How to run Firefox in Firejail?

Question

I'm trying to run Firefox in firejail, on Ubuntu 22.04.1.

When I use firejail firefox, I get:

Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 4178, child pid 4197
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 110.56 ms
panic: permission denied

goroutine 1 [running]:
github.com/snapcore/snapd/snapdtool.ExecInSnapdOrCoreSnap()
    /build/snapd-fBNDak/snapd-2.56.2+22.04ubuntu1/snapdtool/tool_linux.go:205 +0x40e
main.main()
    /build/snapd-fBNDak/snapd-2.56.2+22.04ubuntu1/cmd/snap/main.go:443 +0x45

Parent is shutting down, bye...

When I use sudo firejail firefox, I get:

Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: noroot option is not available
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, DBus user socket was not found.

Unfortunately I don't really understand what the computer is saying. I've also installed Firetools, but clicking on the Firefox icon from there doesn't seem to do anything.

What do I need to do to get it working?

You need to remove the Firefox snap version and install the apt version. — David, Oct 19 '22 at 06:52
is this helpful? https://unix.stackexchange.com/questions/561694/sandboxing-firefox-using-firejail-download-directory — graham, Oct 19 '22 at 08:12
Not all sandboxes are equal. For example: Firejail does not allow to write outside Downloads. Sandbox does not prevent such writing. — Mietek, Apr 17 '23 at 20:40
In arch the tor-browser works with firejail but firefox does not. As tor-browser is based one firefox-esr version, I think firefox-esr probably would work with firejail. Another point of work could be to copy the profile of tor-browser and modify it to be the firefox profile. Try it. — somenxavier, May 26 '23 at 09:33
@flapjack Confirmed: firefox-esr works in archlinux while firefox does not: `firejail --env=LD_PRELOAD='/usr/lib/libhardened_malloc.so' --net=wlan0 --seccomp firefox-esr` — somenxavier, May 26 '23 at 14:25

score 1 · Answer 1 · answered Oct 19 '22 at 14:27

1

The default version of Firefox in Ubuntu is installed using the snap technology. This already runs Firefox in a sand box. Therefore, there is no need for you to run that version in Firejail. Like you experience, you actually can not.

answered Oct 19 '22 at 14:27

vanadium

82,909
6
116
186

Ah, I did not realize it was already running in a sandbox. Thank you for your help! – flapjack Oct 23 '22 at 03:15

How to run Firefox in Firejail?

1 Answers1