github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #1342] firejail {--tree|--list} not listing anything #924

New issue
Closed
opened 2026-05-05 07:09:24 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 07:09:24 -06:00
Owner
Copy link

Originally created by @rieje on GitHub (Jun 21, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1342

I am running my Firefox instances in sandboxes and neither firejail --tree nor firejail --listare listing anything in the output, with or withoutsudo` privileges. I'm using latest version of Arch Linux and Firejail. I recall using these commands without problems in the past.

How can I diagnose this issue to provide more relevant information?

Originally created by @rieje on GitHub (Jun 21, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1342 I am running my Firefox instances in sandboxes and neither `firejail --tree` nor firejail --list` are listing anything in the output, with or without `sudo` privileges. I'm using latest version of Arch Linux and Firejail. I recall using these commands without problems in the past. How can I diagnose this issue to provide more relevant information?
gitea-mirror 2026-05-05 07:09:24 -06:00
gitea-mirror commented 2026-05-05 07:09:33 -06:00
Author
Owner
Copy link

@curiosity-seeker commented on GitHub (Jun 22, 2017):

Please start the task manager of your choice and select tree view or use htop. Is Firefox displayed as a child process of Firejail?

<!-- gh-comment-id:310356777 --> @curiosity-seeker commented on GitHub (Jun 22, 2017): Please start the task manager of your choice and select tree view or use htop. Is Firefox displayed as a child process of Firejail?
gitea-mirror commented 2026-05-05 07:09:38 -06:00
Author
Owner
Copy link

@rieje commented on GitHub (Jun 22, 2017):

@curiosity-seeker Hmm, seems not. I installed htop and filtered for "firefox" and I don't see firejail anywhere. I have a wrapper script for firejail + firefox so to test another application I did firejail zathura htop still doesn't show anything for firejail.

pidof firejail shows nothing.

When I execute firejail zathura, this is what's displayed at the terminal before zathura launches:

Reading profile /etc/firejail/zathura.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Warning: noroot option is not available
Parent pid 4402, child pid 4403
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 68.07 ms

** (zathura:6): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-ubJdZhmLtB: Connection refused

What's the next step?

<!-- gh-comment-id:310517354 --> @rieje commented on GitHub (Jun 22, 2017): @curiosity-seeker Hmm, seems not. I installed htop and filtered for "firefox" and I don't see firejail anywhere. I have a wrapper script for firejail + firefox so to test another application I did `firejail zathura` htop still doesn't show anything for firejail. `pidof firejail` shows nothing. When I execute `firejail zathura`, this is what's displayed at the terminal before zathura launches: Reading profile /etc/firejail/zathura.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Warning: noroot option is not available Parent pid 4402, child pid 4403 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized in 68.07 ms ** (zathura:6): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-ubJdZhmLtB: Connection refused What's the next step?
gitea-mirror commented 2026-05-05 07:09:41 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 22, 2017):

I am running my Firefox instances in sandboxes and neither firejail --tree nor firejail --listare listing anything in the output, with or withoutsudo` privileges.

This is how you test it: open a terminal and run "firejail", then open another terminal and run "firejail --tree" or "firejail --list". The information for --tree and --list is extracted from /proc directory. If /proc is in any way restricted, the information will not be available. Question: when you mount /proc (probably this happens in /etc/fstab), are you using "hidepid" option?

<!-- gh-comment-id:310531924 --> @netblue30 commented on GitHub (Jun 22, 2017): > I am running my Firefox instances in sandboxes and neither firejail --tree nor firejail --listare listing anything in the output, with or withoutsudo` privileges. This is how you test it: open a terminal and run "firejail", then open another terminal and run "firejail --tree" or "firejail --list". The information for --tree and --list is extracted from /proc directory. If /proc is in any way restricted, the information will not be available. Question: when you mount /proc (probably this happens in /etc/fstab), are you using "hidepid" option?
gitea-mirror commented 2026-05-05 07:09:47 -06:00
Author
Owner
Copy link

@rieje commented on GitHub (Jun 23, 2017):

@netblue30 Ahh, that was it. I removed hidepid=2,gid=proc (which I had for security reasons) from /etc/fstab, rebooted, and now I'm getting expected output. So I guess this is a trade-off then?

