dbus-launch inhibits --x11 server exit. Blacklisting it seems to fix it. #941

New issue

Closed

opened 2026-05-05 07:11:55 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 07:11:55 -06:00

Owner

Originally created by @caoliver on GitHub (Jul 13, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1378

I'm not sure if this is documented, but some applications run dbus-launch when they start. This grabs the containing X server, and that server persists after the desired clients exit. The work-around I've just started playing with is to blacklist /usr/bin/dbus-launch. So far, this seems to do the trick, and the server now exits cleanly on application exit.

Example: firejail --net=eth0 --x11 --blacklist=/usr/bin/dbus-launch firefox

Originally created by @caoliver on GitHub (Jul 13, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1378 I'm not sure if this is documented, but some applications run dbus-launch when they start. This grabs the containing X server, and that server persists after the desired clients exit. The work-around I've just started playing with is to blacklist /usr/bin/dbus-launch. So far, this seems to do the trick, and the server now exits cleanly on application exit. Example: firejail --net=eth0 --x11 --blacklist=/usr/bin/dbus-launch firefox

gitea-mirror

2026-05-05 07:11:55 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:11:59 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 22, 2018):

Yeah, we see this with gpg-agent sometimes as well (although on systemd systems, you can just use writable-run-user to allow the program to connect to the user's instance of gpg-agent).

@chiraag-nataraj commented on GitHub (Jul 22, 2018): Yeah, we see this with `gpg-agent` sometimes as well (although on systemd systems, you can just use `writable-run-user` to allow the program to connect to the user's instance of `gpg-agent`).

gitea-mirror commented

2026-05-05 07:12:00 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 22, 2018):

We don't really have a way to fix this at present, since as far as firejail is concerned, there's still a process running within the sandbox.

@chiraag-nataraj commented on GitHub (Jul 22, 2018): We don't really have a way to fix this at present, since as far as `firejail` is concerned, there's still a process running within the sandbox.

gitea-mirror commented

2026-05-05 07:12:01 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Jul 22, 2018):

@chiraag-nataraj Firejail processes from thunderbird always seem to stick around on my system -- maybe this is why? I do have the enigmail extension so it probably calls some gpg stuff.

@Fred-Barclay commented on GitHub (Jul 22, 2018): @chiraag-nataraj Firejail processes from thunderbird always seem to stick around on my system -- maybe this is why? I do have the enigmail extension so it probably calls some gpg stuff.

gitea-mirror commented

2026-05-05 07:12:03 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 23, 2018):

Yeah, if you run firejail --tree, you should see what's stuck around - in your case, it's probably gpg-agent.

@chiraag-nataraj commented on GitHub (Jul 23, 2018): Yeah, if you run `firejail --tree`, you should see what's stuck around - in your case, it's probably `gpg-agent`.

gitea-mirror referenced this issue

2026-05-05 10:08:07 -06:00

[PR #941] [MERGED] New profiles: pluma and xed #3798

gitea-mirror referenced this issue

2026-05-05 10:49:28 -06:00

[PR #6477] [MERGED] profiles: firecfg: disable text editors #6033