github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #875] Warnings with --x11=xorg #593

New issue

Closed

opened 2026-05-05 06:14:33 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 06:14:33 -06:00

Owner

Originally created by @valoq on GitHub (Oct 26, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/875

using the X11 security extension leads to the following warning at startup:
/usr/bin/xauth: file /run/firejail/mnt/sec.Xauthority does not exist

Also when using it with firefox, most things seem to work fine but the terminal (from which it was started with firejail --x11=xorg firefox) spams with the following message whenever the mouse is moved:
Xlib: extension "XInputExtension" missing on display ":0".

There is also a changed mouse cursor when hovering over links.
I suspect there are some config files that are missing access exceptions.

The documentation says taht xterm will not work with this option but XTerm(327) seems to have no issues so far.

Is there a way to test keylogging functionality with this option? xinput is no available when using this option, which is probably a good thing but not helpful for testing.

Originally created by @valoq on GitHub (Oct 26, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/875 using the X11 security extension leads to the following warning at startup: /usr/bin/xauth: file /run/firejail/mnt/sec.Xauthority does not exist Also when using it with firefox, most things seem to work fine but the terminal (from which it was started with firejail --x11=xorg firefox) spams with the following message whenever the mouse is moved: Xlib: extension "XInputExtension" missing on display ":0". There is also a changed mouse cursor when hovering over links. I suspect there are some config files that are missing access exceptions. The documentation says taht xterm will not work with this option but XTerm(327) seems to have no issues so far. Is there a way to test keylogging functionality with this option? xinput is no available when using this option, which is probably a good thing but not helpful for testing.

gitea-mirror

2026-05-05 06:14:33 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 06:14:40 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 27, 2016):

/usr/bin/xauth: file /run/firejail/mnt/sec.Xauthority does not exist

This is a bug, I was able to reproduce it:

$ firejail --x11=xorg xterm
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 32546, child pid 32547
/usr/bin/xauth:  file /run/firejail/mnt/sec.Xauthority does not exist
Child process initialized

Xlib: extension "XInputExtension" missing on display ":0"

Yes, they seem to disable a number of x11 extensions such as XInput, RANDR, RECORD and SHAPE. I don't have a full list, if you find one please let me know.

XTerm(327) seems to have no issues so far

On debian stable xterm(312) seems also to work, however when I select text with the mouse it crashes immediately.

keylogging

I grabbed a bunch of keyloggers from the web, compiled them and started them inside the sandbox. They don't seem to pick up anything from outside the sandbox. This is one example: https://github.com/magcius/keylog.

@netblue30 commented on GitHub (Oct 27, 2016): > /usr/bin/xauth: file /run/firejail/mnt/sec.Xauthority does not exist This is a bug, I was able to reproduce it: ``` $ firejail --x11=xorg xterm Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-passwdmgr.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 32546, child pid 32547 /usr/bin/xauth: file /run/firejail/mnt/sec.Xauthority does not exist Child process initialized ``` > Xlib: extension "XInputExtension" missing on display ":0" Yes, they seem to disable a number of x11 extensions such as XInput, RANDR, RECORD and SHAPE. I don't have a full list, if you find one please let me know. > XTerm(327) seems to have no issues so far On debian stable xterm(312) seems also to work, however when I select text with the mouse it crashes immediately. > keylogging I grabbed a bunch of keyloggers from the web, compiled them and started them inside the sandbox. They don't seem to pick up anything from outside the sandbox. This is one example: https://github.com/magcius/keylog.

gitea-mirror commented

2026-05-05 06:14:44 -06:00

Author

Owner

@valoq commented on GitHub (Oct 27, 2016):

On debian stable xterm(312) seems also to work, however when I select text with the mouse it crashes immediately.

I have experienced crashes with all tested applications, whenever I tried to copy some text.
Is this preventable by firejail or an x11 bug?

Regarding certain x11 features: is it possible to (safely) enable or disable specific features for single applications? No being able to copie from one window to another (no to mention the crashes) does not make this feature very useful. If this were possible it would be an awesome alternative for xpra on the other hand.

@valoq commented on GitHub (Oct 27, 2016): > On debian stable xterm(312) seems also to work, however when I select text with the mouse it crashes immediately. I have experienced crashes with all tested applications, whenever I tried to copy some text. Is this preventable by firejail or an x11 bug? Regarding certain x11 features: is it possible to (safely) enable or disable specific features for single applications? No being able to copie from one window to another (no to mention the crashes) does not make this feature very useful. If this were possible it would be an awesome alternative for xpra on the other hand.

gitea-mirror commented

2026-05-05 06:14:46 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 29, 2016):

I have experienced crashes with all tested applications, whenever I tried to copy some text.
Is this preventable by firejail or an x11 bug?

No, some applications are just crashing when x11 security extension is enabled. These are application problems, basically they don't do any kind of error recovery.

No being able to copie from one window to another

Copying works for --x11=xpra, the clipboard seems to be configurable.

For xephyr you will have to run both applications on the same x11 server, I have an example for --x11=xephyr here: https://firejail.wordpress.com/documentation-2/x11-guide/#listing.

X11 security extension disables the clipboard and drag&drop,

@netblue30 commented on GitHub (Oct 29, 2016): > I have experienced crashes with all tested applications, whenever I tried to copy some text. > Is this preventable by firejail or an x11 bug? No, some applications are just crashing when x11 security extension is enabled. These are application problems, basically they don't do any kind of error recovery. > No being able to copie from one window to another Copying works for --x11=xpra, the clipboard seems to be configurable. For xephyr you will have to run both applications on the same x11 server, I have an example for --x11=xephyr here: https://firejail.wordpress.com/documentation-2/x11-guide/#listing. X11 security extension disables the clipboard and drag&drop,

gitea-mirror commented

2026-05-05 06:14:47 -06:00

Author

Owner

@netblue30 commented on GitHub (Nov 5, 2016):

Fixed.

@netblue30 commented on GitHub (Nov 5, 2016): Fixed.

gitea-mirror referenced this issue

2026-05-05 08:25:11 -06:00

[GH-ISSUE #2792] Wiki: Frequently Asked Questions #1747

gitea-mirror referenced this issue

2026-05-05 08:25:13 -06:00