github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6857] chromium: ERR_INTERNET_DISCONNECTED: cannot connect to the Internet #3399

New issue
Closed
opened 2026-05-05 09:57:55 -06:00 by gitea-mirror · 10 comments
gitea-mirror commented 2026-05-05 09:57:55 -06:00
Owner
Copy link

Originally created by @nva1 on GitHub (Aug 9, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6857

Description

Chromium browsers do not connect to the Internet when sandboxed. I have all applications sandboxed, and until recently I was not having any problems. This occurs with Chromium, Brave, and Edge. It occurred randomly, perhaps after an update, a few weeks ago. Restoring to a previous Timeshift restore point did not resolve the issue. I reverted my local chromium-common.profile back to the original in /etc/firejail and ran sudo firecfg --clean and sudo firecfg, but this did not resolve the issue. I also tried purging and reinstalling Firejail, but this did not help.

Steps to Reproduce

  • Open any Chromium browser such as Chromium, Brave, etc.
  • No Internet connection.
  • Terminal logs showing associated errors are below.
  • Running unsandboxed connects to the Internet.

Expected behavior

Expected behavior is that Chromium based browsers would connect to the Internet while sandboxed.

Actual behavior

When opening a Chromium based browser, the error message appears for all sites:

No internet
Try:
Checking the network cables, modem, and router
Reconnecting to Wi-Fi
ERR_INTERNET_DISCONNECTED

Behavior without a profile

Chromium based browser works as expected, but it is not sandboxed.

$ LC_ALL=C firejail --noprofile chromium
firejail version 0.9.74

Parent pid 60045, child pid 60046
Base filesystem installed in 0.02 ms
Child process initialized in 3.80 ms
Warning: an existing sandbox was detected. /usr/bin/chromium will run without any additional sandboxing features
[3:3:0809/130440.922722:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.systemd1.Manager.StartTransientUnit: object_path= /org/freedesktop/systemd1: org.freedesktop.DBus.Error.InvalidArgs: Process 3 is a kernel thread, refusing.
[3:23:0809/130443.735230:ERROR:chromium-139.0.7258.66/google_apis/gcm/engine/registration_request.cc:291] Registration response error message: DEPRECATED_ENDPOINT

Additional context

This is my chromium-common.profile in ~/.config/firejail. The only change from the default in /etc/firejail is I previously uncommented the line dbus-user none. I did a while back when I suddenly could not enter any keyboard input on Chromium based browsers. This resolved that issue and was long before the Internet connectivity issue this issue is about.

The issue at hand occurs using the default profile or with the edited local one. I made sure to run sudo firecfg --clean and sudo firecfg after making any changes to the local one.

~/.config/firejail/chromium-common.profile 
# Firejail profile for chromium-common
# This file is overwritten after every install/update
# Persistent local customizations
include chromium-common.local
# Persistent global definitions
# added by caller profile
#include globals.local

# noexec ${HOME} breaks DRM binaries.
?BROWSER_ALLOW_DRM: ignore noexec ${HOME}

# To enable support for the KeePassXC extension, add the following lines to
# chromium-common.local.
# Note: Start KeePassXC before the web browser and keep it open to allow
# communication between them.
#noblacklist ${RUNUSER}/app
#whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC
#whitelist ${RUNUSER}/kpxc_server
#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer

noblacklist ${HOME}/.local/share/pki
noblacklist ${HOME}/.pki
noblacklist /usr/lib/chromium/chrome-sandbox

# Add the next line to chromium-common.local if you want the web browser to
# have access to Gnome extensions (extensions.gnome.org) via the browser
# connector.
#include allow-python3.inc

blacklist ${PATH}/curl
blacklist ${PATH}/wget
blacklist ${PATH}/wget2

mkdir ${HOME}/.local/share/pki
mkdir ${HOME}/.pki
whitelist ${HOME}/.local/share/pki
whitelist ${HOME}/.pki
whitelist /usr/share/mozilla/extensions
whitelist /usr/share/webext
include whitelist-run-common.inc

# If your kernel allows the creation of user namespaces by unprivileged users
# (for example, if running `unshare -U echo enabled` prints "enabled"), you
# can add the next line to chromium-common.local.
#include chromium-common-hardened.inc.profile

