Based on some interactions I've had with chaps elsewhere
@reinerh Can we publish a patch for 0.9.52 with the changes in etc-fixes/ or updated the version in Ubuntu 18.04 to 0.9.54?
IIRC firefox 60 shipped just about the same time as firejail 0.9.52. Since they added in a seccomp sandbox, our firefox profile didn't work with firefox 60 or higher, which we patched shortly after the release of firejail 0.9.52.
Users of Ubuntu 18.04 and any distros based on it (like the upcoming Linux Mint 19) can't apt install firejail and then sandbox firefox. Instead, they either have to manually install our 0.9.54 release or come here, download the corrected profile, and then create ~/.config/firejail/firefox.profile or edit /etc/firejail/firefox.profile directly. From what I'm hearing, a lot of folks aren't doing this and are instead giving up on firejailing firefox -- and to be fair, they should be able to use the version in the repos.
Gedit and libreoffice are broken in 0.9.52 as well, so three much-used programmes can't easily be sandboxed. Simply using the patched profiles in etc-fixes/ and publishing the patch would be enough to fix this. Alternatively 0.9.54 could be pushed to the repos, but that might be a bit more involved (I'm not sure).
Either way, could we get this fixed so that everyone using Ubuntu 18.04 and derivatives can easily integrate firejail?
Thanks!
Fred
Fred-Barclay
All 5 comments
AFAIK it's hard to update package in Ubuntu repos not supported by Canonical (not in main). Perhaps creating PPA would be easier to do.
Vincent43
on 1 Jul 2018
@Vincent43 Maybe. The usual PPA doesn't have packages for Ubuntu 18.04 yet though (as far as I can see. There is a 0.9.54-1~0ubuntu18.04.0 version but it's tagged for artful, not bionic.)
Fred-Barclay
on 2 Jul 2018
There is a 0.9.54-1~0ubuntu18.04.0 version but it's tagged for artful, not bionic.
Oops, looks like I confused the Ubuntu release names... I definitely intended to make it available for the LTS release (18.04, bionic). I'll upload one for 18.04 in a few minutes...
A bugfix release for .52 would also be good to get it into the official repos.
Updating to .54 would add a lot features (and regressions), not only security- or bugfixes. That makes it hard to update it.
But if we add really only minimal changes to .52 for fixing important bugs that should be possible.
reinerh
on 8 Jul 2018
Just gave it try, I was debugging something different, and the Firefox profile looks still broken in 18.04 bionic due to seccomp and tracelog. Libreoffice similar.
I would agree with @Fred-Barclay that this could be a showstopper for less experienced users of Ubuntu or Mint. Would it be an option to take etc-fixes and do a 0.9.52 bugfix release, as suggested by @Fred-Barclay?
Maybe we could also port the changes in the Tor browser profiles (736216cacfe6a818b1ea0255f474089a8fa2f394, defb5a48918c9fda82ac9bcf5c8a301e5f60da23, 908736fce96da4c35697bb49d7039c1ee804668a, other ones?)
smitsohu
on 9 Dec 2018
Any progress on these ideas?
rusty-snake
on 26 Jun 2019
Related issues
semente
路
4Comments
Fincer
路
4Comments
bryce-lynch
路
4Comments
dandelionred
路
3Comments
Vincent43
路
3Comments
Most helpful comment
Just gave it try, I was debugging something different, and the Firefox profile looks still broken in 18.04 bionic due to
seccompandtracelog. Libreoffice similar.I would agree with @Fred-Barclay that this could be a showstopper for less experienced users of Ubuntu or Mint. Would it be an option to take etc-fixes and do a 0.9.52 bugfix release, as suggested by @Fred-Barclay?
Maybe we could also port the changes in the Tor browser profiles (736216cacfe6a818b1ea0255f474089a8fa2f394, defb5a48918c9fda82ac9bcf5c8a301e5f60da23, 908736fce96da4c35697bb49d7039c1ee804668a, other ones?)