github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #836] vlc: program does not start with --started-from-file #566

New issue
Open
opened 2026-05-05 06:09:49 -06:00 by gitea-mirror · 30 comments
gitea-mirror commented 2026-05-05 06:09:49 -06:00
Owner
Copy link

Originally created by @ghost on GitHub (Oct 5, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/836

Hello,

Today, after many months away from Linux, I decided to give VLC a try here. It all worked fine one month ago.

For some reason, I can't open any file with VLC or start it from KDE's menu, because of the --started-from-file part in KDE's launch properties. Output:

[amarildo@amarildo ~]$ firejail /usr/bin/vlc --started-from-file %U
Reading profile /etc/firejail/vlc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 6663, child pid 6664
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Child process initialized
VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89)

Parent is shutting down, bye...

When removing that part, it starts normally:

[amarildo@amarildo ~]$ firejail vlc
Reading profile /etc/firejail/vlc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 6672, child pid 6673
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Child process initialized
VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89)
[000000000328aaa8] core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.

Following suggestions in https://github.com/netblue30/firejail/issues/814 didn't help. I just compiled firejail-git in Arch and uncommenting private-bin-no-local no didn't help. I also tried setting it to yes.

Commenting the private-tmp only helped if I remove the --started-from-file from the launch properties.

EDIT: Removing --started-from-file from KDE's launch properties does make VLC start normally and it actually adds that part automatically:

3324:amarildo:/usr/bin/firejail /usr/bin/vlc --started-from-file
3325:amarildo:/usr/bin/firejail /usr/bin/vlc --started-from-file
3334:amarildo:/usr/bin/vlc --started-from-file

Not that editing that command wasn't necessary.

Originally created by @ghost on GitHub (Oct 5, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/836 Hello, Today, after many months away from Linux, I decided to give VLC a try here. It all worked fine one month ago. For some reason, I can't open any file with VLC or start it from KDE's menu, because of the `--started-from-file` part in KDE's launch properties. Output: > [amarildo@amarildo ~]$ firejail /usr/bin/vlc --started-from-file %U > Reading profile /etc/firejail/vlc.profile > Reading profile /etc/firejail/disable-common.inc > Reading profile /etc/firejail/disable-programs.inc > Reading profile /etc/firejail/disable-devel.inc > Reading profile /etc/firejail/disable-passwdmgr.inc > Parent pid 6663, child pid 6664 > Warning: /sbin directory link was not blacklisted > Warning: /usr/sbin directory link was not blacklisted > Blacklist violations are logged to syslog > Child process initialized > VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89) > > Parent is shutting down, bye... When removing that part, it starts normally: > [amarildo@amarildo ~]$ firejail vlc > Reading profile /etc/firejail/vlc.profile > Reading profile /etc/firejail/disable-common.inc > Reading profile /etc/firejail/disable-programs.inc > Reading profile /etc/firejail/disable-devel.inc > Reading profile /etc/firejail/disable-passwdmgr.inc > Parent pid 6672, child pid 6673 > Warning: /sbin directory link was not blacklisted > Warning: /usr/sbin directory link was not blacklisted > Blacklist violations are logged to syslog > Child process initialized > VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89) > [000000000328aaa8] core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface. Following suggestions in https://github.com/netblue30/firejail/issues/814 didn't help. I just compiled firejail-git in Arch and uncommenting `private-bin-no-local no` didn't help. I also tried setting it to yes. Commenting the `private-tmp` only helped if I remove the `--started-from-file` from the launch properties. EDIT: Removing `--started-from-file` from KDE's launch properties does make VLC start normally and it actually adds that part automatically: > 3324:amarildo:/usr/bin/firejail /usr/bin/vlc --started-from-file > 3325:amarildo:/usr/bin/firejail /usr/bin/vlc --started-from-file > 3334:amarildo:/usr/bin/vlc --started-from-file Not that editing that command wasn't necessary.
gitea-mirror added the
bug
 label 2026-05-05 06:09:49 -06:00
gitea-mirror commented 2026-05-05 06:09:52 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Oct 6, 2016):

In a text editor open /etc/firejail/vlc.profile and comment out (add a #) the lines there one by one and try vlc again. Probably one of the include lines is creating the problem. I think one of the blacklists in one of the files is creating the problem.