<!-- gh-comment-id:310544720 --> @rieje commented on GitHub (Jun 23, 2017): @netblue30 Ahh, that was it. I removed `hidepid=2,gid=proc` (which I had for security reasons) from `/etc/fstab`, rebooted, and now I'm getting expected output. So I guess this is a trade-off then?
gitea-mirror commented 2026-05-05 07:09:50 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 23, 2017):

Maybe it is because "gid=proc" in your mount option? I am on a 4.9 kernel (Debian stretch):

$ sudo mount -o remount,rw,hidepid=2 /proc
[sudo] password for netblue: 
$ ls /proc/
1002  1132  2751       crypto       kallsyms     mounts        sysrq-trigger
1010  1136  3275       devices      kcore        mtrr          sysvipc
1047  1141  3277       diskstats    keys         net           thread-self
1052  1145  3289       dma          key-users    pagetypeinfo  timer_list
1056  1150  997        driver       kmsg         partitions    tty
1067  1159  acpi       execdomains  kpagecgroup  sched_debug   uptime
1076  1176  asound     fb           kpagecount   schedstat     version
1081  1483  buddyinfo  filesystems  kpageflags   self          vmallocinfo
1098  1490  bus        fs           loadavg      slabinfo      vmstat
1102  1502  cgroups    interrupts   locks        softirqs      zoneinfo
1111  1727  cmdline    iomem        meminfo      stat
1118  2349  consoles   ioports      misc         swaps
1129  2351  cpuinfo    irq          modules      sys
$ firejail --list
2989:netblue:/usr/bin/firejail /usr/bin/firefox-esr 
3290:netblue:firejail --list 
$ firejail --tree
2989:netblue:/usr/bin/firejail /usr/bin/firefox-esr 
  2990:netblue:/usr/bin/firejail /usr/bin/firefox-esr 
    3003:netblue:/usr/bin/firefox-esr 
      3058:netblue:/usr/lib/firefox-esr/plugin-container -greomni /usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-esr/browser/omni.ja -appdir /usr/lib/firefox-esr/browser 12 true tab 
3308:netblue:firejail --tree 

$ uname -r
4.9.0-3-amd64
<!-- gh-comment-id:310694014 --> @netblue30 commented on GitHub (Jun 23, 2017): Maybe it is because "gid=proc" in your mount option? I am on a 4.9 kernel (Debian stretch): ````` $ sudo mount -o remount,rw,hidepid=2 /proc [sudo] password for netblue: $ ls /proc/ 1002 1132 2751 crypto kallsyms mounts sysrq-trigger 1010 1136 3275 devices kcore mtrr sysvipc 1047 1141 3277 diskstats keys net thread-self 1052 1145 3289 dma key-users pagetypeinfo timer_list 1056 1150 997 driver kmsg partitions tty 1067 1159 acpi execdomains kpagecgroup sched_debug uptime 1076 1176 asound fb kpagecount schedstat version 1081 1483 buddyinfo filesystems kpageflags self vmallocinfo 1098 1490 bus fs loadavg slabinfo vmstat 1102 1502 cgroups interrupts locks softirqs zoneinfo 1111 1727 cmdline iomem meminfo stat 1118 2349 consoles ioports misc swaps 1129 2351 cpuinfo irq modules sys $ firejail --list 2989:netblue:/usr/bin/firejail /usr/bin/firefox-esr 3290:netblue:firejail --list $ firejail --tree 2989:netblue:/usr/bin/firejail /usr/bin/firefox-esr 2990:netblue:/usr/bin/firejail /usr/bin/firefox-esr 3003:netblue:/usr/bin/firefox-esr 3058:netblue:/usr/lib/firefox-esr/plugin-container -greomni /usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-esr/browser/omni.ja -appdir /usr/lib/firefox-esr/browser 12 true tab 3308:netblue:firejail --tree $ uname -r 4.9.0-3-amd64 `````
gitea-mirror commented 2026-05-05 07:09:53 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jun 23, 2017):

Definitely something to do with gid=proc (kernel 4.9):

$ sudo mount -o remount,rw,hidepid=2,gid=proc /proc
mount: special device proc does not exist

The correct one, at leaset on 4.9 kernel seems to be:

$ sudo mount -o remount,rw,hidepid=2,gid=1000 /proc
$

1000 is the id of my group:

$ id
uid=1000(netblue) gid=1000(netblue) groups=1000(netblue),27(sudo)
<!-- gh-comment-id:310695318 --> @netblue30 commented on GitHub (Jun 23, 2017): Definitely something to do with gid=proc (kernel 4.9): ````` $ sudo mount -o remount,rw,hidepid=2,gid=proc /proc mount: special device proc does not exist ````` The correct one, at leaset on 4.9 kernel seems to be: ````` $ sudo mount -o remount,rw,hidepid=2,gid=1000 /proc $ ````` 1000 is the id of my group: ````` $ id uid=1000(netblue) gid=1000(netblue) groups=1000(netblue),27(sudo) `````
gitea-mirror commented 2026-05-05 07:09:57 -06:00
Author
Owner
Copy link

@rieje commented on GitHub (Jul 3, 2017):

Do you use this yourself? I noticed with it I can't log into X and needed t comment it out from /etc/fstab then restart the system. My line is:

proc 			/proc		proc		nosuid,nodev,noexec,hidepid=2,gid=1000  0 0

with 1000 being the id of my group.

<!-- gh-comment-id:312653957 --> @rieje commented on GitHub (Jul 3, 2017): Do you use this yourself? I noticed with it I can't log into X and needed t comment it out from /etc/fstab then restart the system. My line is: proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=1000 0 0 with 1000 being the id of my group.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#924
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?