?BROWSER_DISABLE_U2F: nou2f

?BROWSER_DISABLE_U2F: private-dev
#private-tmp # issues when using multiple browser sessions

# Note: This prevents access to passwords saved in GNOME Keyring and KWallet
# and breaks Gnome connector.
### UNCOMMENTED 08/02/25
dbus-user none

# The file dialog needs to work without d-bus.
?HAS_NODBUS: env NO_CHROME_KDE_FILE_DIALOG=1

# Redirect
include blink-common.profile

Environment

  • Name/version/arch of the Linux kernel (uname -srm):
    • Linux 6.14.0-27-generic x86_64
  • Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"):
    • Linux Mint 22.1 Xia
  • Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1,
    mesa 1:24.3.3-2"):
    • Chromium 139.0.7258.66 for Linux Mint
    • Brave Browser 139.1.81.131
    • Microsoft Edge 139.0.3405.86
  • Version of Firejail (firejail --version):
    • firejail version 0.9.74
  • If you use a development version of firejail, also the commit from which it
    was compiled (git rev-parse HEAD):
    • Not applicable

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
    • The only apparent difference I see is mine has mkdir ${HOME}/.pki on line 35 and dbus-user none uncommented on line 55. The issue occurs with or without commenting this out.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail chromium 
$ LC_ALL=C firejail chromium
Reading profile /etc/firejail/chromium.profile
Reading profile /home/user/.config/firejail/chromium-common.profile
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/blink-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
firejail version 0.9.74

Parent pid 57816, child pid 57818
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Base filesystem installed in 49.54 ms
Child process initialized in 98.87 ms
Warning: an existing sandbox was detected. /usr/bin/chromium will run without any additional sandboxing features
[1:1:0809/125538.244284:ERROR:chromium-139.0.7258.66/content/app/content_main_runner_impl.cc:423] Unable to load CDM /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object)
[15:15:0809/125538.244284:ERROR:chromium-139.0.7258.66/content/app/content_main_runner_impl.cc:423] Unable to load CDM /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object)
[7:26:0809/125538.253234:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:31:0809/125538.308586:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:31:0809/125538.308640:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:26:0809/125538.311649:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:26:0809/125538.311685:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:26:0809/125538.311758:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:26:0809/125538.311781:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:7:0809/125538.320560:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:26:0809/125538.321749:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:26:0809/125538.335145:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied

(chromium:7): dbind-WARNING **: 12:55:38.368: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory
[7:22:0809/125538.369186:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:26:0809/125538.385204:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:26:0809/125538.385240:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:7:0809/125538.443516:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:7:0809/125538.445843:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:7:0809/125538.445976:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:26:0809/125538.445973:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:7:0809/125538.459689:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:25:0809/125538.459805:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied

(chromium:7): IBUS-WARNING **: 12:55:38.480: Unable to connect to ibus: Could not connect: No such file or directory
[7:153:0809/125538.480586:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:153:0809/125538.480616:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:153:0809/125538.480657:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:153:0809/125538.480676:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:153:0809/125538.480706:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[7:7:0809/125538.482403:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:7:0809/125538.487169:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:25:0809/125538.487312:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:7:0809/125538.502515:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:22:0809/125538.502654:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:7:0809/125538.507640:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
[7:23:0809/125538.507726:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied
[7:7:0809/125538.515729:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: 
Fontconfig error: Cannot load default config file: No such file: (null)
Originally created by @nva1 on GitHub (Aug 9, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6857 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Chromium browsers do not connect to the Internet when sandboxed. I have all applications sandboxed, and until recently I was not having any problems. This occurs with Chromium, Brave, and Edge. It occurred randomly, perhaps after an update, a few weeks ago. Restoring to a previous Timeshift restore point did not resolve the issue. I reverted my local chromium-common.profile back to the original in /etc/firejail and ran `sudo firecfg --clean` and `sudo firecfg`, but this did not resolve the issue. I also tried purging and reinstalling Firejail, but this did not help. ### Steps to Reproduce - Open any Chromium browser such as Chromium, Brave, etc. - No Internet connection. - Terminal logs showing associated errors are below. - Running unsandboxed connects to the Internet. ### Expected behavior Expected behavior is that Chromium based browsers would connect to the Internet while sandboxed. ### Actual behavior When opening a Chromium based browser, the error message appears for all sites: > No internet Try: Checking the network cables, modem, and router Reconnecting to Wi-Fi ERR_INTERNET_DISCONNECTED ### Behavior without a profile Chromium based browser works as expected, but it is not sandboxed. ``` $ LC_ALL=C firejail --noprofile chromium firejail version 0.9.74 Parent pid 60045, child pid 60046 Base filesystem installed in 0.02 ms Child process initialized in 3.80 ms Warning: an existing sandbox was detected. /usr/bin/chromium will run without any additional sandboxing features [3:3:0809/130440.922722:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.systemd1.Manager.StartTransientUnit: object_path= /org/freedesktop/systemd1: org.freedesktop.DBus.Error.InvalidArgs: Process 3 is a kernel thread, refusing. [3:23:0809/130443.735230:ERROR:chromium-139.0.7258.66/google_apis/gcm/engine/registration_request.cc:291] Registration response error message: DEPRECATED_ENDPOINT ``` ### Additional context This is my chromium-common.profile in ~/.config/firejail. The only change from the default in /etc/firejail is I previously uncommented the line `dbus-user none`. I did a while back when I suddenly could not enter any keyboard input on Chromium based browsers. This resolved that issue and was long before the Internet connectivity issue this issue is about. The issue at hand occurs using the default profile or with the edited local one. I made sure to run `sudo firecfg --clean` and `sudo firecfg` after making any changes to the local one. <details> <summary>~/.config/firejail/chromium-common.profile</summary> ``` # Firejail profile for chromium-common # This file is overwritten after every install/update # Persistent local customizations include chromium-common.local # Persistent global definitions # added by caller profile #include globals.local # noexec ${HOME} breaks DRM binaries. ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} # To enable support for the KeePassXC extension, add the following lines to # chromium-common.local. # Note: Start KeePassXC before the web browser and keep it open to allow # communication between them. #noblacklist ${RUNUSER}/app #whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC #whitelist ${RUNUSER}/kpxc_server #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer noblacklist ${HOME}/.local/share/pki noblacklist ${HOME}/.pki noblacklist /usr/lib/chromium/chrome-sandbox # Add the next line to chromium-common.local if you want the web browser to # have access to Gnome extensions (extensions.gnome.org) via the browser # connector. #include allow-python3.inc blacklist ${PATH}/curl blacklist ${PATH}/wget blacklist ${PATH}/wget2 mkdir ${HOME}/.local/share/pki mkdir ${HOME}/.pki whitelist ${HOME}/.local/share/pki whitelist ${HOME}/.pki whitelist /usr/share/mozilla/extensions whitelist /usr/share/webext include whitelist-run-common.inc # If your kernel allows the creation of user namespaces by unprivileged users # (for example, if running `unshare -U echo enabled` prints "enabled"), you # can add the next line to chromium-common.local. #include chromium-common-hardened.inc.profile ?BROWSER_DISABLE_U2F: nou2f ?BROWSER_DISABLE_U2F: private-dev #private-tmp # issues when using multiple browser sessions # Note: This prevents access to passwords saved in GNOME Keyring and KWallet # and breaks Gnome connector. ### UNCOMMENTED 08/02/25 dbus-user none # The file dialog needs to work without d-bus. ?HAS_NODBUS: env NO_CHROME_KDE_FILE_DIALOG=1 # Redirect include blink-common.profile ``` </details> ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): - Linux 6.14.0-27-generic x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): - Linux Mint 22.1 Xia - Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1, mesa 1:24.3.3-2"): - Chromium 139.0.7258.66 for Linux Mint - Brave Browser 139.1.81.131 - Microsoft Edge 139.0.3405.86 - Version of Firejail (`firejail --version`): - firejail version 0.9.74 - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`): - Not applicable ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - The only apparent difference I see is mine has `mkdir ${HOME}/.pki` on line 35 and `dbus-user none` uncommented on line 55. The issue occurs with or without commenting this out. - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail chromium</summary> ``` $ LC_ALL=C firejail chromium Reading profile /etc/firejail/chromium.profile Reading profile /home/user/.config/firejail/chromium-common.profile Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/blink-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc firejail version 0.9.74 Parent pid 57816, child pid 57818 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Base filesystem installed in 49.54 ms Child process initialized in 98.87 ms Warning: an existing sandbox was detected. /usr/bin/chromium will run without any additional sandboxing features [1:1:0809/125538.244284:ERROR:chromium-139.0.7258.66/content/app/content_main_runner_impl.cc:423] Unable to load CDM /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object) [15:15:0809/125538.244284:ERROR:chromium-139.0.7258.66/content/app/content_main_runner_impl.cc:423] Unable to load CDM /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/user/.config/chromium/WidevineCdm/4.10.2891.0/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object) [7:26:0809/125538.253234:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:31:0809/125538.308586:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:31:0809/125538.308640:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:26:0809/125538.311649:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:26:0809/125538.311685:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:26:0809/125538.311758:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:26:0809/125538.311781:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:7:0809/125538.320560:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:26:0809/125538.321749:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:26:0809/125538.335145:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied (chromium:7): dbind-WARNING **: 12:55:38.368: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory [7:22:0809/125538.369186:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:26:0809/125538.385204:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:26:0809/125538.385240:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:7:0809/125538.443516:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:7:0809/125538.445843:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:7:0809/125538.445976:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:26:0809/125538.445973:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:7:0809/125538.459689:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:25:0809/125538.459805:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied (chromium:7): IBUS-WARNING **: 12:55:38.480: Unable to connect to ibus: Could not connect: No such file or directory [7:153:0809/125538.480586:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:153:0809/125538.480616:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:153:0809/125538.480657:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:153:0809/125538.480676:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:153:0809/125538.480706:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [7:7:0809/125538.482403:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:7:0809/125538.487169:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:25:0809/125538.487312:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:7:0809/125538.502515:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:22:0809/125538.502654:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:7:0809/125538.507640:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: [7:23:0809/125538.507726:ERROR:chromium-139.0.7258.66/dbus/bus.cc:408] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/user: Permission denied [7:7:0809/125538.515729:ERROR:chromium-139.0.7258.66/dbus/object_proxy.cc:590] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: Fontconfig error: Cannot load default config file: No such file: (null) ``` </details>
gitea-mirror 2026-05-05 09:57:55 -06:00
gitea-mirror commented 2026-05-05 09:57:57 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Aug 10, 2025):