<!-- gh-comment-id:251941807 --> @netblue30 commented on GitHub (Oct 6, 2016): In a text editor open /etc/firejail/vlc.profile and comment out (add a #) the lines there one by one and try vlc again. Probably one of the include lines is creating the problem. I think one of the blacklists in one of the files is creating the problem.
gitea-mirror commented 2026-05-05 06:09:56 -06:00
Author
Owner
Copy link

@mr-blobbyyy commented on GitHub (Oct 15, 2016):

Following suggestions in #814 didn't help. I just compiled firejail-git in Arch and uncommenting private-bin-no-local no didn't help. I also tried setting it to yes.

Wasn't the advice to leave that line indeed commented out?

In a text editor open /etc/firejail/vlc.profile and comment out (add a #) the lines there one by one and try vlc again.

Yep, and for me (v0.9.42), "private-tmp" was the very last line 😅

My exec path for "vlc" is this: "vlc --started-from-file %U" for the vlc.desktop file in ~/.local/share/applications/. Here's a swift guide @netblue30 (and others) might reference on the LM forums (in case you already didn't know): https://forums.linuxmint.com/viewtopic.php?p=1165909#p1165909

<!-- gh-comment-id:253960173 --> @mr-blobbyyy commented on GitHub (Oct 15, 2016): > Following suggestions in #814 didn't help. I just compiled firejail-git in Arch and uncommenting private-bin-no-local no didn't help. I also tried setting it to yes. Wasn't the advice to leave that line indeed commented out? > In a text editor open /etc/firejail/vlc.profile and comment out (add a #) the lines there one by one and try vlc again. Yep, and for me (v0.9.42), "private-tmp" was the very last line :sweat_smile: My exec path for "vlc" is this: "vlc --started-from-file %U" for the vlc.desktop file in ~/.local/share/applications/. Here's a swift guide @netblue30 (and others) might reference on the LM forums (in case you already didn't know): https://forums.linuxmint.com/viewtopic.php?p=1165909#p1165909
gitea-mirror commented 2026-05-05 06:09:59 -06:00
Author
Owner
Copy link

@chiraag-nataraj commented on GitHub (Aug 19, 2018):

Is this still an issue?

<!-- gh-comment-id:414129775 --> @chiraag-nataraj commented on GitHub (Aug 19, 2018): Is this still an issue?
gitea-mirror commented 2026-05-05 06:10:01 -06:00
Author
Owner
Copy link

@chiraag-nataraj commented on GitHub (Aug 19, 2018):

Seems to work on my end. Going to close this, but @amarildojr and @mr-blobbyyy, please feel free to re-open if it's still an issue.

<!-- gh-comment-id:414129863 --> @chiraag-nataraj commented on GitHub (Aug 19, 2018): Seems to work on my end. Going to close this, but @amarildojr and @mr-blobbyyy, please feel free to re-open if it's still an issue.
gitea-mirror commented 2026-05-05 06:10:04 -06:00
Author
Owner
Copy link

@GM-Script-Writer-62850 commented on GitHub (Mar 3, 2019):

I am suddenly about to reproduce this
xubunut 18.04 64bit

/usr/bin/vlc --started-from-file %U
VLC media player 3.0.4 Vetinari (revision 3.0.4-0-gf615db6332)
chad@Z97Killer:~$ /usr/bin/vlc --started-from-file %U -v
VLC media player 3.0.4 Vetinari (revision 3.0.4-0-gf615db6332)
[000055f8a087d570] main libvlc warning: running VLC instance - exiting..
chad@Z97Killer:~$ apt-cache policy vlc
vlc:
  Installed: 3.0.4-1ubuntu0.2
  Candidate: 3.0.4-1ubuntu0.2
  Version table:
 *** 3.0.4-1ubuntu0.2 500
        500 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        100 /var/lib/dpkg/status
     3.0.3-1-1ubuntu1 500
        500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages
     3.0.1-3build1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages

tried reinstalling some parts of VLC tried deleting ~/.cache/vlc, tried deleting ~/.config/vlc, tried deleting ~/.local/share/vlc
none of this solved the issue

