[GH-ISSUE #74] Error: Access was denied while trying to open files in your profile directory.

gitea-mirror commented

2026-05-05 04:53:15 -06:00

Owner

Originally created by @Utini2000 on GitHub (Oct 7, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/74

Hey there,

I am suddenly having troubles loading up Iceweasel with firejail. Without really doing any changes to my profiles I get the following error when running "firejail iceweasel":

Error: Access was denied while trying to open files in your profile directory.

This is my /home/sneida/.config/firejail/iceweasel.profile:

caps.drop all
seccomp
noroot
shell none
netfilter
#include ${HOME}/.config/firejail/mine.inc

############### disable-mgmt.inc########

# system directories
#blacklist /usr/bin
#blacklist /usr/sbin
#blacklist /bin
blacklist /sbin
blacklist /usr/sbin

# system management
blacklist ${PATH}/umount
blacklist ${PATH}/mount
blacklist ${PATH}/fusermount
blacklist ${PATH}/su
blacklist ${PATH}/sudo
blacklist ${PATH}/xinput
blacklist ${PATH}/evtest
blacklist ${PATH}/xev
blacklist ${PATH}/strace

# Prevent manipulation of firejail configuration
blacklist /etc/firejail
blacklist ${HOME}/.config/firejail

############disable-secret.inc##############

# HOME directory
blacklist ${HOME}/.ssh
tmpfs ${HOME}/.gnome2_private
blacklist ${HOME}/.gnome2/keyrings
blacklist ${HOME}/kde4/share/apps/kwallet
blacklist ${HOME}/kde/share/apps/kwallet
blacklist ${HOME}/.pki/nssdb
blacklist ${HOME}/.gnupg
blacklist ${HOME}/.local/share/recently-used.xbel

################ disable-common.inc###############
# HTTP / FTP / Mail
blacklist ${HOME}/.adobe
blacklist ${HOME}/.macromedia
blacklist ${HOME}/.icedove
blacklist ${HOME}/.thunderbird
blacklist ${HOME}/.config/midori
blacklist ${HOME}/.config/opera
blacklist ${HOME}/.config/chromium
blacklist ${HOME}/.config/google-chrome
blacklist ${HOME}/.filezilla
blacklist ${HOME}/.config/filezilla
blacklist ~/.wine
blacklist ${HOME}/.wine
include /etc/firejail/disable-common.inc

# Instant Messaging
blacklist ${HOME}/.purple
blacklist ${HOME}/.config/psi+

# VNC
blacklist ${HOME}/.remmina

# Other
blacklist ${HOME}/.tconn

#xfce..

############## disable-history.inc #################
# History files in $HOME
blacklist ${HOME}/.history
blacklist ${HOME}/.*_history

I am the owner of the file, it is in the group "users" and permissions are "-rw-r--r--".
Any ideas?

Running e.g. VLC with the same profile content works fine.

Thanks !

Originally created by @Utini2000 on GitHub (Oct 7, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/74 Hey there, I am suddenly having troubles loading up Iceweasel with firejail. Without really doing any changes to my profiles I get the following error when running "firejail iceweasel": ``` Error: Access was denied while trying to open files in your profile directory. ``` This is my /home/sneida/.config/firejail/iceweasel.profile: ``` caps.drop all seccomp noroot shell none netfilter #include ${HOME}/.config/firejail/mine.inc ############### disable-mgmt.inc######## # system directories #blacklist /usr/bin #blacklist /usr/sbin #blacklist /bin blacklist /sbin blacklist /usr/sbin # system management blacklist ${PATH}/umount blacklist ${PATH}/mount blacklist ${PATH}/fusermount blacklist ${PATH}/su blacklist ${PATH}/sudo blacklist ${PATH}/xinput blacklist ${PATH}/evtest blacklist ${PATH}/xev blacklist ${PATH}/strace # Prevent manipulation of firejail configuration blacklist /etc/firejail blacklist ${HOME}/.config/firejail ############disable-secret.inc############## # HOME directory blacklist ${HOME}/.ssh tmpfs ${HOME}/.gnome2_private blacklist ${HOME}/.gnome2/keyrings blacklist ${HOME}/kde4/share/apps/kwallet blacklist ${HOME}/kde/share/apps/kwallet blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.gnupg blacklist ${HOME}/.local/share/recently-used.xbel ################ disable-common.inc############### # HTTP / FTP / Mail blacklist ${HOME}/.adobe blacklist ${HOME}/.macromedia blacklist ${HOME}/.icedove blacklist ${HOME}/.thunderbird blacklist ${HOME}/.config/midori blacklist ${HOME}/.config/opera blacklist ${HOME}/.config/chromium blacklist ${HOME}/.config/google-chrome blacklist ${HOME}/.filezilla blacklist ${HOME}/.config/filezilla blacklist ~/.wine blacklist ${HOME}/.wine include /etc/firejail/disable-common.inc # Instant Messaging blacklist ${HOME}/.purple blacklist ${HOME}/.config/psi+ # VNC blacklist ${HOME}/.remmina # Other blacklist ${HOME}/.tconn #xfce.. ############## disable-history.inc ################# # History files in $HOME blacklist ${HOME}/.history blacklist ${HOME}/.*_history ``` I am the owner of the file, it is in the group "users" and permissions are "-rw-r--r--". Any ideas? Running e.g. VLC with the same profile content works fine. Thanks !

