[GH-ISSUE #1136] wine speed in firejail

gitea-mirror commented

2026-05-05 06:39:25 -06:00

Owner

Originally created by @Micha-Btz on GitHub (Mar 8, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1136

Hi there,

more a question than an issue. I have uses ElsterFormular for the German Tax.
It works with and without firejail but in firejail it is unbelievably slow under firejail.
Since I like the idea of wine in firejail it would be interesting if can get a little bit more speed. :-)

I'm not so experienced with wine how are your test and experiences?

Thanks Micha
Below some maybe usefully informations.

https://appdb.winehq.org/objectManager.php?sClass=version&iId=33405

firejail --version
firejail version 0.9.44.8
Compile time support:
	- AppArmor support is enabled
	- AppImage support is enabled
	- bind support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled
Distri are Debian SID

sysiphus:~/source/downloads$ dpkg -l|grep wine
ii  fonts-wine                                                  1.8.6-5                              all          Windows API implementation - fonts
ii  libwine:amd64                                               1.8.6-5                              amd64        Windows API implementation - library
ii  libwine:i386                                                1.8.6-5                              i386         Windows API implementation - library
ii  wine                                                        1.8.6-5                              all          Windows API implementation - standard suite
ii  wine32:i386                                                 1.8.6-5                              i386         Windows API implementation - 32-bit binary loader
ii  wine64                                                      1.8.6-5                              amd64        Windows API implementation - 64-bit binary loader
ii  winetricks                                                  0.0+20170101-1                       all          package manager for Wine to install software easily

Originally created by @Micha-Btz on GitHub (Mar 8, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1136 Hi there, more a question than an issue. I have uses ElsterFormular for the German Tax. It works with and without firejail but in firejail it is unbelievably slow under firejail. Since I like the idea of wine in firejail it would be interesting if can get a little bit more speed. :-) I'm not so experienced with wine how are your test and experiences? Thanks Micha Below some maybe usefully informations. https://appdb.winehq.org/objectManager.php?sClass=version&iId=33405 ``` firejail --version firejail version 0.9.44.8 Compile time support: - AppArmor support is enabled - AppImage support is enabled - bind support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled Distri are Debian SID sysiphus:~/source/downloads$ dpkg -l|grep wine ii fonts-wine 1.8.6-5 all Windows API implementation - fonts ii libwine:amd64 1.8.6-5 amd64 Windows API implementation - library ii libwine:i386 1.8.6-5 i386 Windows API implementation - library ii wine 1.8.6-5 all Windows API implementation - standard suite ii wine32:i386 1.8.6-5 i386 Windows API implementation - 32-bit binary loader ii wine64 1.8.6-5 amd64 Windows API implementation - 64-bit binary loader ii winetricks 0.0+20170101-1 all package manager for Wine to install software easily ```

gitea-mirror

2026-05-05 06:39:25 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 06:39:29 -06:00

Author

Owner

@msva commented on GitHub (Mar 9, 2017):

Did you write custom profile for it?
If so, did you enable any trace* directives?
Some apps can start working very slow when run with trace.

If you don't, then:

try to whitelist cache dirs (~/.cache, /var/cache/),
run you app from commandline under firejail with --trace firejail option, and look, which files it trying to access. Sometimes, applications want to, for example, regenerate font cache, if can't find it, and it can take a long time, if you have tons fonts installed. It also can be anything also pretended to be cached.

@msva commented on GitHub (Mar 9, 2017): Did you write custom profile for it? If so, did you enable any `trace*` directives? Some apps can start working very slow when run with trace. If you don't, then: 1) try to whitelist cache dirs (`~/.cache`, `/var/cache/`), 2) run you app from commandline under firejail with `--trace` firejail option, and look, which files it trying to access. Sometimes, applications want to, for example, regenerate font cache, if can't find it, and it can take a long time, if you have tons fonts installed. It also can be anything also pretended to be cached.

gitea-mirror commented

2026-05-05 06:39:31 -06:00

Author

Owner

@Micha-Btz commented on GitHub (Mar 12, 2017):

Hi there,

I use the original from https://github.com/netblue30/firejail/blob/master/etc/wine.profile without a wine.local profile.

maybe it is dedicatet to 32bit:

 firejail --trace wine ~/.wine/drive_c/Program\ Files\ \(x86\)/ElsterFormular/bin/pica.exe
Reading profile /etc/firejail/wine.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Parent pid 18463, child pid 18464
Child process initialized
2:bash:open /dev/tty:3
2:wine:open /usr/bin/wine:3
ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored.
ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored.
4:wineserver:open /usr/lib/wine/wineserver:3
4:wineserver64:fopen /etc/passwd:0x25ae650
4:wineserver64:open /dev/null:3
4:wineserver64:open .:4
4:wineserver64:mkdir /tmp/.wine-1000:0
4:wineserver64:mkdir /tmp/.wine-1000/server-6a-100:0
4:wineserver64:open .:5
4:wineserver64:open lock:6
4:wineserver64:unlink socket:-1
4:wineserver64:socket AF_LOCAL SOCK_STREAM 0:8
4:wineserver64:bind 8 socket:0
ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored.
ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored.
^V^C
Parent received signal 2, shutting down the child process...