<!-- gh-comment-id:468981232 --> @GM-Script-Writer-62850 commented on GitHub (Mar 3, 2019): I am suddenly about to reproduce this xubunut 18.04 64bit ``` /usr/bin/vlc --started-from-file %U VLC media player 3.0.4 Vetinari (revision 3.0.4-0-gf615db6332) chad@Z97Killer:~$ /usr/bin/vlc --started-from-file %U -v VLC media player 3.0.4 Vetinari (revision 3.0.4-0-gf615db6332) [000055f8a087d570] main libvlc warning: running VLC instance - exiting.. chad@Z97Killer:~$ apt-cache policy vlc vlc: Installed: 3.0.4-1ubuntu0.2 Candidate: 3.0.4-1ubuntu0.2 Version table: *** 3.0.4-1ubuntu0.2 500 500 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages 100 /var/lib/dpkg/status 3.0.3-1-1ubuntu1 500 500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages 3.0.1-3build1 500 500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages ``` tried reinstalling some parts of VLC tried deleting `~/.cache/vlc`, tried deleting `~/.config/vlc`, tried deleting `~/.local/share/vlc` none of this solved the issue
gitea-mirror commented 2026-05-05 06:10:06 -06:00
Author
Owner
Copy link

@Necktwi commented on GitHub (Apr 14, 2020):

what does --started-from-file %U option do? previously the vlc.desktop worked fine but now it won't start vlc

<!-- gh-comment-id:613401783 --> @Necktwi commented on GitHub (Apr 14, 2020): what does `--started-from-file %U` option do? previously the `vlc.desktop` worked fine but now it won't start `vlc`
gitea-mirror commented 2026-05-05 06:10:08 -06:00
Author
Owner
Copy link

@0xc0d commented on GitHub (May 24, 2020):

you just need to delete --started-from-file in /usr/share/applications/vlc.desktop
something like this:
Exec=/usr/bin/vlc %U will be fine

<!-- gh-comment-id:633171963 --> @0xc0d commented on GitHub (May 24, 2020): you just need to delete `--started-from-file` in `/usr/share/applications/vlc.desktop` something like this: `Exec=/usr/bin/vlc %U` will be fine
gitea-mirror commented 2026-05-05 06:10:10 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 24, 2020):

Reopening for now. But I can not reproduce this yet.

what does --started-from-file %U option do?

vlc --full-help:

Tell VLC that it is being launched due to a file association in the OS

<!-- gh-comment-id:633214603 --> @rusty-snake commented on GitHub (May 24, 2020): Reopening for now. But I can not reproduce this yet. ---- > what does `--started-from-file %U` option do? `vlc --full-help`: > Tell VLC that it is being launched due to a file association in the OS
gitea-mirror commented 2026-05-05 06:10:12 -06:00
Author
Owner
Copy link

@b1zzu commented on GitHub (May 28, 2020):

Same here the /usr/bin/vlc --started-from-file doesn't stat VLC, I had to manually fix the .desktop file

OS: Fedora 32
VLC media player 3.0.10 Vetinari (revision 3.0.10-0-g7f145afa84)

<!-- gh-comment-id:635508487 --> @b1zzu commented on GitHub (May 28, 2020): Same here the `/usr/bin/vlc --started-from-file` doesn't stat VLC, I had to manually fix the .desktop file OS: Fedora 32 VLC media player 3.0.10 Vetinari (revision 3.0.10-0-g7f145afa84)
gitea-mirror commented 2026-05-05 06:10:14 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 29, 2020):

Looks like one off you must comment vlc.profile and uncomment line for line to try which is the problematic line.

<!-- gh-comment-id:635785729 --> @rusty-snake commented on GitHub (May 29, 2020): Looks like one off you must comment vlc.profile and uncomment line for line to try which is the problematic line.
gitea-mirror commented 2026-05-05 06:10:16 -06:00
Author
Owner
Copy link

@b1zzu commented on GitHub (May 29, 2020):

Hi @rusty-snake, I can't find the vlc.profile

<!-- gh-comment-id:635876361 --> @b1zzu commented on GitHub (May 29, 2020): Hi @rusty-snake, I can't find the `vlc.profile`
gitea-mirror commented 2026-05-05 06:10:18 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 29, 2020):

Depending on how you installed firejail, but it should be under /etc/firejail/vlc.profile or /usr/local/etc/firejail/vlc.profile.

The easiest way is to copy it to .config/firejail where it will be automatical be loaded by firejail. Example:

mkdir ~/.config/firejail
cp /etc/firejail/vlc.profile ~/.config/firejail
vim ~/.config/firejail/vlc.profile

After testing you can simple delete .config/firejail/vlc.profile.

