github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #844] vlc is not starting - read-only file system #576

New issue

Closed

opened 2026-05-05 06:12:16 -06:00 by gitea-mirror · 9 comments

gitea-mirror commented

2026-05-05 06:12:16 -06:00

Owner

Originally created by @frank-github on GitHub (Oct 7, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/844

trying to start vlc with default vlc.profile
don't find place where this folder was set to read-only

frank@ubuntu:~$ firejail /usr/bin/vlc -v
Reading profile //etc/firejail/vlc.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 14180, child pid 14181
Blacklist violations are logged to syslog
Warning: --protocol not supported on this platform
Child process initialized
VLC media player 2.1.6 Rincewind (revision 2.1.6-0-gea01d28)
[0x959c928] main libvlc warning: cannot create /usr/lib/vlc/plugins/plugins.dat.9 (Read-only file system)

Parent is shutting down, bye...

tried it with option --read-write=/usr/lib/vlc
got an error "Warning: you are not allowed to change /usr/lib/vlc to read-write"
and same result, vlc ending

Originally created by @frank-github on GitHub (Oct 7, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/844 trying to start vlc with default vlc.profile don't find place where this folder was set to read-only frank@ubuntu:~$ firejail /usr/bin/vlc -v Reading profile //etc/firejail/vlc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Parent pid 14180, child pid 14181 Blacklist violations are logged to syslog Warning: --protocol not supported on this platform Child process initialized VLC media player 2.1.6 Rincewind (revision 2.1.6-0-gea01d28) [0x959c928] main libvlc warning: **cannot create /usr/lib/vlc/plugins/plugins.dat.9 (Read-only file system)** Parent is shutting down, bye... tried it with option --read-write=/usr/lib/vlc got an error "Warning: you are not allowed to change /usr/lib/vlc to read-write" and same result, vlc ending

gitea-mirror

2026-05-05 06:12:16 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 06:12:22 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Oct 8, 2016):

Can you attach your profile? I'm asking because the version of the profile I have works with VLC. Also, which version of firejail are you using?

@chiraag-nataraj commented on GitHub (Oct 8, 2016): Can you attach your profile? I'm asking because the version of the profile I have works with VLC. Also, which version of `firejail` are you using?

gitea-mirror commented

2026-05-05 06:12:25 -06:00

Author

Owner

@frank-github commented on GitHub (Oct 8, 2016):

firejail version 0.9.42 (ubuntu 14.04 LTS)
I used vlc with default settings, I can't remember to put in any plugins
I use profile below, coming with this firejail version and it's the same as the latest in github repo

VLC media player profile

noblacklist ${HOME}/.config/vlc

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc

caps.drop all
netfilter
nogroups
nonewprivs
noroot
protocol unix,inet,inet6
seccomp
shell none
tracelog

private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
private-dev
private-tmp

@frank-github commented on GitHub (Oct 8, 2016): firejail version 0.9.42 (ubuntu 14.04 LTS) I used vlc with default settings, I can't remember to put in any plugins I use profile below, coming with this firejail version and it's the same as the latest in github repo > # VLC media player profile > noblacklist ${HOME}/.config/vlc > > include /etc/firejail/disable-common.inc > include /etc/firejail/disable-programs.inc > include /etc/firejail/disable-devel.inc > include /etc/firejail/disable-passwdmgr.inc > > caps.drop all > netfilter > nogroups > nonewprivs > noroot > protocol unix,inet,inet6 > seccomp > shell none > tracelog > > private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc > private-dev > private-tmp

gitea-mirror commented

2026-05-05 06:12:27 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 8, 2016):

Let's put this one as a bug, I have no idea what's going on. It is strange vlc tries to modify files in /usr directory. If you got some plugins from the web than it would be a security issue with the plugins.

@netblue30 commented on GitHub (Oct 8, 2016): Let's put this one as a bug, I have no idea what's going on. It is strange vlc tries to modify files in /usr directory. If you got some plugins from the web than it would be a security issue with the plugins.

gitea-mirror commented

2026-05-05 06:12:29 -06:00

Author

Owner

@frank-github commented on GitHub (Oct 8, 2016):

tried it with vlc 2.2.4 now
only 2 plugins are installed, which came with installation. Same problem 👎
And problem still exists, if I manual uninstall this both plugins 👎

@frank-github commented on GitHub (Oct 8, 2016): tried it with vlc 2.2.4 now only 2 plugins are installed, which came with installation. Same problem :-1: And problem still exists, if I manual uninstall this both plugins :-1:

gitea-mirror commented

2026-05-05 06:12:31 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 9, 2016):

Are you on a 32bit distro?

@netblue30 commented on GitHub (Oct 9, 2016): Are you on a 32bit distro?

gitea-mirror commented

2026-05-05 06:12:32 -06:00

Author

Owner

@frank-github commented on GitHub (Oct 9, 2016):

yes, 32bit

@frank-github commented on GitHub (Oct 9, 2016): yes, 32bit

gitea-mirror commented

2026-05-05 06:12:35 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 9, 2016):

What happens if you comment out the following lines in /etc/firejail/vlc.profile?

private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
private-dev
private-tmp

You just need to add a '#' in front of each one. We brought these lines in the profile a short time ago, maybe one of them is creating the problem.

@netblue30 commented on GitHub (Oct 9, 2016): What happens if you comment out the following lines in /etc/firejail/vlc.profile? ``` private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc private-dev private-tmp ``` You just need to add a '#' in front of each one. We brought these lines in the profile a short time ago, maybe one of them is creating the problem.

gitea-mirror commented

2026-05-05 06:12:36 -06:00

Author

Owner

@frank-github commented on GitHub (Oct 9, 2016):

Hi, no, this are not the problem entries, but I found it
---> tracelog

if I disable it, vlc is starting and running 👍

@frank-github commented on GitHub (Oct 9, 2016): Hi, no, this are not the problem entries, but I found it ---> **tracelog** if I disable it, vlc is starting and running :+1:

gitea-mirror commented

2026-05-05 06:12:37 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 9, 2016):

I've just took it out from etc/vlc.profile in git, thank you for debugging it.

Lent me kno If you find any other problem. There aren't too may users running on 32bit systems, and strange things happen. For example, on 64bit vlc has no problem with tracelog.,

@netblue30 commented on GitHub (Oct 9, 2016): I've just took it out from etc/vlc.profile in git, thank you for debugging it. Lent me kno If you find any other problem. There aren't too may users running on 32bit systems, and strange things happen. For example, on 64bit vlc has no problem with tracelog.,

gitea-mirror referenced this issue

2026-05-05 10:05:44 -06:00

[PR #580] [MERGED] added libreoffice profile #3670

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#576

No description provided.

Rows
Columns