github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #799] Firefox's native Widevine Content Decryption Module doesn't work in firejail #543

New issue

Closed

opened 2026-05-05 06:05:41 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 06:05:41 -06:00

Owner

Originally created by @pizzadude on GitHub (Sep 21, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/799

Hi,

If I try to watch a show on Netflix with the recently introduced native widevine drm plugin in firejail, the video just "loads" forever. If I watch it with firejail disabled, it plays fine.

Any fix? I presume this could be a whitelisting issue, but I don't know if there's any widevine specific dirs.

Originally created by @pizzadude on GitHub (Sep 21, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/799 Hi, If I try to watch a show on Netflix with the recently introduced native widevine drm plugin in firejail, the video just "loads" forever. If I watch it with firejail disabled, it plays fine. Any fix? I presume this could be a whitelisting issue, but I don't know if there's any widevine specific dirs.

gitea-mirror

2026-05-05 06:05:41 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 06:05:47 -06:00

Author

Owner

@netblue30 commented on GitHub (Sep 21, 2016):

Probably they are running seccomp on the plugin - just a guess! In a text editor open /etc/firejail/firefox.profile and comment (add a #) out the following block of statements:

caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

If this one is working, bring back the statements you commented out one by one and try again. I think some of them are creating the problem.

@netblue30 commented on GitHub (Sep 21, 2016): Probably they are running seccomp on the plugin - just a guess! In a text editor open /etc/firejail/firefox.profile and comment (add a #) out the following block of statements: ``` caps.drop all netfilter nonewprivs noroot protocol unix,inet,inet6,netlink seccomp tracelog ``` If this one is working, bring back the statements you commented out one by one and try again. I think some of them are creating the problem.

gitea-mirror commented

2026-05-05 06:05:49 -06:00

Author

Owner

@pizzadude commented on GitHub (Sep 21, 2016):

Thanks, commenting out seccomp in /etc/firejail/firefox.profile works, but what are the consequences security wise (if any) of doing this?

@pizzadude commented on GitHub (Sep 21, 2016): Thanks, commenting out seccomp in /etc/firejail/firefox.profile works, but what are the consequences security wise (if any) of doing this?

gitea-mirror commented

2026-05-05 06:05:51 -06:00

Author

Owner

@netblue30 commented on GitHub (Sep 21, 2016):

It is kind of ugly without seccomp. You can use the regular profile for your browsing, and switch to a different profile when you go to Netflix.

When you run with seccomp enabled, do you get any seccomp message in /var/log/syslog or in /var/log/audit/audit.log? A seccomp message looks like this:

type=SECCOMP msg=audit(1474471335.039:158): auid=1000 uid=1000 gid=1000 ses=1 pid=3597 comm="mkdir" exe="/bin/mkdir" sig=31 arch=c000003e syscall=83 compat=0 ip=0x7f6d0a7f78f7 code=0x0

@netblue30 commented on GitHub (Sep 21, 2016): It is kind of ugly without seccomp. You can use the regular profile for your browsing, and switch to a different profile when you go to Netflix. When you run with seccomp enabled, do you get any seccomp message in /var/log/syslog or in /var/log/audit/audit.log? A seccomp message looks like this: ``` type=SECCOMP msg=audit(1474471335.039:158): auid=1000 uid=1000 gid=1000 ses=1 pid=3597 comm="mkdir" exe="/bin/mkdir" sig=31 arch=c000003e syscall=83 compat=0 ip=0x7f6d0a7f78f7 code=0x0 ```

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#543

No description provided.

Rows
Columns