Firejail: Can't killall firejailed chromium

Created on 15 Jul 2017 · 12Comments · Source: netblue30/firejail

I've executed chromium like firejail chromium and now i can't kill it with killall -9 chromium even as root, says chromium: no process found. Without firejail it works just ok. While pkill -9 chromium seems to work.

enhancement information

Source

Harvie

Most helpful comment

So, basically they added namespace support to killall. I'll add it to FAQ, thanks.

netblue30 on 19 Jul 2017

👍2

All 12 comments

In a terminal start chromium: "firejail chromium".

In a different terminal, do a "firejail --tree". What does it say? If "firejail --tree" finds it, killall should also find it.

netblue30 on 16 Jul 2017

The output is rather long, but it correctly litsts all chromium processes from any terminal i've tried. Also ps aux shows it. But it still can't be killed using killall.

it's latest archlinux:

firejail version 0.9.48

Compile time support:
    - AppArmor support is disabled
    - AppImage support is enabled
    - bind support is enabled
    - chroot support is enabled
    - file and directory whitelisting support is enabled
    - file transfer support is enabled
    - git install support is disabled
    - networking support is enabled
    - overlayfs support is enabled
    - private-home support is enabled
    - seccomp-bpf support is enabled
    - user namespace support is enabled
    - X11 sandboxing support is enabled

Harvie on 16 Jul 2017

tested on Debian stable, it seems to be working. It could be a problem with the newer killall you have on Arch. Run a "killall --version", over here I have 22.21

netblue30 on 17 Jul 2017

killall (PSmisc) 23.1
Copyright (C) 1993-2017 Werner Almesberger and Craig Small

PSmisc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under
the terms of the GNU General Public License.
For more information about these matters, see the files named COPYING.

maybe it's some protection that prevents killall from killing processes in LXC containers when managing host machine.

Harvie on 17 Jul 2017

Ha! It works when using killall --ns 0.

       -n, --ns
              Match against the PID namespace of the given PID. Use 0 to match against all namespaces.
              The default is to  match  against the current PID namespace.

Can you please put this in firejail faq or somewhere?

Harvie on 17 Jul 2017

So, basically they added namespace support to killall. I'll add it to FAQ, thanks.

netblue30 on 19 Jul 2017

👍2

@netblue30 Where do you want to put this info?

chiraag-nataraj on 20 May 2019

@netblue30 Reminder to put #1385 into FAQ.

matu3ba on 22 Jun 2019

@matu3ba Or, we can put it in the Wiki! Actually, we could transition the FAQ to the Wiki, if that's okay with @netblue30? That way, the maintenance burden isn't just on one person :)

chiraag-nataraj on 22 Jun 2019

@chiraag-nataraj Sure. Could you ask netblue30 to give me Collaborator Access?
Closing and (nicely) tagging issues would be much easier.

matu3ba on 22 Jun 2019

@matu3ba I believe the wiki is open for all to edit? But please follow the directions on the home page of the wiki for adding new pages and we can take it from there :slightly_smiling_face:

chiraag-nataraj on 22 Jun 2019

👍1

Refined in #2792. Will be closed after finishing.

matu3ba on 22 Jun 2019

Was this page helpful?

0 / 5 - 0 ratings