<!-- gh-comment-id:635988264 --> @rusty-snake commented on GitHub (May 29, 2020): Depending on how you installed firejail, but it should be under `/etc/firejail/vlc.profile` or `/usr/local/etc/firejail/vlc.profile`. The easiest way is to copy it to .config/firejail where it will be automatical be loaded by firejail. Example: ``` mkdir ~/.config/firejail cp /etc/firejail/vlc.profile ~/.config/firejail vim ~/.config/firejail/vlc.profile ``` After testing you can simple delete .config/firejail/vlc.profile.
gitea-mirror commented 2026-05-05 06:10:20 -06:00
Author
Owner
Copy link

@it9exm commented on GitHub (Jun 20, 2020):

Same here.
All of a sudden VLC is not starting when double clicking on files. It took a while to discover this was the cause, verified by launching it from a shell. Of course I tried to delete caches , and no, I don't have firejail. Does anybody know what caused this?

<!-- gh-comment-id:647000438 --> @it9exm commented on GitHub (Jun 20, 2020): Same here. All of a sudden VLC is not starting when double clicking on files. It took a while to discover this was the cause, verified by launching it from a shell. Of course I tried to delete caches , and no, I don't have firejail. Does anybody know what caused this?
gitea-mirror commented 2026-05-05 06:10:22 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Jul 26, 2020):

I can play a file when I open it in VLC started with firejail /usr/bin/vlc (using /etc/firejail/vlc.profile).

I can play the file with right click->open with->VLC after having added firejail to the VLC application in Debian10/KDE like so: firejail /usr/bin/vlc --started-from-file %U.

But after something happened - and I don't know what - the file doesn't play anymore with the latter method while the former keeps working.

I then get these errors:

filesystem stream error: cannot open file /home/username/file.mp3 (Permission denied)
uint DBusMenuExporterDBus::GetLayout(int, int, const QStringList&, DBusMenuLayoutItem&): Condition failed: menu

The latter error shows multiple times and also shows when using the former (working) method to open the file.
The file is still owned by my username.

Whatever is happening that causes the file to not play anymore might be related to library scanning by the Nuclear music player (the issue is linked above).

How to solve this problem?

<!-- gh-comment-id:664027681 --> @mYnDstrEAm commented on GitHub (Jul 26, 2020): I can play a file when I open it in VLC started with `firejail /usr/bin/vlc` (using /etc/firejail/vlc.profile). I can play the file with right click->open with->VLC after having added firejail to the VLC application in Debian10/KDE like so: `firejail /usr/bin/vlc --started-from-file %U`. But after something happened - and I don't know what - the file doesn't play anymore with the latter method while the former keeps working. I then get these errors: > filesystem stream error: cannot open file /home/username/file.mp3 (Permission denied) > uint DBusMenuExporterDBus::GetLayout(int, int, const QStringList&, DBusMenuLayoutItem&): Condition failed: menu The latter error shows multiple times and also shows when using the former (working) method to open the file. The file is still owned by my username. Whatever is happening that causes the file to not play anymore might be related to library scanning by the Nuclear music player (the issue is linked above). How to solve this problem?
gitea-mirror commented 2026-05-05 06:10:23 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 31, 2020):

How to solve this problem?

Nobody know. I can not reproduce and other users have not found/reported a cause yet.

<!-- gh-comment-id:667245799 --> @rusty-snake commented on GitHub (Jul 31, 2020): > How to solve this problem? Nobody know. I can not reproduce and other users have not found/reported a cause yet.
gitea-mirror commented 2026-05-05 06:10:25 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Aug 1, 2020):

I investigated further and the exact same file in one location does played when I select "Open with->VLC media player" and another one in another location didn't play when trying right afterwards. Both files have the same sha512sum and except of the directory-location exactly the same output when entering ls -l filepath. I checked that the open with VLC media player made VLC start via firejail and that no other instance of VLC was running concurrently.

And now I I've found the cause: it works when navigating to the directory directly but not when navigating to the directory via a symbolic link (pressing and holding ctrl+shift while dragging a folder in KDE or selecting "Link Here" after dragging it somewhere).

<!-- gh-comment-id:667505960 --> @mYnDstrEAm commented on GitHub (Aug 1, 2020): I investigated further and the exact same file in one location does played when I select "Open with->VLC media player" and another one in another location didn't play when trying right afterwards. Both files have the same sha512sum and except of the directory-location _exactly_ the same output when entering `ls -l filepath`. I checked that the open with VLC media player made VLC start via firejail and that no other instance of VLC was running concurrently. And now I I've found the cause: it works when navigating to the directory directly but not when navigating to the directory via a symbolic link (pressing and holding ctrl+shift while dragging a folder in KDE or selecting "Link Here" after dragging it somewhere).
gitea-mirror commented 2026-05-05 06:10:28 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2020):

I tried with this and both ways work. Can you give some more detailed introductions to reproduce.

