[GH-ISSUE #6932] IPV6 DNS: net.c:137:try_proto(): socket(): Operation not supported (95) #3425

New issue

Open

opened 2026-05-05 09:59:36 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented 2026-05-05 09:59:36 -06:00

Owner

Copy link

Originally created by @pprocto on GitHub (Oct 10, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6932

Description

Describe the bug

Steps to Reproduce

Hello,

I would like to use an IPV6 DNS. I start this:

/bin/firejail \
  --noprofile \
  --protocol=inet,inet6 \
  --dns=2606:4700:4700::1111 \
  --net=wlp112s0 \
  --ignore=seccomp \
  nslookup -type=AAAA google.com

Where is the problem ?

Expected behavior

Accept to use the ipv6 DNS

Actual behavior

But I receive this error:

Parent pid 1662754, child pid 1662757

Interface        MAC                IP               Mask             Status
lo                                  127.0.0.1        255.0.0.0        UP    
eth0-1662754     94:e6:f7:83:a2:c5  192.168.0.195    255.255.255.0    UP    
Default gateway 192.168.0.254
DNS server 2606:4700:4700::1111

Child process initialized in 1082.32 ms
Warning: an existing sandbox was detected. /usr/bin/nslookup will run without any additional sandboxing features
net.c:137:try_proto(): socket(): Operation not supported (95)
;; UDP setup with 2606:4700:4700::1111#53(2606:4700:4700::1111) for google.com failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2606:4700:4700::1111#53(2606:4700:4700::1111) for google.com failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2606:4700:4700::1111#53(2606:4700:4700::1111) for google.com failed: network unreachable.
;; no servers could be reached


Parent is shutting down, bye...

Environment

• Name/version/arch of the Linux kernel (uname -srm): Linux 6.14.0-33-generic x86_64
• Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Ubuntu 24.04.3 LTS
• Version of Firejail (firejail --version): firejail version 0.9.72

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).

Relates to:

• #6931

Originally created by @pprocto on GitHub (Oct 10, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6932 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description _Describe the bug_ ### Steps to Reproduce Hello, I would like to use an IPV6 DNS. I start this: ```bash /bin/firejail \ --noprofile \ --protocol=inet,inet6 \ --dns=2606:4700:4700::1111 \ --net=wlp112s0 \ --ignore=seccomp \ nslookup -type=AAAA google.com ``` Where is the problem ? ### Expected behavior Accept to use the ipv6 DNS ### Actual behavior But I receive this error: ``` Parent pid 1662754, child pid 1662757 Interface MAC IP Mask Status lo 127.0.0.1 255.0.0.0 UP eth0-1662754 94:e6:f7:83:a2:c5 192.168.0.195 255.255.255.0 UP Default gateway 192.168.0.254 DNS server 2606:4700:4700::1111 Child process initialized in 1082.32 ms Warning: an existing sandbox was detected. /usr/bin/nslookup will run without any additional sandboxing features net.c:137:try_proto(): socket(): Operation not supported (95) ;; UDP setup with 2606:4700:4700::1111#53(2606:4700:4700::1111) for google.com failed: network unreachable. ;; no servers could be reached ;; UDP setup with 2606:4700:4700::1111#53(2606:4700:4700::1111) for google.com failed: network unreachable. ;; no servers could be reached ;; UDP setup with 2606:4700:4700::1111#53(2606:4700:4700::1111) for google.com failed: network unreachable. ;; no servers could be reached Parent is shutting down, bye... ``` ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): Linux 6.14.0-33-generic x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Ubuntu 24.04.3 LTS - Version of Firejail (`firejail --version`): firejail version 0.9.72 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [X] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [X] I can reproduce the issue without custom modifications (e.g. globals.local). Relates to: * #6931

gitea-mirror added the

networking

needinfo

old-version

labels 2026-05-05 09:59:36 -06:00

gitea-mirror commented 2026-05-05 09:59:39 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Oct 11, 2025):

firejail version 0.9.72

Note that we do not maintain that version of firejail:

• https://github.com/netblue30/firejail/blob/master/SECURITY.md

Versions other than the latest usually have outdated profiles and may contain
bugs and security vulnerabilities that were fixed in later versions.

See also:

• https://github.com/netblue30/firejail#installing

What happens with the latest released version?

<!-- gh-comment-id:3392904798 --> @kmk3 commented on GitHub (Oct 11, 2025): > firejail version 0.9.72 Note that we do not maintain that version of firejail: * <https://github.com/netblue30/firejail/blob/master/SECURITY.md> Versions other than the latest usually have outdated profiles and may contain bugs and security vulnerabilities that were fixed in later versions. See also: * <https://github.com/netblue30/firejail#installing> What happens with the latest released version?

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3425

No description provided.