[GH-ISSUE #704] Login shells through FireJail - Interpreter initialization files are never read #479

New issue

Closed

opened 2026-05-05 05:56:28 -06:00 by gitea-mirror · 10 comments

gitea-mirror commented 2026-05-05 05:56:28 -06:00

Owner

Copy link

Originally created by @nuxwin on GitHub (Aug 12, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/704

Current behavior

When using Firejail for login shells (login.users), interpreter initialization files ( /etc/profile or any of the personal initialization files ~/.bash_profile, ~/.bash_login, or ~/.profile), depending on the interpreter in use (Bash, Dash, ASH ...), are never read.

Expected behavior

Interpreter initialization files should be read.

Originally created by @nuxwin on GitHub (Aug 12, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/704 **Current behavior** When using Firejail for login shells (login.users), interpreter initialization files ( /etc/profile or any of the personal initialization files ~/.bash_profile, ~/.bash_login, or ~/.profile), depending on the interpreter in use (Bash, Dash, ASH ...), are never read. **Expected behavior** Interpreter initialization files should be read.

gitea-mirror 2026-05-05 05:56:28 -06:00

• closed this issue
• added the
  bug
  label

gitea-mirror commented 2026-05-05 05:56:33 -06:00

Author

Owner

Copy link

@nuxwin commented on GitHub (Aug 12, 2016):

@netblue30

my workaround for now:

login.users

nuxwin:--chroot=/var/chroot/InstantSSH/shared_jail --name=nuxwin --rmenv=PROMPT_COMMAND --shell=/bin/bash -- /bin/bash --login

But I would prefer see firejail to do the job.

Note also that here, I remove the PROMPT_COMMAND environment variable because my /etc/profile file take care of this. My thinking is that in case of login shell, you should considere to mimic the default behavior. For common interpreters (bash, dash, ash ...) this can be easily achieved by invoking them with the -l parameter.

My system-wide /etc/profile file which is automatically copied inside the chroot by our underlying jail builder look as follow:

# .profile file - auto-generated by i-MSCP InstantSSH plugin
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).

export LC_ALL=C.UTF-8
export LANG=C.UTF-8

if [ "`id -u`" -eq 0 ]; then
  PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
else
  PATH="/usr/local/bin:/usr/bin:/bin"
fi
export PATH

if [ "$PS1" ]; then
  if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
    # The file bash.bashrc already sets the default PS1.
    # PS1='\h:\w\$ '
    if [ -f /etc/bash.bashrc ]; then
      . /etc/bash.bashrc
    fi
  else
    if [ "`id -u`" -eq 0 ]; then
      PS1='# '
    else
      PS1='$ '
    fi
  fi
fi

# Set umask
umask 027

if [ -d /etc/profile.d ]; then
  for i in /etc/profile.d/*.sh; do
    if [ -r $i ]; then
      . $i
    fi
  done
  unset i
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
    xterm-color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
        # We have color support; assume it's compliant with Ecma-48
        # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
        # a case would tend to support setf rather than setaf.)
        color_prompt=yes
    else
        color_prompt=
    fi
fi

if [ "$color_prompt" = yes ]; then
    PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
    PS1='\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PS1="\[\e]0;\u@\h: \w\a\]$PS1"
    ;;
*)
    ;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    #alias dir='dir --color=auto'
    #alias vdir='vdir --color=auto'

    #alias grep='grep --color=auto'
    #alias fgrep='fgrep --color=auto'
    #alias egrep='egrep --color=auto'
fi

