Firejail: Just updating firejail on Fedora 28

Created on 13 Jul 2018  路  4Comments  路  Source: netblue30/firejail

I updated from Fedora 27 to 28 using Gnome Software. To avoid Firefox issues I pulled the latest firejail from git.

$ git pull
$ git clean -xdf
$ ./configure
$ make -j
$ sudo make install
$ sudo firecfg --clean
$ sudo firecfg
$ firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 13352, child pid 13353
Blacklist violations are logged to syslog

Firefox did not work. According to journalctl it crashed at chroot. But that is impossible, #1939 fixed that ages ago.

To my surprise I found /etc/firejail dir with rather old files. Well, I thought those files are in /usr/local/etc/firejail.

$ sudo rm -rf /etc/firejail
$ sudo make install
$ sudo firecfg
$ firefox
Error: Firejail configuration file /etc/firejail/firejail.config not found

No problem, just copy the profiles in the repo to /etc.

$ sudo mkdir /etc/firejail
$ sudo cp etc/* /etc/firejail/
$ firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Error: line 31 in /etc/firejail/firefox-common.profile is invalid

That happens to be nodbus line. I commented that out. And Firefox works.

picture derba

Most helpful comment

You probably still have a mix of files, you might want to 

sudo make uninstall
sudo dnf remove firejail
sudo rm -rf /etc/firejail /run/firejail /usr/bin/{firejail,firemon,firecfg} /usr/lib/firejail

and then to reinstall, use the following instead of make install

./configure
make rpms
sudo dnf install firejail-0.9.55-1.x86_64.rpm
sudo firecfg
picture SkewedZeppelin on 15 Jul 2018
👍2

All 4 comments

You probably still have a mix of files, you might want to 

sudo make uninstall
sudo dnf remove firejail
sudo rm -rf /etc/firejail /run/firejail /usr/bin/{firejail,firemon,firecfg} /usr/lib/firejail

and then to reinstall, use the following instead of make install

./configure
make rpms
sudo dnf install firejail-0.9.55-1.x86_64.rpm
sudo firecfg
SkewedZeppelin picture SkewedZeppelin on 15 Jul 2018
👍2

Yes, I realized that I must have 2 firejail versions, as the nodbus issue could not occur otherwise. One firejail remained from an installed rpm.

$ ls -l `which firefox`
lrwxrwxrwx. 1 root root 17 Jun 21 09:43 /usr/local/bin/firefox -> /usr/bin/firejail

While the new firejail is at /usr/local/bin/firejail.

Thank you. I removed the old one. It was strange that firecfg --clean could not remove old symlinks.

derba picture derba on 16 Jul 2018

Thank you. I removed the old one. It was strange that firecfg --clean could not remove old symlinks.

I presume this might be because it was running the _new_ firecfg on the symlinks created by the _old_ firecfg. If you had run sudo /usr/bin/firecfg --clean, it might have had the desired effect? Maybe? I'm just guessing here...

chiraag-nataraj picture chiraag-nataraj on 16 Jul 2018

That is my assumption, too. But I cannot try that, as I removed the files "my way".

derba picture derba on 16 Jul 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

semente picture semente  路  4Comments
kmotoko picture kmotoko  路  3Comments
Fincer picture Fincer  路  4Comments
polyzen picture polyzen  路  4Comments
yourcelf picture yourcelf  路  4Comments