gitea-mirror

2026-05-05 04:53:15 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 04:53:22 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 7, 2015):

The error comes from Firefox. It seems to be quite a popular error. Probably some files in ~/.mozilla directory are not owned by you as user. Try this:

$ sudo chown -R yourname:yourname /home/yourname/.mozilla

@netblue30 commented on GitHub (Oct 7, 2015): The error comes from Firefox. It seems to be quite a popular error. Probably some files in ~/.mozilla directory are not owned by you as user. Try this: ``` $ sudo chown -R yourname:yourname /home/yourname/.mozilla ```

gitea-mirror commented

2026-05-05 04:53:25 -06:00

Author

Owner

@Utini2000 commented on GitHub (Oct 9, 2015):

@netblue30

Nope sorry, that didn't fix the problem. I already was owner of the folder (same es with everything in my home directory). The command didn't help :/

@Utini2000 commented on GitHub (Oct 9, 2015): @netblue30 Nope sorry, that didn't fix the problem. I already was owner of the folder (same es with everything in my home directory). The command didn't help :/

gitea-mirror commented

2026-05-05 04:53:27 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 9, 2015):

I'll reopen it and mark it as a bug. I'll try to reproduce it here. Make sure you don't have another Firefox instance already running already when you start the sandbox - Firefox runs a single instance of the process, so if another Firefox is already present in the system you might run into problems.

@netblue30 commented on GitHub (Oct 9, 2015): I'll reopen it and mark it as a bug. I'll try to reproduce it here. Make sure you don't have another Firefox instance already running already when you start the sandbox - Firefox runs a single instance of the process, so if another Firefox is already present in the system you might run into problems.

gitea-mirror commented

2026-05-05 04:53:29 -06:00

Author

Owner

@Utini2000 commented on GitHub (Oct 9, 2015):

Nope, no other instance of firefox (or actually parabola iceweasel) is running :/

@Utini2000 commented on GitHub (Oct 9, 2015): Nope, no other instance of firefox (or actually parabola iceweasel) is running :/

gitea-mirror commented

2026-05-05 04:53:31 -06:00

Author

Owner

@Utini2000 commented on GitHub (Oct 9, 2015):

It is weird, firejail iceweasel has worked all the time and suddenly it broke. Firejailing any other app works fine but not with iceweasel.

@Utini2000 commented on GitHub (Oct 9, 2015): It is weird, firejail iceweasel has worked all the time and suddenly it broke. Firejailing any other app works fine but not with iceweasel.

gitea-mirror commented

2026-05-05 04:53:32 -06:00

Author

Owner

@Utini2000 commented on GitHub (Oct 14, 2015):

@netblue30 I tried re-installing firejail but that didnt help :/

@Utini2000 commented on GitHub (Oct 14, 2015): @netblue30 I tried re-installing firejail but that didnt help :/

gitea-mirror commented

2026-05-05 04:53:34 -06:00

Author

Owner

@Utini2000 commented on GitHub (Oct 15, 2015):

@netblue30 should I try re-installing iceweasel ?

@Utini2000 commented on GitHub (Oct 15, 2015): @netblue30 should I try re-installing iceweasel ?

gitea-mirror commented

2026-05-05 04:53:36 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 16, 2015):

Maybe if you delete ~/.mozilla directory so you can start with a fresh iceweasel configuration. Take care, this will also delete all your addons and bookmarks.

@netblue30 commented on GitHub (Oct 16, 2015): Maybe if you delete ~/.mozilla directory so you can start with a fresh iceweasel configuration. Take care, this will also delete all your addons and bookmarks.

gitea-mirror commented

2026-05-05 04:53:38 -06:00

Author

Owner

@Utini2000 commented on GitHub (Oct 16, 2015):

@netblue30

I deleted .mozilla, then ran iceweasel, then closed it, then tried "firejail iceweasel" ´, same error
I deleted .mozilla, then ran "firejail Iceweasel" which worked. I close Iceweasel, tried again, same error.

So as long as .mozilla doesn't exist, I can run iceweasel. As soon as .mozilla exists I get the rror.

@Utini2000 commented on GitHub (Oct 16, 2015): @netblue30 1. I deleted .mozilla, then ran iceweasel, then closed it, then tried "firejail iceweasel" ´, same error 2. I deleted .mozilla, then ran "firejail Iceweasel" which worked. I close Iceweasel, tried again, same error. So as long as .mozilla doesn't exist, I can run iceweasel. As soon as .mozilla exists I get the rror.

gitea-mirror commented

2026-05-05 04:53:39 -06:00

Author

Owner

@Utini2000 commented on GitHub (Oct 16, 2015):

lool.. found the issue.. I included "disable-common.inc" which blacklists .mozilla :/ Sorry for this :S

@Utini2000 commented on GitHub (Oct 16, 2015): lool.. found the issue.. I included "disable-common.inc" which blacklists .mozilla :/ Sorry for this :S

gitea-mirror commented

2026-05-05 04:53:41 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 17, 2015):

No problem!

@netblue30 commented on GitHub (Oct 17, 2015): No problem!

gitea-mirror referenced this issue

2026-05-05 10:03:02 -06:00

[PR #46] [MERGED] Use generic.profile by default #3525

Rows
Columns

[GH-ISSUE #74] Error: Access was denied while trying to open files in your profile directory. #45