<!-- gh-comment-id:239571925 --> @nuxwin commented on GitHub (Aug 12, 2016): @netblue30 my workaround for now: login.users ``` nuxwin:--chroot=/var/chroot/InstantSSH/shared_jail --name=nuxwin --rmenv=PROMPT_COMMAND --shell=/bin/bash -- /bin/bash --login ``` But I would prefer see firejail to do the job. Note also that here, I remove the `PROMPT_COMMAND` environment variable because my `/etc/profile` file take care of this. My thinking is that in case of login shell, you should considere to mimic the default behavior. For common interpreters (bash, dash, ash ...) this can be easily achieved by invoking them with the `-l` parameter. My system-wide `/etc/profile` file which is automatically copied inside the chroot by our underlying jail builder look as follow: ``` # .profile file - auto-generated by i-MSCP InstantSSH plugin # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). export LC_ALL=C.UTF-8 export LANG=C.UTF-8 if [ "`id -u`" -eq 0 ]; then PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" else PATH="/usr/local/bin:/usr/bin:/bin" fi export PATH if [ "$PS1" ]; then if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then # The file bash.bashrc already sets the default PS1. # PS1='\h:\w\$ ' if [ -f /etc/bash.bashrc ]; then . /etc/bash.bashrc fi else if [ "`id -u`" -eq 0 ]; then PS1='# ' else PS1='$ ' fi fi fi # Set umask umask 027 if [ -d /etc/profile.d ]; then for i in /etc/profile.d/*.sh; do if [ -r $i ]; then . $i fi done unset i fi # set a fancy prompt (non-color, unless we know we "want" color) case "$TERM" in xterm-color) color_prompt=yes;; esac # uncomment for a colored prompt, if the terminal has the capability; turned # off by default to not distract the user: the focus in a terminal window # should be on the output of commands, not on the prompt force_color_prompt=yes if [ -n "$force_color_prompt" ]; then if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then # We have color support; assume it's compliant with Ecma-48 # (ISO/IEC-6429). (Lack of such support is extremely rare, and such # a case would tend to support setf rather than setaf.) color_prompt=yes else color_prompt= fi fi if [ "$color_prompt" = yes ]; then PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' else PS1='\u@\h:\w\$ ' fi unset color_prompt force_color_prompt # If this is an xterm set the title to user@host:dir case "$TERM" in xterm*|rxvt*) PS1="\[\e]0;\u@\h: \w\a\]$PS1" ;; *) ;; esac # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" alias ls='ls --color=auto' #alias dir='dir --color=auto' #alias vdir='vdir --color=auto' #alias grep='grep --color=auto' #alias fgrep='fgrep --color=auto' #alias egrep='egrep --color=auto' fi ```

gitea-mirror commented 2026-05-05 05:56:36 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 14, 2016):

I think I have a fix, you can give it a try. Somehow it ends up calling both .bash_profile and .bashrc:

$ /usr/bin/ssh bingo@0
bingo@0's password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Aug 14 15:30:53 2016 from localhost
I am inside .bash_profile
I am inside .bashrc
[bingo@debian ~]$ 

<!-- gh-comment-id:239691733 --> @netblue30 commented on GitHub (Aug 14, 2016): I think I have a fix, you can give it a try. Somehow it ends up calling both .bash_profile and .bashrc: ``` $ /usr/bin/ssh bingo@0 bingo@0's password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sun Aug 14 15:30:53 2016 from localhost I am inside .bash_profile I am inside .bashrc [bingo@debian ~]$ ```

gitea-mirror commented 2026-05-05 05:56:38 -06:00

Author

Owner

Copy link

@nuxwin commented on GitHub (Aug 14, 2016):

@netblue30

I'll check now. Hope that /etc/profile is also read to cover case where .bash_profile and .bashrc are missing.

<!-- gh-comment-id:239692635 --> @nuxwin commented on GitHub (Aug 14, 2016): @netblue30 I'll check now. Hope that /etc/profile is also read to cover case where .bash_profile and .bashrc are missing.

gitea-mirror commented 2026-05-05 05:56:40 -06:00

Author

Owner

Copy link

@nuxwin commented on GitHub (Aug 14, 2016):

@netblue30

• Doesn't work with ASH (busybox). I think that you cannot mix -c and -l options. If I remove the-c option, that works as expected. Anyway, in the context of login_shell (we have now a var to detect it), I think that we should discard additional argv (we should only allow firejail options in that context). This would also solve next point.
• You increased index size by 1 but you forgot to increment assert test and therefore, assert fails when adding a command after double-dash. See below:

Current result:

nuxwin@dev:~$ ssh nuxwin@192.168.1.133
nuxwin@192.168.1.133's password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Mon Aug 15 00:01:28 2016 from 192.168.1.100
-firejail: sandbox.c:343: start_application: Assertion `index < 5' failed.
Connection to 192.168.1.133 closed.

Expected behavior

After fixing the assert:

nuxwin@dev:~$ ssh nuxwin@192.168.1.133
nuxwin@192.168.1.133's password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Mon Aug 15 00:02:07 2016 from 192.168.1.100
execvp argument 0: /bin/sh
execvp argument 1: -l
execvp argument 2: -c
execvp argument 3: --
execvp argument 4: '/bin/sh' '-l' 


BusyBox v1.22.1 (Debian 1:1.22.0-9+deb8u1) built-in shell (ash)
Enter 'help' for a list of built-in commands.

nuxwin@srv01:/home/nuxwin$

I've a fix. I'll do a PR in few minutes with explanations here.

