OS: Arch Linux
Firejail Version: firejail-git
wire-desktop doesn't work with its own profile, however it does work with --noprofile and electron.profile.
currently working on figuring out the problem but I don't have much experience with troubleshooting firejail profiles.
veloute
All 19 comments
Commenting out "private-etc fonts,machine-id" seems to fix the problem.
veloute
on 22 Jul 2018
G'day @veloute ! Can you add the changes in 5be0b98a7540a1c7b5f1c251546df290fc9c2e2a to the private-etc line and see if that works?
Cheers!
Fred
Fred-Barclay
on 22 Jul 2018
Works perfectly.
Thanks!
veloute
on 22 Jul 2018
I'm running wire-desktop on manjaro (kde) & unable to firejail it. here is the output-
`Reading profile /etc/firejail/wire-desktop.profile
Reading profile /etc/firejail/wire-desktop.local
Reading profile /etc/firejail/globals.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 6262, child pid 6263
Warning: skipping pki for private /etc
Warning: skipping crypto-policies for private /etc
Private /etc installed in 15.58 ms
1 program installed in 0.70 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 121.59 ms
Parent is shutting down, bye...
`
What should I do?
Neo00001
on 26 Feb 2019
have you tried running firejail with the --debug flag to get more helpful output?
veloute
on 26 Feb 2019
@Neo00001 Have you tried --noprofile? What is the content of /etc/firejail/globals.local?
rusty-snake
on 26 Feb 2019
@Neo00001 Have you tried
--noprofile? What is the conent of/etc/firejail/globals.local?
--noprofile does work. & in globals.local- apparmor, net none
Neo00001
on 26 Feb 2019
@Neo00001 net none is why, remove it from your globals.local
or add ignore net none to ~/.config/firejail/wire-desktop.local
SkewedZeppelin
on 26 Feb 2019
or add
ignore net noneto ~/.config/firejail/wire-desktop.local
ignore net is included in wire-desktop.local.
Neo00001
on 26 Feb 2019
ignore net or ignore net none?
SkewedZeppelin
on 26 Feb 2019
ignore netorignore net none?
ignore net
Neo00001
on 26 Feb 2019
with --debug flag output is-
https://gist.github.com/Neo00001/1a07976b68396ace36fd749e840af1ba
Neo00001
on 26 Feb 2019
@Neo00001 what else is in wire-desktop.local?
rusty-snake
on 26 Feb 2019
@Neo00001 what else is in wire-desktop.local?
nothing else.
& in wire-desktop.profile - https://gist.github.com/Neo00001/5d5d207b3dc7a93edded4b379208e3b6
Neo00001
on 26 Feb 2019
@Neo00001 it has to be ignore net none, ignore net will not work
SkewedZeppelin
on 26 Feb 2019
@Neo00001 it has to be
ignore net none,ignore netwill not work
Done.still not working. only --noprofile is working.
Neo00001
on 26 Feb 2019
I'm having the same issue as @Neo00001, with no wire-desktop.local file. On Arch Linux with the latest firejail release. globals.local only has apparmor set.
njfox
on 6 Mar 2019
Commenting out private-bin wire-desktop allows the application to launch under firejail. Do you think this has something to do with how Wire is now packaged with a launcher script in the Arch community repo?
$ cat /usr/bin/wire-desktop
#!/usr/bin/env sh
electron "/usr/lib/wire-desktop" "$@"
I'm wondering if there are other binaries/paths we need to add to allow Wire to launch in Arch.
njfox
on 7 Mar 2019
2dbbb92 seems to have fixed it, thanks!
njfox
on 7 Mar 2019
Related issues
reinerh
路
3Comments
HulaHoopWhonix
路
4Comments
crass
路
3Comments
polyzen
路
4Comments
ghost
路
3Comments
Most helpful comment
Commenting out
private-bin wire-desktopallows the application to launch under firejail. Do you think this has something to do with how Wire is now packaged with a launcher script in the Arch community repo?I'm wondering if there are other binaries/paths we need to add to allow Wire to launch in Arch.