#1010569 firejail: with the firefox profile, /etc/resolv.conf is not updated, making DNS resolution fail

Package:
firejail
Source:
firejail
Description:
sandbox to restrict the application environment
Submitter:
Vincent Lefevre
Date:
2026-01-10 11:40:05 UTC
Severity:
important
Tags:
#1010569#5
Date:
2022-05-04 15:00:38 UTC
From:
To:
I spent some time figuring why I could not connect to the SNCF
wifi portal, and then, after connecting with another web browser,
getting DNS failures. After looking at /etc/resolv.conf by joining
the sandbox with a shell, I could see that it had not been updated
after the switch to a different wifi network.

Note: With my config, I had no issues when switching to the wifi
hotspot of my phone, only with the SNCF wifi, probably because it
filters UDP (making unbound unusable).

In addition to DNS failures, this could be a security issue in case
the IP address of the DNS server was a local one, so that this IP
address could become the one of some random user on the new network.
#1010569#10
Date:
2022-05-04 15:11:27 UTC
From:
To:
According to the upstream bug, the bug was introduced in July 2021,
which explains why I did not have such issues in the past.
#1010569#15
Date:
2025-06-02 14:15:57 UTC
From:
To:
This issue has been resolved upstream more than two years ago, but
resurfaced with 0.9.74-1 when private-etc was enabled, which (per
documentation) copies over some of /etc at startup, leading to the very
same bug that changes to resolv.conf are not propagated.
#1010569#20
Date:
2025-06-03 22:52:49 UTC
From:
To:
Control: found -1 0.9.74-1

I've just tested, and I can confirm that the issue is present
in 0.9.74-1.
#1010569#27
Date:
2025-09-12 11:11:49 UTC
From:
To:
Control: forwarded -1 https://github.com/netblue30/firejail/issues/3649
Control: affects -1 firefox
Control: retitle -1 firejail: private-etc=resolv.conf does not update /etc/resolv.conf, making DNS resolution fail, e.g. with the firefox profile

A workaround might be to use the --dns option with either a public
DNS resolver such as 8.8.8.8 or 127.0.0.1 after installing a local
(caching) DNS resolver.
#1010569#38
Date:
2026-01-10 10:08:19 UTC
From:
To:
Es gibt eine Familienspende in Höhe von 1.850.000,00 USD von Cheng Charlie
Saephan. Bitte antworten Sie für weitere Informationen. Denken Sie daran,
Ihrer Familie und den Bedürftigen in Ihrer Umgebung Gutes zu tun.

Dies ist bereits der zweite Versuch, Sie zu erreichen. Bitte antworten Sie
für weitere Details.
#1010569#43
Date:
2026-01-10 10:08:19 UTC
From:
To:
Es gibt eine Familienspende in Höhe von 1.850.000,00 USD von Cheng Charlie
Saephan. Bitte antworten Sie für weitere Informationen. Denken Sie daran,
Ihrer Familie und den Bedürftigen in Ihrer Umgebung Gutes zu tun.

Dies ist bereits der zweite Versuch, Sie zu erreichen. Bitte antworten Sie
für weitere Details.