Parent is shutting down, bye...

Child received signal 15, shutting down the sandbox...

I will do some tests and report back.

Micha

@Micha-Btz commented on GitHub (Mar 12, 2017): Hi there, I use the original from https://github.com/netblue30/firejail/blob/master/etc/wine.profile without a wine.local profile. maybe it is dedicatet to 32bit: ``` firejail --trace wine ~/.wine/drive_c/Program\ Files\ $x86$/ElsterFormular/bin/pica.exe Reading profile /etc/firejail/wine.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Parent pid 18463, child pid 18464 Child process initialized 2:bash:open /dev/tty:3 2:wine:open /usr/bin/wine:3 ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored. ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored. 4:wineserver:open /usr/lib/wine/wineserver:3 4:wineserver64:fopen /etc/passwd:0x25ae650 4:wineserver64:open /dev/null:3 4:wineserver64:open .:4 4:wineserver64:mkdir /tmp/.wine-1000:0 4:wineserver64:mkdir /tmp/.wine-1000/server-6a-100:0 4:wineserver64:open .:5 4:wineserver64:open lock:6 4:wineserver64:unlink socket:-1 4:wineserver64:socket AF_LOCAL SOCK_STREAM 0:8 4:wineserver64:bind 8 socket:0 ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored. ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored. ^V^C Parent received signal 2, shutting down the child process... Parent is shutting down, bye... Child received signal 15, shutting down the sandbox... ``` I will do some tests and report back. Micha

gitea-mirror commented

2026-05-05 06:39:34 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 13, 2017):

2:bash:open /dev/tty:3
2:wine:open /usr/bin/wine:3

One process managed to load librace.so. The library is compiled for 64bit systems.

ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored.

This is probably another process. It is expecting a 32bit library. Wine is a combination of 32bit and 64bit processes running in parallel. I don't think --trace will work.

Going back to your original problem: if you run the sandbox with --noprofile, do you still see the slowdown?

@netblue30 commented on GitHub (Mar 13, 2017): > 2:bash:open /dev/tty:3 > 2:wine:open /usr/bin/wine:3 One process managed to load librace.so. The library is compiled for 64bit systems. > ERROR: ld.so: object '/usr/lib/x86_64-linux-gnu/firejail/libtrace.so' from /etc/ld.so.preload cannot be preloaded (wrong ELF class: ELFCLASS64): ignored. This is probably another process. It is expecting a 32bit library. Wine is a combination of 32bit and 64bit processes running in parallel. I don't think --trace will work. Going back to your original problem: if you run the sandbox with --noprofile, do you still see the slowdown?

gitea-mirror commented

2026-05-05 06:39:35 -06:00

Author

Owner

@Micha-Btz commented on GitHub (Mar 13, 2017):

starting wine with --noprofile, didn't slowdown wine. But now I'm not sure if I smarter now :-P

@Micha-Btz commented on GitHub (Mar 13, 2017): starting wine with --noprofile, didn't slowdown wine. But now I'm not sure if I smarter now :-P

gitea-mirror commented

2026-05-05 06:39:37 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 16, 2017):

I would try to find out what line in the profile is creating the problem: open /etc/firejail/wine.profile and comment out the lines in the profile one by one.

@netblue30 commented on GitHub (Mar 16, 2017): I would try to find out what line in the profile is creating the problem: open /etc/firejail/wine.profile and comment out the lines in the profile one by one.

gitea-mirror commented

2026-05-05 06:39:39 -06:00

Author

Owner

@Micha-Btz commented on GitHub (Mar 27, 2017):

If i comment out seccomp it runs as fast as without firejail.
Maybe dedicated to the switch between 32 and 64bit.

@Micha-Btz commented on GitHub (Mar 27, 2017): If i comment out seccomp it runs as fast as without firejail. Maybe dedicated to the switch between 32 and 64bit.

gitea-mirror commented

2026-05-05 06:39:42 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 27, 2017):

Thanks for the info, I'll keep an eye on it.

@netblue30 commented on GitHub (Mar 27, 2017): Thanks for the info, I'll keep an eye on it.

gitea-mirror referenced this issue

2026-05-05 07:21:40 -06:00

[GH-ISSUE #1570] Avoid 'exo-open' on xfce desktop #1046

gitea-mirror referenced this issue

2026-05-05 07:22:33 -06:00