$ ln -s Videos Videos-slnk
$ cd Videos && firejail vlc --started-from-file foo.mp4 && cd ..
$ cd Videos-slnk && firejail vlc --stared-from-file foo.mp4
<!-- gh-comment-id:668439098 --> @rusty-snake commented on GitHub (Aug 4, 2020): I tried with this and both ways work. Can you give some more detailed introductions to reproduce. ``` $ ln -s Videos Videos-slnk $ cd Videos && firejail vlc --started-from-file foo.mp4 && cd .. $ cd Videos-slnk && firejail vlc --stared-from-file foo.mp4 ```
gitea-mirror commented 2026-05-05 06:10:29 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Aug 4, 2020):

These commands work on my machine as well (except for the stared->started typo in the 3rd).
The video also plays when creating a folder-link by dragging and choosing open with->VLC media player in KDE/Dolphin.
However playing the file doesn't work when the folder-link is placed onto the desktop.
Sorry for not testing / stating that it's working in some cases but not in some others (one at least).
So:

  1. Your commands worked
  2. Replicating what your commands do by navigating in Dolphin under Debian10/KDE worked
  3. These commands worked:
ln -s ./Art ~/Desktop/Art-slnk
cd ~/Desktop/Art-slnk && firejail vlc --started-from-file test.mp4
  1. In Debian10/KDE navigating to ~/Desktop/Art-slnk in Dolphin and selecting "Open with->VLC media player" as in 2. did not work.
    I get this error in the VLC media player every 2 seconds or so: filesystem error: cannot open file /home/username/Desktop/Art/test.mp4 (Permission denied).
  2. This command did not work (same as 4.): cd ~/Desktop && firejail vlc --started-from-file ~/Desktop/Art-slnk/test.mp4
<!-- gh-comment-id:668469106 --> @mYnDstrEAm commented on GitHub (Aug 4, 2020): These commands work on my machine as well (except for the stared->started typo in the 3rd). The video also plays when creating a folder-link by dragging and choosing open with->VLC media player in KDE/Dolphin. However playing the file doesn't work when the folder-link is placed onto the desktop. Sorry for not testing / stating that it's working in some cases but not in some others (one at least). So: 1. Your commands worked 2. Replicating what your commands do by navigating in Dolphin under Debian10/KDE worked 3. These commands worked: ``` ln -s ./Art ~/Desktop/Art-slnk cd ~/Desktop/Art-slnk && firejail vlc --started-from-file test.mp4 ``` 4. In Debian10/KDE navigating to ~/Desktop/Art-slnk in Dolphin and selecting "Open with->VLC media player" as in 2. did not work. I get this error in the VLC media player every 2 seconds or so: `filesystem error: cannot open file /home/username/Desktop/Art/test.mp4 (Permission denied)`. 5. This command did not work (same as 4.): `cd ~/Desktop && firejail vlc --started-from-file ~/Desktop/Art-slnk/test.mp4`
gitea-mirror commented 2026-05-05 06:10:31 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2020):

  1. Filesystem is, right?
- Desktop
| -  Art
| | - test.mp4
| - Art-slnk -> ./Art
  1. Is your dolphin firejailed or not?
  2. Is a vlc instance already running?
  3. This works for me.
$ mkdir Desktop
$ mkdir Desktop/Art
$ ln -s ./Art ~/Desktop/Art-slnk
$ -- create test video in Desktop/Art
$ cd Desktop
$ firejail vlc --started-from-file ~/Desktop/Art-slnk/foo.bar
<!-- gh-comment-id:668496188 --> @rusty-snake commented on GitHub (Aug 4, 2020): 1. Filesystem is, right? ``` - Desktop | - Art | | - test.mp4 | - Art-slnk -> ./Art ``` 2. Is your dolphin firejailed or not? 3. Is a vlc instance already running? 4. This works for me. ``` $ mkdir Desktop $ mkdir Desktop/Art $ ln -s ./Art ~/Desktop/Art-slnk $ -- create test video in Desktop/Art $ cd Desktop $ firejail vlc --started-from-file ~/Desktop/Art-slnk/foo.bar ```
gitea-mirror commented 2026-05-05 06:10:33 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Aug 4, 2020):

