github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #562] Can't launch LibreOffice with --net=none #399

New issue

Closed

opened 2026-05-05 05:47:06 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 05:47:06 -06:00

Owner

Originally created by @GabrielH0we on GitHub (Jun 11, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/562

I'm trying to restrict LibreOffice from accessing internet.

Here is my config

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

noblacklist ${HOME}/.kde
#blacklist ${HOME}/.wine

caps.drop all
net none
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

whitelist ${HOME}/Documents/libredocs
whitelist ${HOME}/.config/libreoffice

And here is what I see in konsole:

LibreOffice(19)/kdeui (kdelibs): Session bus not found To circumvent this problem try the following command (with Linux and bash) export $(dbus-launch)

It starts fine without "net none" in .profile.

I tried configurations from #379, but they don't work for me. I see
execvp: No such file or directory
even if I start libreoffice from a symlink at /usr/local/bin/

Firejail version is 0.9.41 (cloned from git).

UPD: it actually grsecurity, that kills libreoffice process for resource overstep. Tried to fix it with paxctl -cm, but it didn't work.

Originally created by @GabrielH0we on GitHub (Jun 11, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/562 I'm trying to restrict LibreOffice from accessing internet. Here is my config ``` include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc noblacklist ${HOME}/.kde #blacklist ${HOME}/.wine caps.drop all net none netfilter nonewprivs noroot protocol unix,inet,inet6 seccomp whitelist ${HOME}/Documents/libredocs whitelist ${HOME}/.config/libreoffice ``` And here is what I see in konsole: `LibreOffice(19)/kdeui (kdelibs): Session bus not found To circumvent this problem try the following command (with Linux and bash) export $(dbus-launch)` It starts fine without "net none" in .profile. I tried configurations from #379, but they don't work for me. I see `execvp: No such file or directory` even if I start libreoffice from a symlink at /usr/local/bin/ Firejail version is 0.9.41 (cloned from git). UPD: it actually grsecurity, that kills libreoffice process for resource overstep. Tried to fix it with paxctl -cm, but it didn't work.

gitea-mirror

2026-05-05 05:47:06 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 05:47:14 -06:00

Author

Owner

@netblue30 commented on GitHub (Jun 11, 2016):

When you use --net, the dbus socket is discarded by the network namespace, so there will not be any dbus support. It looks like libreoffice crashes - a very few programs do this. It is a libreoffice bug, or maybe a kdelibs bug.

@netblue30 commented on GitHub (Jun 11, 2016): When you use --net, the dbus socket is discarded by the network namespace, so there will not be any dbus support. It looks like libreoffice crashes - a very few programs do this. It is a libreoffice bug, or maybe a kdelibs bug.

gitea-mirror commented

2026-05-05 05:47:17 -06:00

Author

Owner

@netblue30 commented on GitHub (Jun 11, 2016):

A workaround: comment out "net none" in your profile, and replace "protocol unix,inet,inet6" with "protocol unix". This should reject the network connections, but it will not interfere with dbus functionality.

@netblue30 commented on GitHub (Jun 11, 2016): A workaround: comment out "net none" in your profile, and replace "protocol unix,inet,inet6" with "protocol unix". This should reject the network connections, but it will not interfere with dbus functionality.

gitea-mirror commented

2026-05-05 05:47:20 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jun 13, 2016):

Huh. I'm curious which version of libreoffice you're using. I'm using the latest development version which works fine with --net=none.

@chiraag-nataraj commented on GitHub (Jun 13, 2016): Huh. I'm curious which version of libreoffice you're using. I'm using the latest development version which works fine with `--net=none`.

gitea-mirror commented

2026-05-05 05:47:23 -06:00

Author

Owner

@GabrielH0we commented on GitHub (Jun 13, 2016):

As I wrote in the original message, it's Grsecurity, that kills Libreoffice process for resource overstep.

Workaround with "protocol unix" works fine with Grsecurity.

@GabrielH0we commented on GitHub (Jun 13, 2016): As I wrote in the original message, it's Grsecurity, that kills Libreoffice process for resource overstep. Workaround with "protocol unix" works fine with Grsecurity.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#399

No description provided.

Rows
Columns