Thanks for the details.

My guess would be that it's due to private-dev or private-etc, but they do
not seem to be used by chromium.profile.

You can try commenting lines in the relevant profile(s) to see which lines are
causing issues and post them here.

Relevant profiles:

  • chromium.profile
  • chromium-common.profile
  • blink.profile
<!-- gh-comment-id:3172495942 --> @kmk3 commented on GitHub (Aug 10, 2025): Thanks for the details. My guess would be that it's due to `private-dev` or `private-etc`, but they do not seem to be used by chromium.profile. You can try commenting lines in the relevant profile(s) to see which lines are causing issues and post them here. Relevant profiles: * chromium.profile * chromium-common.profile * blink.profile
gitea-mirror commented 2026-05-05 09:57:58 -06:00
Author
Owner
Copy link

@nva1 commented on GitHub (Aug 12, 2025):

Thanks for the details.

My guess would be that it's due to private-dev or private-etc, but they do not seem to be used by chromium.profile.

You can try commenting lines in the relevant profile(s) to see which lines are causing issues and post them here.

Relevant profiles:

* chromium.profile

* chromium-common.profile

* blink.profile

So I do not have a blink.profile. I do have blink-common.profile in /etc. I copied that and chromium.profile to ~/.config/firejail/. The only relevant lines I commented out are #private-tmp # issues when using multiple browser sessions in chromium-common.profile and #private-cache in blink-common.profile. #private-bin chromium,chromium-browser,chromedriver was already commented out in chromium.profile. Unfortunately, no difference.

