mpv wrapper #859

New issue

Closed

opened 2026-05-05 06:59:31 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 06:59:31 -06:00

Owner

Originally created by @rieje on GitHub (May 1, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1259

If I run the command /usr/bin/firejail --seccomp --profile="${HOME}"/.config/firejail/mpv.profile /usr/bin/mpv <a_video>, it works. Then, I create the wrapper for /usr/local/bin so calling any instances of mpv uses the firejail sandbox automatically:

#!/usr/local/env sh
/usr/bin/firejail --seccomp --profile="${HOME}"/.config/firejail/mpv.profile /usr/bin/mpv "$@"

I open a new shell instance and run mpv and it fails to open the video, failing with the following:

Reading profile /home/rieje/.config/firejail/mpv.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Warning: user namespaces not available in the current kernel.
Parent pid 22947, child pid 22948
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized
Parent is shutting down, bye...

Any ideas what may be the issue? I did the same thing with firefox and it works fine. Seems bizarre that command in the wrapper script does not work but works if I execute it directly on the terminal.

Originally created by @rieje on GitHub (May 1, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1259 If I run the command `/usr/bin/firejail --seccomp --profile="${HOME}"/.config/firejail/mpv.profile /usr/bin/mpv <a_video>`, it works. Then, I create the wrapper for /usr/local/bin so calling any instances of `mpv` uses the firejail sandbox automatically: #!/usr/local/env sh /usr/bin/firejail --seccomp --profile="${HOME}"/.config/firejail/mpv.profile /usr/bin/mpv "$@" I open a new shell instance and run mpv and it fails to open the video, failing with the following: ``` Reading profile /home/rieje/.config/firejail/mpv.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Warning: user namespaces not available in the current kernel. Parent pid 22947, child pid 22948 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized Parent is shutting down, bye... ``` Any ideas what may be the issue? I did the same thing with firefox and it works fine. Seems bizarre that command in the wrapper script does not work but works if I execute it directly on the terminal.

gitea-mirror

2026-05-05 06:59:31 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 06:59:37 -06:00

Author

Owner

@netblue30 commented on GitHub (May 1, 2017):

If you have a "private-bin" statement in your profile, comment it out (add a #).

The recommended way to set this up is to use firecfg. Delete your mpv script from /usr/local/bin and run:

$ sudo firecfg

It will create a symbolic link to /usr/bin/firejail and everything will work just fine.

@netblue30 commented on GitHub (May 1, 2017): If you have a "private-bin" statement in your profile, comment it out (add a #). The recommended way to set this up is to use firecfg. Delete your mpv script from /usr/local/bin and run: ````` $ sudo firecfg ````` It will create a symbolic link to /usr/bin/firejail and everything will work just fine.

gitea-mirror referenced this issue

2026-05-05 10:07:40 -06:00

[PR #859] [MERGED] added /srv in whitelist option #3774

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#859

No description provided.

Rows
Columns