-shell.inc include disable-x11.inc include disable-xdg.inc mkdir ${HOME}/.w3m whitelist /usr/share/w3m whitelist ${DOWNLOADS} whitelist ${HOME}/.w3m include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc caps.drop all ipc-namespace machine-id netfilter no3d nodvd nogroups noinput nonewprivs noroot nosound notv nou2f novideo protocol unix,inet,inet6 seccomp tracelog disable-mnt private-bin perl,sh,w3m private-cache private-dev private-etc @tls-ca,mailcap private-tmp dbus-user none dbus-system none memory-deny-write-execute read-write ${HOME}/.w3m restrict-namespaces ```

gitea-mirror commented 2026-05-05 09:57:26 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 22, 2025):

check you didn't mix the profiles when installing.

<!-- gh-comment-id:3102135939 --> @ghost commented on GitHub (Jul 22, 2025): check you didn't mix the profiles when installing.

gitea-mirror referenced this issue 2026-05-05 10:25:42 -06:00

[PR #3380] [MERGED] Add steam-runtime alias #4740

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3380

No description provided.