github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #930] Atril doesn't work with --net=none #631

New issue

Closed

opened 2026-05-05 06:19:03 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 06:19:03 -06:00

Owner

Originally created by @acrobat1 on GitHub (Nov 20, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/930

Using the --net=none option with Atril (in Debian Jessie with firejail version 0.9.44) makes impossible to open any documents : Atril will launch, but then will fail to open anything.

Since I can't see why it should have any network access while reading local pdf files, I've tried

firejail --net=none --debug atril <file.pdf>

which results in this error

(atril:4): EggSMClient-WARNING **: Failed to connect to the session manager: Could not open network socket
Failed to get bus connection: Could not connect: Connection refused

and also

firejail --net=none --debug --whitelist=~/file.pdf atril

which gives this similar error

(atril:4): EggSMClient-WARNING **: Failed to connect to the session manager: Could not open network socket
Failed to get bus connection: Could not connect: Connection refused
Error creating proxy: Could not connect: Connection refused (g-io-error-quark, 39)

when trying to navigate to the pdf file using CTRl+O .

It is clearly linked to the --net=none option, since getting rid of it solves the issue, still : why would Atril need networking enabled just in order to read local files?

I can see that the default profile for Atril already has "protocol unix" instead of "protocol unix,inet,inet6" as suggested here https://github.com/netblue30/firejail/issues/562#issuecomment-225359382 , yet it doesn't work as far as I can see.

Is this a bug in Atril, some weird issue with Dbus or something to correct in Firejail?

Is there any other workaround that I can try to restrict network access in Atril?

Also, I think something similar is happening with Gimp and other image viewers (Geeqie) as well when using the --net=none argument .

Originally created by @acrobat1 on GitHub (Nov 20, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/930 Using the **--net=none** option with Atril (in Debian Jessie with firejail version 0.9.44) makes impossible to open any documents : Atril will launch, but then will fail to open anything. Since I can't see why it should have any network access while reading local pdf files, I've tried `firejail --net=none --debug atril <file.pdf> ` which results in this error >(atril:4): EggSMClient-WARNING **: Failed to connect to the session manager: Could not open network socket >Failed to get bus connection: Could not connect: Connection refused and also `firejail --net=none --debug --whitelist=~/file.pdf atril ` which gives this similar error >(atril:4): EggSMClient-WARNING **: Failed to connect to the session manager: Could not open network socket >Failed to get bus connection: Could not connect: Connection refused >Error creating proxy: Could not connect: Connection refused (g-io-error-quark, 39) when trying to navigate to the pdf file using CTRl+O . It is clearly linked to the --net=none option, since getting rid of it solves the issue, still : why would Atril need networking enabled just in order to read local files? I can see that the default profile for Atril already has *"protocol unix"* instead of *"protocol unix,inet,inet6"* as suggested here https://github.com/netblue30/firejail/issues/562#issuecomment-225359382 , yet it doesn't work as far as I can see. Is this a bug in Atril, some weird issue with Dbus or something to correct in Firejail? Is there any other workaround that I can try to restrict network access in Atril? Also, I think something similar is happening with Gimp and other image viewers (Geeqie) as well when using the --net=none argument .

gitea-mirror

2026-05-05 06:19:03 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 06:19:10 -06:00

Author

Owner

@valoq commented on GitHub (Nov 21, 2016):

Using "protocol unix" will already block network access except for local sockets.
As sockets are a commonly used by processes to communicate with other processes locally using "net none" would block even those communication attempts.

If the goal is to block your application from connection to the local network or internet, using "protocol unix" will work just fine.

@valoq commented on GitHub (Nov 21, 2016): Using "protocol unix" will already block network access except for local sockets. As sockets are a commonly used by processes to communicate with other processes locally using "net none" would block even those communication attempts. If the goal is to block your application from connection to the local network or internet, using "protocol unix" will work just fine.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#631

No description provided.

Rows
Columns