<!-- gh-comment-id:3177802340 --> @nva1 commented on GitHub (Aug 12, 2025): > Thanks for the details. > > My guess would be that it's due to `private-dev` or `private-etc`, but they do not seem to be used by chromium.profile. > > You can try commenting lines in the relevant profile(s) to see which lines are causing issues and post them here. > > Relevant profiles: > > * chromium.profile > > * chromium-common.profile > > * blink.profile So I do not have a blink.profile. I do have blink-common.profile in /etc. I copied that and chromium.profile to ~/.config/firejail/. The only relevant lines I commented out are `#private-tmp # issues when using multiple browser sessions` in chromium-common.profile and `#private-cache` in blink-common.profile. `#private-bin chromium,chromium-browser,chromedriver` was already commented out in chromium.profile. Unfortunately, no difference.
gitea-mirror commented 2026-05-05 09:57:58 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Aug 12, 2025):

So I do not have a blink.profile. I do have blink-common.profile in /etc.

Yes sorry, I meant blink-common.profile.

I copied that and chromium.profile to ~/.config/firejail/. The only relevant
lines I commented out are #private-tmp # issues when using multiple browser sessions in chromium-common.profile and #private-cache in
blink-common.profile. #private-bin chromium,chromium-browser,chromedriver
was already commented out in chromium.profile. Unfortunately, no difference.

You can try for example commenting all whitelist commands, then the disable-*
includes, then whatever else is left.

Alternatively, you can comment everything and then uncomment lines until it
breaks.

<!-- gh-comment-id:3178512106 --> @kmk3 commented on GitHub (Aug 12, 2025): > So I do not have a blink.profile. I do have blink-common.profile in /etc. Yes sorry, I meant blink-common.profile. > I copied that and chromium.profile to ~/.config/firejail/. The only relevant > lines I commented out are `#private-tmp # issues when using multiple browser > sessions` in chromium-common.profile and `#private-cache` in > blink-common.profile. `#private-bin chromium,chromium-browser,chromedriver` > was already commented out in chromium.profile. Unfortunately, no difference. You can try for example commenting all whitelist commands, then the `disable-*` includes, then whatever else is left. Alternatively, you can comment everything and then uncomment lines until it breaks.
gitea-mirror commented 2026-05-05 09:57:59 -06:00
Author
Owner
Copy link

@nva1 commented on GitHub (Aug 14, 2025):

You can try for example commenting all whitelist commands, then the disable-*
includes, then whatever else is left.

Thanks. I tried commenting out all of the below in chromium-common.profile. Unfortunately still doesn't connect.

#mkdir ${HOME}/.local/share/pki
#mkdir ${HOME}/.pki
#whitelist ${HOME}/.local/share/pki
#whitelist ${HOME}/.pki
#whitelist /usr/share/mozilla/extensions
#whitelist /usr/share/webext
#include whitelist-run-common.inc

Separately, I tried commenting out this. No difference.

blacklist ${PATH}/curl
blacklist ${PATH}/wget
blacklist ${PATH}/wget2
<!-- gh-comment-id:3186759361 --> @nva1 commented on GitHub (Aug 14, 2025): >You can try for example commenting all whitelist commands, then the disable-* includes, then whatever else is left. Thanks. I tried commenting out all of the below in `chromium-common.profile`. Unfortunately still doesn't connect. ``` #mkdir ${HOME}/.local/share/pki #mkdir ${HOME}/.pki #whitelist ${HOME}/.local/share/pki #whitelist ${HOME}/.pki #whitelist /usr/share/mozilla/extensions #whitelist /usr/share/webext #include whitelist-run-common.inc ``` Separately, I tried commenting out this. No difference. ``` blacklist ${PATH}/curl blacklist ${PATH}/wget blacklist ${PATH}/wget2 ```
gitea-mirror commented 2026-05-05 09:57:59 -06:00
Author
Owner
Copy link

@nva1 commented on GitHub (Aug 27, 2025):

In my local blink-common.profile I've tried commenting out:

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc
include disable-xdg.inc

Separately, I tried commenting out in it:

netfilter
disable-mnt
private-cache
dbus-system none

Nothing changed. Since then I removed all symlinks with sudo firecfg --clean. I then uninstalled and purged firejail and firejail-profiles. I reinstalled it using the PPA this time. Before was the deb from Sourceforge. Before installing with the PPA, I underscored all my local profiles to hide them and deleted /etc/firejail.