<!-- gh-comment-id:239700961 --> @nuxwin commented on GitHub (Aug 14, 2016): @netblue30 - Doesn't work with ASH (busybox). I think that you cannot mix `-c` and `-l` options. If I remove the`-c` option, that works as expected. Anyway, in the context of `login_shell` (we have now a var to detect it), I think that we should discard additional argv (we should only allow firejail options in that context). This would also solve next point. - You increased index size by 1 but you forgot to increment assert test and therefore, assert fails when adding a command after double-dash. See below: Current result: ``` nuxwin@dev:~$ ssh nuxwin@192.168.1.133 nuxwin@192.168.1.133's password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Aug 15 00:01:28 2016 from 192.168.1.100 -firejail: sandbox.c:343: start_application: Assertion `index < 5' failed. Connection to 192.168.1.133 closed. ``` **Expected behavior** After fixing the assert: ``` nuxwin@dev:~$ ssh nuxwin@192.168.1.133 nuxwin@192.168.1.133's password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Aug 15 00:02:07 2016 from 192.168.1.100 execvp argument 0: /bin/sh execvp argument 1: -l execvp argument 2: -c execvp argument 3: -- execvp argument 4: '/bin/sh' '-l' BusyBox v1.22.1 (Debian 1:1.22.0-9+deb8u1) built-in shell (ash) Enter 'help' for a list of built-in commands. nuxwin@srv01:/home/nuxwin$ ``` I've a fix. I'll do a PR in few minutes with explanations here.

gitea-mirror commented 2026-05-05 05:56:42 -06:00

Author

Owner

Copy link

@nuxwin commented on GitHub (Aug 14, 2016):

@netblue30

See https://github.com/netblue30/firejail/pull/714

Summary

• In login shell context and if no cfg.command_line is passed in (either through SSH or in the login.users file), we start the shell with the -l option without further argument
• In case a command is passed-in (either through SSH or in the login.users file), we run that command through cfg.shell as usually, using the -c option

Examples

nuxwin@dev:~$ ssh nuxwin@192.168.1.133
nuxwin@192.168.1.133's password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Last login: Mon Aug 15 00:47:10 2016 from 192.168.1.100
Starting /bin/ash login shell
sandbox 31887, execvp into /bin/ash
execvp argument 0: /bin/ash
execvp argument 1: -l


BusyBox v1.22.1 (Debian 1:1.22.0-9+deb8u1) built-in shell (ash)
Enter 'help' for a list of built-in commands.

nuxwin@srv01:/home/nuxwin$ exit

Note that here, the initialization files are read.

Connection to 192.168.1.133 closed.
nuxwin@dev:~$ ssh nuxwin@192.168.1.133 date
nuxwin@192.168.1.133's password: 
Running 'date'  command line through /bin/ash
sandbox 31904, execvp into 'date' 
execvp argument 0: /bin/ash
execvp argument 1: -c
execvp argument 2: 'date' 
Mon Aug 15 00:47:37 CEST 2016
nuxwin@dev:~$

Note that here, the initialization files are not read. This shouldn't be an issue since the shell will terminate immediately after running cfg.command_line which here is the date command.

Furthermoor

With that PR, we avoid an ueless subprocess.

<!-- gh-comment-id:239704468 --> @nuxwin commented on GitHub (Aug 14, 2016): @netblue30 See https://github.com/netblue30/firejail/pull/714 **Summary** - In login shell context and if no `cfg.command_line` is passed in (either through SSH or in the login.users file), we start the shell with the `-l` option without further argument - In case a command is passed-in (either through SSH or in the login.users file), we run that command through `cfg.shell` as usually, using the `-c` option **Examples** ``` nuxwin@dev:~$ ssh nuxwin@192.168.1.133 nuxwin@192.168.1.133's password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Aug 15 00:47:10 2016 from 192.168.1.100 Starting /bin/ash login shell sandbox 31887, execvp into /bin/ash execvp argument 0: /bin/ash execvp argument 1: -l BusyBox v1.22.1 (Debian 1:1.22.0-9+deb8u1) built-in shell (ash) Enter 'help' for a list of built-in commands. nuxwin@srv01:/home/nuxwin$ exit ``` Note that here, the initialization files are read. ``` Connection to 192.168.1.133 closed. nuxwin@dev:~$ ssh nuxwin@192.168.1.133 date nuxwin@192.168.1.133's password: Running 'date' command line through /bin/ash sandbox 31904, execvp into 'date' execvp argument 0: /bin/ash execvp argument 1: -c execvp argument 2: 'date' Mon Aug 15 00:47:37 CEST 2016 nuxwin@dev:~$ ``` Note that here, the initialization files are not read. This shouldn't be an issue since the shell will terminate immediately after running `cfg.command_line` which here is the `date` command. **Furthermoor** With that PR, we avoid an ueless subprocess.

