sbin #42

New issue

Closed

opened 2026-05-05 04:53:01 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 04:53:01 -06:00

Owner

Originally created by @Utini2000 on GitHub (Oct 2, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/72

Hey there,

I am on Arch running firejail with Iceweasel (from parabola repo). When running firejail iceweasel I get the following output:

[sneida@_____ ~]$ firejail iceweasel
Reading profile /home/sneida/.config/firejail/iceweasel.profile
Warning: user namespaces not available in the current kernel.
Reading profile /etc/firejail/disable-common.inc
Parent pid 598, child pid 599
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized

(process:1): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
console.error: 
  [CustomizableUI]
  Custom widget with id loop-button does not return a valid node
console.error: 
  [CustomizableUI]
  Custom widget with id loop-button does not return a valid node

This is my iceweasel.profile:

caps.drop all
seccomp
noroot
shell none
netfilter

############### disable-mgmt.inc########

# system directories
blacklist /sbin
blacklist /usr/sbin

# system management
blacklist ${PATH}/umount
blacklist ${PATH}/mount
blacklist ${PATH}/fusermount
blacklist ${PATH}/su
blacklist ${PATH}/sudo
blacklist ${PATH}/xinput
blacklist ${PATH}/evtest
blacklist ${PATH}/xev
blacklist ${PATH}/strace

# Prevent manipulation of firejail configuration
blacklist /etc/firejail
blacklist ${HOME}/.config/firejail

############disable-secret.inc##############

# HOME directory
blacklist ${HOME}/.ssh
tmpfs ${HOME}/.gnome2_private
blacklist ${HOME}/.gnome2/keyrings
blacklist ${HOME}/kde4/share/apps/kwallet
blacklist ${HOME}/kde/share/apps/kwallet
blacklist ${HOME}/.pki/nssdb
blacklist ${HOME}/.gnupg
blacklist ${HOME}/.local/share/recently-used.xbel

################ disable-common.inc###############
# HTTP / FTP / Mail
blacklist ${HOME}/.adobe
blacklist ${HOME}/.macromedia
blacklist ${HOME}/.icedove
blacklist ${HOME}/.thunderbird
blacklist ${HOME}/.config/midori
blacklist ${HOME}/.config/opera
blacklist ${HOME}/.config/chromium
blacklist ${HOME}/.config/google-chrome
blacklist ${HOME}/.filezilla
blacklist ${HOME}/.config/filezilla
include /etc/firejail/disable-common.inc .mozilla

# Instant Messaging
blacklist ${HOME}/.purple
blacklist ${HOME}/.config/psi+

# VNC
blacklist ${HOME}/.remmina

# Other
blacklist ${HOME}/.tconn

############## disable-history.inc #################
# History files in $HOME
blacklist ${HOME}/.history
blacklist ${HOME}/.*_history

Also I am wondering, is there a way to stop firejail from deleted the "last session" between reboots?

Thanks !

Originally created by @Utini2000 on GitHub (Oct 2, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/72 Hey there, I am on Arch running firejail with Iceweasel (from parabola repo). When running firejail iceweasel I get the following output: ``` [sneida@_____ ~]$ firejail iceweasel Reading profile /home/sneida/.config/firejail/iceweasel.profile Warning: user namespaces not available in the current kernel. Reading profile /etc/firejail/disable-common.inc Parent pid 598, child pid 599 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized (process:1): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed console.error: [CustomizableUI] Custom widget with id loop-button does not return a valid node console.error: [CustomizableUI] Custom widget with id loop-button does not return a valid node ``` This is my iceweasel.profile: ``` caps.drop all seccomp noroot shell none netfilter ############### disable-mgmt.inc######## # system directories blacklist /sbin blacklist /usr/sbin # system management blacklist ${PATH}/umount blacklist ${PATH}/mount blacklist ${PATH}/fusermount blacklist ${PATH}/su blacklist ${PATH}/sudo blacklist ${PATH}/xinput blacklist ${PATH}/evtest blacklist ${PATH}/xev blacklist ${PATH}/strace # Prevent manipulation of firejail configuration blacklist /etc/firejail blacklist ${HOME}/.config/firejail ############disable-secret.inc############## # HOME directory blacklist ${HOME}/.ssh tmpfs ${HOME}/.gnome2_private blacklist ${HOME}/.gnome2/keyrings blacklist ${HOME}/kde4/share/apps/kwallet blacklist ${HOME}/kde/share/apps/kwallet blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.gnupg blacklist ${HOME}/.local/share/recently-used.xbel ################ disable-common.inc############### # HTTP / FTP / Mail blacklist ${HOME}/.adobe blacklist ${HOME}/.macromedia blacklist ${HOME}/.icedove blacklist ${HOME}/.thunderbird blacklist ${HOME}/.config/midori blacklist ${HOME}/.config/opera blacklist ${HOME}/.config/chromium blacklist ${HOME}/.config/google-chrome blacklist ${HOME}/.filezilla blacklist ${HOME}/.config/filezilla include /etc/firejail/disable-common.inc .mozilla # Instant Messaging blacklist ${HOME}/.purple blacklist ${HOME}/.config/psi+ # VNC blacklist ${HOME}/.remmina # Other blacklist ${HOME}/.tconn ############## disable-history.inc ################# # History files in $HOME blacklist ${HOME}/.history blacklist ${HOME}/.*_history ``` Also I am wondering, is there a way to stop firejail from deleted the "last session" between reboots? Thanks !

gitea-mirror closed this issue

2026-05-05 04:53:04 -06:00

gitea-mirror commented

2026-05-05 04:53:08 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 2, 2015):

On Arch, all the system bin directories are symbolic links to /usr/bin:

/bin -> /usr/bin
/sbin -> /usr/bin
/usr/sbin -> /usr/bin

It is also the case for Fedora and Centos. If we blacklist them, we end up blacklisting every single executable.

@netblue30 commented on GitHub (Oct 2, 2015): On Arch, all the system bin directories are symbolic links to /usr/bin: ``` /bin -> /usr/bin /sbin -> /usr/bin /usr/sbin -> /usr/bin ``` It is also the case for Fedora and Centos. If we blacklist them, we end up blacklisting every single executable.

gitea-mirror referenced this issue

2026-05-05 10:03:01 -06:00

[PR #42] [MERGED] Implement the expand_home util function #3523

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#42

No description provided.

Rows
Columns