I'm still having the same problem. I'm not sure what else to try at this point.

Edit:

I'm curious if someone could explain this item in the checklist if there's a possibility it would make any difference.

I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers

I am looking in /etc/firejail/firecfg.config, and I do not see either of these lines.

Edit:

I did find those two lines in firejail.config. I was mistakenly looking in firecfg.config. I made the changes mentioned in the checklist, but no change.

<!-- gh-comment-id:3226684812 --> @nva1 commented on GitHub (Aug 27, 2025): In my local `blink-common.profile` I've tried commenting out: ``` include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-programs.inc include disable-xdg.inc ``` Separately, I tried commenting out in it: ``` netfilter disable-mnt private-cache dbus-system none ``` Nothing changed. Since then I removed all symlinks with `sudo firecfg --clean`. I then uninstalled and purged firejail and firejail-profiles. I reinstalled it using the PPA this time. Before was the deb from Sourceforge. Before installing with the PPA, I underscored all my local profiles to hide them and deleted /etc/firejail. I'm still having the same problem. I'm not sure what else to try at this point. Edit: I'm curious if someone could explain this item in the checklist if there's a possibility it would make any difference. > I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers I am looking in /etc/firejail/firecfg.config, and I do not see either of these lines. Edit: I did find those two lines in `firejail.config`. I was mistakenly looking in `firecfg.config`. I made the changes mentioned in the checklist, but no change.
gitea-mirror commented 2026-05-05 09:58:00 -06:00
Author
Owner
Copy link

@nva1 commented on GitHub (Oct 7, 2025):

I uninstalled and then reinstalled with firejail-0.9.76.tar.xz. Everything is now working.

This was my first time installing Firejail as a binary application. The latest version is currently only available as such. The Chromium Internet connectivity problem occurred with 0.9.74 using both the PPA and the deb package.

I still had to make just one change after sandboxing everything (besides commenting out certain applications in firecfg.config). Chromium based browsers would connect without issue, but I could not enter any keyboard input, something that started several weeks before they stopped connecting to the Internet. To fix this I just uncomment this line in chromium-common.profile: dbus-user none.

<!-- gh-comment-id:3375402498 --> @nva1 commented on GitHub (Oct 7, 2025): I uninstalled and then reinstalled with firejail-0.9.76.tar.xz. Everything is now working. This was my first time installing Firejail as a binary application. The latest version is currently only available as such. The Chromium Internet connectivity problem occurred with 0.9.74 using both the PPA and the deb package. I still had to make just one change after sandboxing everything (besides commenting out certain applications in firecfg.config). Chromium based browsers would connect without issue, but I could not enter any keyboard input, something that started several weeks before they stopped connecting to the Internet. To fix this I just uncomment this line in chromium-common.profile: `dbus-user none`.
gitea-mirror commented 2026-05-05 09:58:00 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Oct 7, 2025):

I uninstalled and then reinstalled with firejail-0.9.76.tar.xz. Everything is
now working.

This was my first time installing Firejail as a binary application. The
latest version is currently only available as such. The Chromium Internet
connectivity problem occurred with 0.9.74 using both the PPA and the deb
package.

Glad it works now; closing.

I still had to make just one change after sandboxing everything (besides
commenting out certain applications in firecfg.config). Chromium based
browsers would connect without issue, but I could not enter any keyboard
input, something that started several weeks before they stopped connecting to
the Internet. To fix this I just uncomment this line in
chromium-common.profile: dbus-user none.

If you're using ibus, see:

If not (or if that does not fix it), please open a new bug.

You can use something like d-feet to check which dbus commands it uses.