  1. No, it is:
- Home
| - Folder
| | - Art
| | | - test.mp4
| - Desktop
| | - Art-slnk -> ~/Folder/Art
  1. It is not firejailed
  2. No other VLC instance is running
  3. This does not work for me:
mkdir ~/Folder && cd ~/Folder/
mkdir Desktop
mkdir Desktop/Art
ln -s ./Art ./Desktop/Art-slnk
-- copy test video into Desktop/Art
cd ./Desktop/
firejail vlc --started-from-file ./Desktop/Art-slnk/test.mp4
<!-- gh-comment-id:668531098 --> @mYnDstrEAm commented on GitHub (Aug 4, 2020): 1. No, it is: ``` - Home | - Folder | | - Art | | | - test.mp4 | - Desktop | | - Art-slnk -> ~/Folder/Art ``` 2. It is not firejailed 3. No other VLC instance is running 4. This does not work for me: ``` mkdir ~/Folder && cd ~/Folder/ mkdir Desktop mkdir Desktop/Art ln -s ./Art ./Desktop/Art-slnk -- copy test video into Desktop/Art cd ./Desktop/ firejail vlc --started-from-file ./Desktop/Art-slnk/test.mp4 ```
gitea-mirror commented 2026-05-05 06:10:37 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2020):

  1. Points Art-slnk to ~/Folder/Art (as in 1) or ./Art (as in 4)?
  2. Broken for me too. For ls also.
<!-- gh-comment-id:668538371 --> @rusty-snake commented on GitHub (Aug 4, 2020): 1. Points Art-slnk to `~/Folder/Art` (as in 1) or `./Art` (as in 4)? 4. Broken for me too. For `ls` also.
gitea-mirror commented 2026-05-05 06:10:39 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Aug 4, 2020):

  1. In the previous tests and examples given this was the directory-structure. The commands in 4 were executed as they are (hence there the Art folder was the newly created, empty folder).
  2. Great, so now we only have to find out what's causing this. MPV also doesn't play the file so it's not VLC-specific.
<!-- gh-comment-id:668542318 --> @mYnDstrEAm commented on GitHub (Aug 4, 2020): 1. In the previous tests and examples given this was the directory-structure. The commands in 4 were executed as they are (hence there the Art folder was the newly created, empty folder). 2. Great, so now we only have to find out what's causing this. MPV also doesn't play the file so it's not VLC-specific.
gitea-mirror commented 2026-05-05 06:10:41 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2020):

  1. There is no Desktop folder inside the Desktop folder.
<!-- gh-comment-id:668543214 --> @rusty-snake commented on GitHub (Aug 4, 2020): 2. There is no Desktop folder inside the Desktop folder.
gitea-mirror commented 2026-05-05 06:10:43 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Aug 4, 2020):

You're right, sorry. If you'd like to I could delete the previous comment and edit the post. It works for me as well. What doesn't work is placing the link on the desktop and then opening the file via this link. I could play audio and video files when the link is placed in Home, but not when it is placed onto the desktop.
Maybe it has to do with folder-restrictions of other running firejail instances even though I don't think that there's currently any with specific restrictions for the desktop folder and I haven't found any after shortly looking through the firejail profiles currently being used.

<!-- gh-comment-id:668550135 --> @mYnDstrEAm commented on GitHub (Aug 4, 2020): You're right, sorry. If you'd like to I could delete the previous comment and edit the post. It works for me as well. What doesn't work is placing the link on the desktop and then opening the file via this link. I could play audio and video files when the link is placed in Home, but not when it is placed onto the desktop. Maybe it has to do with folder-restrictions of other running firejail instances even though I don't think that there's currently any with specific restrictions for the desktop folder and I haven't found any after shortly looking through the firejail profiles currently being used.
gitea-mirror commented 2026-05-05 06:10:46 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2020):

You can use firejail --ignore=private-bin --profile=vlc bash to look around inside the sandbox.

