Firejail: [profile] firefox on 0.9.62 with sway/voidlinux won't start

Created on 20 Jan 2020  路  5Comments  路  Source: netblue30/firejail

Hi,

firefox won't start with the profile 0.9.62 on sway/voidlinux.

It works when I remove the lines
whitelist /usr/share/mozilla
include whitelist-usr-share-common.inc
from /etc/firejail/firefox.profile

I tried to create a new file /etc/firejail/firefox.local with
ignore whitelist /usr/share/mozilla
ignore include whitelist-usr-share-common.inc
but that doesn't work.

I tried to find what's missing by running it with firejail --trace /usr/bin/firefox but that didn't give me any clues.

picture the-antz

Most helpful comment

You're quite an regex wizzard :).

Had to remove the asterisk but here's what it accesses:

/usr/share//mime
/usr/share/X11
/usr/share/applications
/usr/share/cursors
/usr/share/fontconfig
/usr/share/fonts
/usr/share/glib-2.0
/usr/share/gtk-3.0
/usr/share/icons
/usr/share/icu
/usr/share/locale
/usr/share/mime
/usr/share/mozilla
/usr/share/pixmaps
/usr/share/themes

edit: forgot an S in /usr/share/themes
Seems to be /usr/share/icu.
Trying that now..

picture the-antz on 20 Jan 2020
🎉1 😄1 👍1

All 5 comments

Hi @the-antz,

Is there any error message in the console?

Can you run firejail --trace=ff.trace --noprofile firefox (when firefox is not running) (just start and close it). Then post the output of grep -oE " /usr/share//?[^/:]+" ff.trace | sort -u here.

PS: see also #2153

rusty-snake picture rusty-snake on 20 Jan 2020

You're quite an regex wizzard :).

Had to remove the asterisk but here's what it accesses:

/usr/share//mime
/usr/share/X11
/usr/share/applications
/usr/share/cursors
/usr/share/fontconfig
/usr/share/fonts
/usr/share/glib-2.0
/usr/share/gtk-3.0
/usr/share/icons
/usr/share/icu
/usr/share/locale
/usr/share/mime
/usr/share/mozilla
/usr/share/pixmaps
/usr/share/themes

edit: forgot an S in /usr/share/themes
Seems to be /usr/share/icu.
Trying that now..

the-antz picture the-antz on 20 Jan 2020
🎉1 😄1 👍1

Adding /usr/share/icu to the whitelist fixes it. Thx for the quick help :).

Should I add it to whitelist-usr-share-common.inc and make a PR?

the-antz picture the-antz on 20 Jan 2020

make a PR?

yes, please.

Should I add it to whitelist-usr-share-common.inc

depending on the content of icu it shoudl be added to wusc or to firefox.

rusty-snake picture rusty-snake on 20 Jan 2020

The only file I have there is /usr/share/icu/64.2/icudt64l.dat. It seems to be some unicode stuff (http://site.icu-project.org/), not specific to firefox.

the-antz picture the-antz on 20 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

fl-chris picture fl-chris  路  4Comments
thiswillbeyourgithub picture thiswillbeyourgithub  路  3Comments
SkewedZeppelin picture SkewedZeppelin  路  3Comments
reinerh picture reinerh  路  3Comments
nuxwin picture nuxwin  路  3Comments