<!-- gh-comment-id:3376063278 --> @kmk3 commented on GitHub (Oct 7, 2025): > I uninstalled and then reinstalled with firejail-0.9.76.tar.xz. Everything is > now working. > > This was my first time installing Firejail as a binary application. The > latest version is currently only available as such. The Chromium Internet > connectivity problem occurred with 0.9.74 using both the PPA and the deb > package. Glad it works now; closing. > I still had to make just one change after sandboxing everything (besides > commenting out certain applications in firecfg.config). Chromium based > browsers would connect without issue, but I could not enter any keyboard > input, something that started several weeks before they stopped connecting to > the Internet. To fix this I just uncomment this line in > chromium-common.profile: `dbus-user none`. If you're using ibus, see: * <https://github.com/netblue30/firejail/issues/116#issuecomment-1007921471> If not (or if that does not fix it), please open a new bug. You can use something like d-feet to check which dbus commands it uses.
gitea-mirror commented 2026-05-05 09:58:00 -06:00
Author
Owner
Copy link

@lunesar commented on GitHub (Dec 13, 2025):

Since this is already closed I'm not sure if I should just open a new issue as I think this is a bug that can be fixed. I'll post first here for now to prevent opening a duplicate bug. I was able to make a custom profile that allowed it to work. I think that there is something in the default Chromium profile that is the issue and can be resolved.

Description

This is very similar to issue #6857 in that after updating the kernel to 6.14 Chromium based web browsers such as brave could no longer connect to the Internet. This issue is specific to changes in the kernel, as I could boot with a 6.8 kernel and it would once again be able to connect to the internet, but then be unable to with kernel 6.14.

With some effort I have confirmed that there is something in the default profiles that is causing the issue. If I run with --noprofile or a custom profile it is able to connect to the internet.

Steps to Reproduce

Steps to reproduce the behavior

  • Boot with Linux 6.14 generic kernel
  • Open any Chromium browser such as Chromium, Brave, etc.
  • No Internet connection.
  • Running with --noprofile connects to the Internet.

Expected behavior

I expect the web browser to be able to connect to the Internet and load web pages normally.

Actual behavior

When opening web browser the following message appears for all sites:

No internet
Try:
Checking the network cables, modem, and router
Reconnecting to Wi-Fi
ERR_INTERNET_DISCONNECTED

Behavior without a profile

The web browser works as expected, but without a sandbox.

Additional context

Here is a custom profile that I am usable to use successfully and connect to the internet.

ignore noblacklist ${HOME}/.gnupg
read-only /proc/config.gz
dbus-user none
#dbus-user filter
# The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds.
seccomp !chroot

# Basic security (add more from stock profile if desired)
private-cache
private-dev
private-tmp
noexec ${HOME}
caps.drop all
netfilter
seccomp
noroot

# Extra hardening (optional but recommended)
blacklist /boot
blacklist /root
blacklist /var/lib/dpkg
blacklist /var/lib/apt

# should be enabled by default, but putting here just in case
nonewprivs

Since this custom sandboxing works there must be something in the stock brave/chromium profiles that makes it no work with kernel 6.14.

Environment

  • Name/version/arch of the Linux kernel (uname -srm):
    • Linux 6.14.0-37-generic x86_64
  • Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"):
    • Linux Mint 22.2
  • Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1,
    mesa 1:24.3.3-2"):
    • Brave 1.85.116
  • Version of Firejail (firejail --version):

firejail version 0.9.74

Compile time support:
- always force nonewprivs support is disabled
- AppArmor support is enabled
- AppImage support is enabled
- chroot support is enabled
- D-BUS proxy support is enabled
- file transfer support is enabled
- IDS support is enabled
- Landlock support is enabled
- networking support is enabled
- output logging is enabled
- overlayfs support is disabled
- private-home support is enabled
- private-lib support is disabled
- private-cache and tmpfs as user enabled
- sandbox check is enabled
- SELinux support is enabled
- user namespace support is enabled

  • If you use a development version of firejail, also the commit from which it
    was compiled (git rev-parse HEAD):
    • N/A