<!-- gh-comment-id:668626202 --> @rusty-snake commented on GitHub (Aug 4, 2020): You can use `firejail --ignore=private-bin --profile=vlc bash` to look around inside the sandbox.
gitea-mirror commented 2026-05-05 06:10:48 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Aug 4, 2020):

The default VLC.profile does not have permissions for the desktop. It seems like the profile for VLC should not blacklist folders as restrictively as it does, and/or make it easy for users to specify which folders contain media files VLC should be able to run via a setup-prompt and/or prompts when trying to open files in other locations (a notification or message-box asking the user to whitelist the directory or file permanently or temporarily) and/or use the target locations for the blacklistings, not the links. For the VLC.profile in specific it might be useful to allow it read-access for all files (in all locations) of specific filetypes.

<!-- gh-comment-id:668632135 --> @mYnDstrEAm commented on GitHub (Aug 4, 2020): The default VLC.profile does not have permissions for the desktop. It seems like the profile for VLC should not blacklist folders as restrictively as it does, and/or make it easy for users to specify which folders contain media files VLC should be able to run via a setup-prompt and/or prompts when trying to open files in other locations (a notification or message-box asking the user to whitelist the directory or file permanently or temporarily) and/or use the target locations for the blacklistings, not the links. For the VLC.profile in specific it might be useful to allow it read-access for all files (in all locations) of specific filetypes.
gitea-mirror commented 2026-05-05 06:10:49 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2020):

vlc.profile allows access to ${DESKTOP}, which firejail version do you use? Have you made any modifications to vlc.profile, disable-xdg.inc, vlc.local?

<!-- gh-comment-id:668708518 --> @rusty-snake commented on GitHub (Aug 4, 2020): vlc.profile allows access to `${DESKTOP}`, which firejail version do you use? Have you made any modifications to vlc.profile, disable-xdg.inc, vlc.local?
gitea-mirror commented 2026-05-05 06:10:51 -06:00
Author
Owner
Copy link

@mYnDstrEAm commented on GitHub (Aug 4, 2020):

0.9.58.2 in Debian10 and I haven't modified (or created) these files.
If this is what caused the problem for the other users here and it has been resolved the issue could be closed. However, only allowing ${DESKTOP} might not solve all issues (I haven't checked if this problem still occurs for other locations) so I'd favor one of the suggestions I have made (for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error). Furthermore, getting a newer version into the Debian repositories might also be good - that might be something mostly outside the scope of this project though.

<!-- gh-comment-id:668730149 --> @mYnDstrEAm commented on GitHub (Aug 4, 2020): 0.9.58.2 in Debian10 and I haven't modified (or created) these files. If this is what caused the problem for the other users here and it has been resolved the issue could be closed. However, only allowing ${DESKTOP} might not solve all issues (I haven't checked if this problem still occurs for other locations) so I'd favor one of the suggestions I have made (for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error). Furthermore, getting a newer version into the Debian repositories might also be good - that might be something mostly outside the scope of this project though.
gitea-mirror commented 2026-05-05 06:10:53 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2020):

for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error

unfortunately not possible

getting a newer version into the Debian repositories might also be good

Use the one from the backports

<!-- gh-comment-id:668734088 --> @rusty-snake commented on GitHub (Aug 4, 2020): > for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error unfortunately not possible > getting a newer version into the Debian repositories might also be good Use the one from the backports
gitea-mirror commented 2026-05-05 06:10:55 -06:00
Author
Owner
Copy link

@matu3ba commented on GitHub (Sep 8, 2020):

0.9.58.2 in Debian10 and I haven't modified (or created) these files.
If this is what caused the problem for the other users here and it has been resolved the issue could be closed. However, only allowing ${DESKTOP} might not solve all issues (I haven't checked if this problem still occurs for other locations) so I'd favor one of the suggestions I have made (for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error). Furthermore, getting a newer version into the Debian repositories might also be good - that might be something mostly outside the scope of this project though.

There is a new release planned.

@rusty-snake closing or would you prefer to adjust the bug template for symlink and permission stuff?

<!-- gh-comment-id:689193175 --> @matu3ba commented on GitHub (Sep 8, 2020): > 0.9.58.2 in Debian10 and I haven't modified (or created) these files. > If this is what caused the problem for the other users here and it has been resolved the issue could be closed. However, only allowing ${DESKTOP} might not solve all issues (I haven't checked if this problem still occurs for other locations) so I'd favor one of the suggestions I have made (for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error). Furthermore, getting a newer version into the Debian repositories might also be good - that might be something mostly outside the scope of this project though. There is a new [release planned](https://github.com/netblue30/firejail/issues/3618). @rusty-snake closing or would you prefer to adjust the bug template for symlink and permission stuff?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#566
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?