gitea-mirror commented 2026-05-05 05:56:44 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 15, 2016):

I think there is more to come, now it doesn't work for me, it goes directly to .bashrc. I'll look into it tomorrow.

<!-- gh-comment-id:239710293 --> @netblue30 commented on GitHub (Aug 15, 2016): I think there is more to come, now it doesn't work for me, it goes directly to .bashrc. I'll look into it tomorrow.

gitea-mirror commented 2026-05-05 05:56:46 -06:00

Author

Owner

Copy link

@nuxwin commented on GitHub (Aug 15, 2016):

@netblue30

I'll have a look too.

<!-- gh-comment-id:239711943 --> @nuxwin commented on GitHub (Aug 15, 2016): @netblue30 I'll have a look too.

gitea-mirror commented 2026-05-05 05:56:47 -06:00

Author

Owner

Copy link

@nuxwin commented on GitHub (Aug 15, 2016):

@netblue30

I've just tested with current master. For me, there is no problem.

First of all: .bashrc must be run only in case of non-login shell.

.bashrc:

# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
....

To simulate a non-login shell, I've set my login.users file as follow:

nuxwin:--chroot=/var/chroot/InstantSSH/shared_jail date

Then, I get the following result:

nuxwin@dev:~$ ssh nuxwin@192.168.1.133
nuxwin@192.168.1.133's password: 

  ___           _              _     ____ ____  _   _
 |_ _|_ __  ___| |_ __ _ _ __ | |_  / ___/ ___|| | | |
  | || '_ \/ __| __/ _` | '_ \| __| \___ \___ \| |_| |
  | || | | \__ \ || (_| | | | | |_   ___) |__) |  _  |
 |___|_| |_|___/\__\__,_|_| |_|\__| |____/____/|_| |_|


Welcome to your shell.

If you need a specific command, get in contact with your reseller.

i-MSCP InstantSSH plugin v4.1.0
Copyright (c) 2014-2016 Laurent Declercq <l.declercq@nuxwin.com>

Last login: Mon Aug 15 16:36:55 2016 from 192.168.1.100
Running 'date'  command through /bin/bash
sandbox 26218, execvp into 'date'
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'date' 
reading /home/nuxwin/.bashrc
Mon Aug 15 16:40:12 CEST 2016
Connection to 192.168.1.133 closed.
nuxwin@dev:~$

As you can see here, only the .bashrc is read. The date command is run and the session terminate immediately. Here we are in a non-login context and therefore, /etc/profile and /home/nuxwin/.profile are not read.

Now, if I don't put any command (true login shell context):

nuxwin:--chroot=/var/chroot/InstantSSH/shared_jail --rmenv=PROMPT_COMMAND

We get the following result:

nuxwin@192.168.1.133's password: 

  ___           _              _     ____ ____  _   _
 |_ _|_ __  ___| |_ __ _ _ __ | |_  / ___/ ___|| | | |
  | || '_ \/ __| __/ _` | '_ \| __| \___ \___ \| |_| |
  | || | | \__ \ || (_| | | | | |_   ___) |__) |  _  |
 |___|_| |_|___/\__\__,_|_| |_|\__| |____/____/|_| |_|


Welcome to your shell.

If you need a specific command, get in contact with your reseller.

i-MSCP InstantSSH plugin v4.1.0
Copyright (c) 2014-2016 Laurent Declercq <l.declercq@nuxwin.com>

Last login: Mon Aug 15 16:40:12 2016 from 192.168.1.100
Starting /bin/bash login shell
sandbox 26227, execvp into /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -l
reading /etc/profile
reading /home/nunxwin/.profile
nuxwin@srv01:~$

As you can see here, .bashrc is not read. That is expected because .bashrc must be read in context of non-login shells only. However, since we are in login shell context, both /etc/profile and /home/nuxwin/.profile are read.