Checklist

  • I am using a supported version of firejail
  • I am using the full program path (e.g. firejail /usr/bin/vlc instead of firejail vlc; see https://github.com/netblue30/firejail/issues/2877)
  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)
<!-- gh-comment-id:3649825487 --> @lunesar commented on GitHub (Dec 13, 2025): Since this is already closed I'm not sure if I should just open a new issue as I think this is a bug that can be fixed. I'll post first here for now to prevent opening a duplicate bug. I was able to make a custom profile that allowed it to work. I think that there is something in the default Chromium profile that is the issue and can be resolved. ### Description This is very similar to issue #6857 in that after updating the kernel to 6.14 Chromium based web browsers such as brave could no longer connect to the Internet. This issue is specific to changes in the kernel, as I could boot with a 6.8 kernel and it would once again be able to connect to the internet, but then be unable to with kernel 6.14. With some effort I have confirmed that there is something in the default profiles that is causing the issue. If I run with `--noprofile` or a custom profile it is able to connect to the internet. ### Steps to Reproduce _Steps to reproduce the behavior_ - Boot with Linux 6.14 generic kernel - Open any Chromium browser such as Chromium, Brave, etc. - No Internet connection. - Running with --noprofile connects to the Internet. ### Expected behavior I expect the web browser to be able to connect to the Internet and load web pages normally. ### Actual behavior When opening web browser the following message appears for all sites: > No internet > Try: > Checking the network cables, modem, and router > Reconnecting to Wi-Fi > ERR_INTERNET_DISCONNECTED ### Behavior without a profile The web browser works as expected, but without a sandbox. ### Additional context Here is a custom profile that I am usable to use successfully and connect to the internet. ``` ignore noblacklist ${HOME}/.gnupg read-only /proc/config.gz dbus-user none #dbus-user filter # The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds. seccomp !chroot # Basic security (add more from stock profile if desired) private-cache private-dev private-tmp noexec ${HOME} caps.drop all netfilter seccomp noroot # Extra hardening (optional but recommended) blacklist /boot blacklist /root blacklist /var/lib/dpkg blacklist /var/lib/apt # should be enabled by default, but putting here just in case nonewprivs ``` Since this custom sandboxing works there must be something in the stock brave/chromium profiles that makes it no work with kernel 6.14. ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): - Linux 6.14.0-37-generic x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): - Linux Mint 22.2 - Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1, mesa 1:24.3.3-2"): - Brave 1.85.116 - Version of Firejail (`firejail --version`): > firejail version 0.9.74 > > Compile time support: > - always force nonewprivs support is disabled > - AppArmor support is enabled > - AppImage support is enabled > - chroot support is enabled > - D-BUS proxy support is enabled > - file transfer support is enabled > - IDS support is enabled > - Landlock support is enabled > - networking support is enabled > - output logging is enabled > - overlayfs support is disabled > - private-home support is enabled > - private-lib support is disabled > - private-cache and tmpfs as user enabled > - sandbox check is enabled > - SELinux support is enabled > - user namespace support is enabled > - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`): - N/A ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] I am using a [supported version](https://github.com/netblue30/firejail/tree/master/SECURITY.md) of firejail - [x] I am using the full program path (e.g. `firejail /usr/bin/vlc` instead of `firejail vlc`; see `https://github.com/netblue30/firejail/issues/2877`) - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages)
gitea-mirror commented 2026-05-05 09:58:01 -06:00
Author
Owner
Copy link

@lunesar commented on GitHub (Dec 13, 2025):

Here's debug log files for the output of both the default and custom profiles.

fj-custom-working.log
fj-default-failing.log

<!-- gh-comment-id:3649845694 --> @lunesar commented on GitHub (Dec 13, 2025): Here's debug log files for the output of both the default and custom profiles. [fj-custom-working.log](https://github.com/user-attachments/files/24145961/fj-custom-working.log) [fj-default-failing.log](https://github.com/user-attachments/files/24145962/fj-default-failing.log)
gitea-mirror commented 2026-05-05 09:58:01 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Dec 14, 2025):

@lunesar

Please open a new bug and make sure to include the command used to open the
program (such as firejail /usr/bin/foo).

firejail version 0.9.74

That is not the case; see the link.

Running with --noprofile connects to the Internet.

You can try commenting lines in the profile (and in any redirect profiles)
until it works to find out which lines are causing issues.

<!-- gh-comment-id:3650935261 --> @kmk3 commented on GitHub (Dec 14, 2025): @lunesar Please open a new bug and make sure to include the command used to open the program (such as `firejail /usr/bin/foo`). > firejail version 0.9.74 > * [x] I am using a [supported version](https://github.com/netblue30/firejail/tree/master/SECURITY.md) of firejail That is not the case; see the link. > Running with --noprofile connects to the Internet. You can try commenting lines in the profile (and in any redirect profiles) until it works to find out which lines are causing issues.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3399
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?