Firejail doesn't work after recent update
After the update to recent version (0.9.64rc1-2), this error throws up:
$ firejail iceweasel
Reading profile /etc/firejail/iceweasel.profile
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
DBus user socket was not found.
$ No proxies specified
Updated firejail works fine here. Need more info
Which Flavour of Parabola are you using?
On What type of a machine?
Are you using "iceweasel-hardened-preferences" or any other enhancements?
Did you create a custom iceweasel.profile in the spast that may now be stale?
The line "No Proxies Specified" is interesting as I do not get any mention of a proxy while running: firejail iceweasel
Can you post the output of:
firejail --debug iceweasel
Updated by infinite_recursion 9 months ago
I use OpenRC Parabola, linux-libre-hardened, x86_64 . I use the default settings, haven't tampered iceweasel at all. My transmission-qt also doesn't work after fsck cleanup a couple of days earlier.
$ firejail --debug iceweasel Autoselecting /bin/bash as shell Building quoted command line: 'iceweasel' Command name #iceweasel# Found iceweasel.profile profile in /etc/firejail directory Reading profile /etc/firejail/iceweasel.profile Found firefox.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox.profile Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found firefox-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, DISPLAY=:0 parsed as 0 DBus user socket was not found. starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=8 --args=9 Dropping all capabilities Drop privileges: pid 10730, uid 1000, gid 1000, nogroups 1 No supplementary groups $ No proxies specified
Firstly that debug output is suspiciously short. Mine ran to pages.
Secondly are you sure it's not a broswer issue?
firejail --profile=/etc/firejail/iceweasel.profile bash
if that drops you into a bash prompt with no errors ( you can check you are in the jail by issuing the ls command to check that only Downloads is left)
then try launching iceweasel from there with just the command: iceweasel as you are already in a jail.
Also should the title of this be: "Things broken after fsck disk recovery"
When you talk of Transmission-qt are you saying that it doesn't work. or that there is a similar firejail failure with that program too?
Updated by infinite_recursion 9 months ago
Yes, it's very strange. VLC opens up with firejail but crashes on clicking "Open File". Iceweasel and Transmission don't start at all with firejail. Transmission-qt doesn't work currently even normally for me but iceweasel does. The above command gave me exactly the same error as in description above.
Yes, seems so that's a better title. I've requested better closing of files earlier for all type of system shutdowns or crashes in parabola.
Also, can you suggest how to find which packages have been tampered and clean the corrupted package after fsck. If I can do that, then I'll clear pacman cache and reinstall those packages. Direct reinstall doesn't seem to solve it for me.
I've been doing some digging on this and hitting a few firejail snags myself. It seems the latest release change several .profiles and also changed some of the default assumptions.
For example in my case mpv no longer plays local files. Looking into it it seems $HOME is no longer whitelisted in the profie.
Too soon for me to tell if this raises to the level of Bug. From what I'm reading so far and have seen in my own use cases it much more a case of deliberately changed behaviour. Which would be "Not-a-Bug" but having links to the changes and how to work with them might be a good addition to this BR.