Implementation is simple here: If the -c option is used, we are not in login shell context. This is same as Bash (and other shells) implementations.

<!-- gh-comment-id:239822846 --> @nuxwin commented on GitHub (Aug 15, 2016): @netblue30 I've just tested with current master. For me, there is no problem. First of all: `.bashrc` must be run only in case of non-login shell. .bashrc: ``` # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples .... ``` To simulate a non-login shell, I've set my `login.users` file as follow: ``` nuxwin:--chroot=/var/chroot/InstantSSH/shared_jail date ``` Then, I get the following result: ``` nuxwin@dev:~$ ssh nuxwin@192.168.1.133 nuxwin@192.168.1.133's password: ___ _ _ ____ ____ _ _ |_ _|_ __ ___| |_ __ _ _ __ | |_ / ___/ ___|| | | | | || '_ \/ __| __/ _` | '_ \| __| \___ \___ \| |_| | | || | | \__ \ || (_| | | | | |_ ___) |__) | _ | |___|_| |_|___/\__\__,_|_| |_|\__| |____/____/|_| |_| Welcome to your shell. If you need a specific command, get in contact with your reseller. i-MSCP InstantSSH plugin v4.1.0 Copyright (c) 2014-2016 Laurent Declercq <l.declercq@nuxwin.com> Last login: Mon Aug 15 16:36:55 2016 from 192.168.1.100 Running 'date' command through /bin/bash sandbox 26218, execvp into 'date' execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: 'date' reading /home/nuxwin/.bashrc Mon Aug 15 16:40:12 CEST 2016 Connection to 192.168.1.133 closed. nuxwin@dev:~$ ``` As you can see here, only the `.bashrc` is read. The `date` command is run and the session terminate immediately. Here we are in a non-login context and therefore, `/etc/profile` and `/home/nuxwin/.profile` are not read. Now, if I don't put any command (true login shell context): ``` nuxwin:--chroot=/var/chroot/InstantSSH/shared_jail --rmenv=PROMPT_COMMAND ``` We get the following result: ``` nuxwin@192.168.1.133's password: ___ _ _ ____ ____ _ _ |_ _|_ __ ___| |_ __ _ _ __ | |_ / ___/ ___|| | | | | || '_ \/ __| __/ _` | '_ \| __| \___ \___ \| |_| | | || | | \__ \ || (_| | | | | |_ ___) |__) | _ | |___|_| |_|___/\__\__,_|_| |_|\__| |____/____/|_| |_| Welcome to your shell. If you need a specific command, get in contact with your reseller. i-MSCP InstantSSH plugin v4.1.0 Copyright (c) 2014-2016 Laurent Declercq <l.declercq@nuxwin.com> Last login: Mon Aug 15 16:40:12 2016 from 192.168.1.100 Starting /bin/bash login shell sandbox 26227, execvp into /bin/bash execvp argument 0: /bin/bash execvp argument 1: -l reading /etc/profile reading /home/nunxwin/.profile nuxwin@srv01:~$ ``` As you can see here, `.bashrc` is not read. That is expected because `.bashrc` must be read in context of non-login shells only. However, since we are in login shell context, both `/etc/profile` and `/home/nuxwin/.profile` are read. Implementation is simple here: If the `-c` option is used, we are not in login shell context. This is same as Bash (and other shells) implementations.

gitea-mirror commented 2026-05-05 05:56:49 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 15, 2016):

I put in some fixes, also the green prompt was removed.

<!-- gh-comment-id:239856871 --> @netblue30 commented on GitHub (Aug 15, 2016): I put in some fixes, also the green prompt was removed.

gitea-mirror commented 2026-05-05 05:56:51 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Aug 16, 2016):

Got your email, don't worry about it, it's not a problem. Let's reset and move to this thread: https://github.com/netblue30/firejail/issues/719

<!-- gh-comment-id:240102933 --> @netblue30 commented on GitHub (Aug 16, 2016): Got your email, don't worry about it, it's not a problem. Let's reset and move to this thread: https://github.com/netblue30/firejail/issues/719

gitea-mirror referenced this issue 2026-05-05 10:05:10 -06:00

[PR #479] [MERGED] cyberfox profile #3639

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#479

No description provided.