mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #928] Services preventing firejail from stopping #629
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#629
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @valoq on GitHub (Nov 19, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/928
when agent services like gpg-agent or ssh-agent are started by firejailed applications, firejail will not close because those services will keep running
When gpg-agent is automatically firejailed by firecfg, it will break many things like apt-get update when it is used by install scripts
Is there a way to prevent this? Mabe tell services to close when the application that started them is stopped
@netblue30 commented on GitHub (Nov 20, 2016):
I'll mark it as an enhancement,. The default is keep the sandbox running for as long as there are still processes running in the sandbox. I will probably add a new command line option, where the sandbox monitors a specific process and kills everything else if the process dies. Thanks for suggesting it, it makes sense in some cases.
@valoq commented on GitHub (Nov 21, 2016):
One idea would be to provide an option in the application profile to start services outside of the sandbox like normally. Might be the cleanest way.
@netblue30 commented on GitHub (Nov 21, 2016):
Yes, this will work if you know what services to start. Most of the time you don't know.
@smitsohu commented on GitHub (Nov 3, 2017):
It would be great also for #725. Right now unported KDE apps, when they don't run on KDE Plasma 4, launch all kinds of services inside the sandbox which keep running when the sandbox is closed.
@chiraag-nataraj commented on GitHub (Jan 9, 2018):
@netblue30 Was this ever implemented?
@Nokia808 commented on GitHub (Feb 7, 2021):
Is there any progression about this issue ? Can we expect a fix for this or not ?
One of most critically needed programs to be run under firejail is Thunderbird. Currently, due to this issue it is not working okay .........
@Nokia808 commented on GitHub (Feb 7, 2021):
Hi again. It seem that it is fixed at lest for Thunderbird !! Sorry for my previous comment, I gave it before testing ....
No when I closed Thunderbird after launching it by "firejail thunderbird" I will receive at the end the following in the terminal:
"Parent is shutting down, bye..."
This is very good !
@msva commented on GitHub (Mar 17, 2021):
@Nokia808 I bet, in your case it closes fine because
~/.gnupgis whitelisted.But I still have chrome/kmail/tb jails not closing because all of them using custom gpg homes, so all have separated gpg-agents, that keeps running in that jail..
So, that's why I think, we're need a profile option like "kill-remains", which will kill all remainings and close the jail after main process exited.