Firejail: Firefox 62.0.3 doesn't close properly

Created on 15 Oct 2018 · 9Comments · Source: netblue30/firejail

Hello! Having troubles with default Firejail profile for Firefox - sometimes the browser can't close and stop all procecces. After a minute or two I've got a crash report. I'm using Firejail 0.9.52 and Ubuntu 18.04 LXDE LTS. Tracelog is commented. And sometimes tabs in FF open blank, and they don't work, but opening another tab can create a normal one. That's what I see in terminal:

Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: a protocol list is present, the new list "unix,inet,inet6,netlink" will not be installed
Parent pid 1642, child pid 1643
Warning cannot create symbolic link /var/run
Blacklist violations are logged to syslog
Post-exec seccomp protector enabled
Warning fseccomp: syscall "ni_syscall" not available on this platform
Warning fseccomp: syscall "umount" not available on this platform
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 90.42 ms

###!!! [Parent][DispatchAsyncMessage] Error: PClientSourceOp::Msg___delete__ Route error: message sent to unknown actor ID

[Child 326, MediaPlayback #3] WARNING: Decoder=7f06eb87bb60 Decode error: NS_ERROR_DOM_MEDIA_FATAL_ERR (0x806e0005) - RefPtr<mozilla::MozPromise<RefPtr<mozilla::MediaTrackDemuxer::SamplesHolder>, mozilla::MediaResult, true> > mozilla::MediaSourceTrackDemuxer::DoGetSamples(int32_t): manager is detached.: file /build/firefox-oscv9o/firefox-61.0.1+build1/dom/media/MediaDecoderStateMachine.cpp, line 3411
[Child 326, MediaPlayback #3] WARNING: Decoder=7f06eb87bb60 Decode error: NS_ERROR_DOM_MEDIA_FATAL_ERR (0x806e0005) - RefPtr<mozilla::MozPromise<RefPtr<mozilla::MediaTrackDemuxer::SamplesHolder>, mozilla::MediaResult, true> > mozilla::MediaSourceTrackDemuxer::DoGetSamples(int32_t): manager is detached.: file /build/firefox-oscv9o/firefox-61.0.1+build1/dom/media/MediaDecoderStateMachine.cpp, line 3411
[Child 326, MediaPlayback #2] WARNING: Decoder=7f06eb87bb60 Decode error: NS_ERROR_DOM_MEDIA_FATAL_ERR (0x806e0005) - RefPtr<mozilla::MozPromise<RefPtr<mozilla::MediaTrackDemuxer::SamplesHolder>, mozilla::MediaResult, true> > mozilla::MediaSourceTrackDemuxer::DoGetSamples(int32_t): manager is detached.: file /build/firefox-oscv9o/firefox-61.0.1+build1/dom/media/MediaDecoderStateMachine.cpp, line 3411
[Child 326, MediaPlayback #1] WARNING: Decoder=7f06eb87bb60 Decode error: NS_ERROR_DOM_MEDIA_FATAL_ERR (0x806e0005) - RefPtr<mozilla::MozPromise<RefPtr<mozilla::MediaTrackDemuxer::SamplesHolder>, mozilla::MediaResult, true> > mozilla::MediaSourceTrackDemuxer::DoGetSamples(int32_t): manager is detached.: file /build/firefox-oscv9o/firefox-61.0.1+build1/dom/media/MediaDecoderStateMachine.cpp, line 3411
[Parent 8, Gecko_IOThread] WARNING: pipe error (93): Соединение разорвано другой стороной: file /build/firefox-oscv9o/firefox-61.0.1+build1/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 353
ExceptionHandler::GenerateDump cloned child 389
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...
[Parent 8, Main Thread] ###!!! ABORT: file /build/firefox-oscv9o/firefox-61.0.1+build1/ipc/glue/CrashReporterHost.cpp, line 189
[Parent 8, Main Thread] ###!!! ABORT: file /build/firefox-oscv9o/firefox-61.0.1+build1/ipc/glue/CrashReporterHost.cpp, line 189
ExceptionHandler::GenerateDump cloned child 393
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...

I can still see the browser in the tree.

user@ubuntu:~$ firejail --tree
1642:user:firejail firefox 
  1643:user:firejail firefox 
    1906:user:/usr/lib/firefox/firefox 
5285:user:firejail --tree 
16856:user:firejail firefox 
  16857:user:firejail firefox 
   17347:user:/usr/lib/firefox/firefox

Details of crash report:

AbortMessage: ###!!! ABORT: file /build/firefox-oscv9o/firefox-61.0.1+build1/ipc/glue/CrashReporterHost.cpp, line 189
Add-ons: activity-stream%40mozilla.org:2018.06.29.1026-fa231556,aushelper%40mozilla.org:2.0,firefox%40getpocket.com:1.0.5,followonsearch%40mozilla.com:0.9.7,formautofill%40mozilla.org:1.0,onboarding%40mozilla.org:1.0,screenshots%40mozilla.org:32.1.0,webcompat-reporter%40mozilla.org:1.0.0,webcompat%40mozilla.org:2.0,langpack-ru%40firefox.mozilla.org:61.0
AsyncShutdownTimeout: {"phase":"profile-before-change","conditions":[{"name":"Crash Reporter: blocking on minidumpgeneration.","state":"(none)","filename":"/build/firefox-oscv9o/firefox-61.0.1+build1/ipc/glue/CrashReporterHost.cpp","lineNumber":189,"stack":"Minidump generation"}]}
BuildID: 20180704192850
ContentSandboxCapabilities: 119
ContentSandboxCapable: 1
ContentSandboxLevel: 4
CrashTime: 1539615414
DOMIPCEnabled: 1
FramePoisonBase: 9223372036600930304
FramePoisonSize: 4096
InstallTime: 1538834697
MozCrashReason: MOZ_CRASH()
Notes: Ubuntu 18.04.1 LTSFP(D00-L1000-W00000000-T000) OpenGL: Intel Open Source Technology Center -- Mesa DRI Intel(R) HD Graphics 530 (Skylake GT2)  -- 3.0 Mesa 18.0.5 -- texture_from_pixmap
WR? WR- OMTP? OMTP- xpcom_runtime_abort(###!!! ABORT: file /build/firefox-oscv9o/firefox-61.0.1+build1/ipc/glue/CrashReporterHost.cpp, line 189)
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SafeMode: 0
SecondsSinceLastCrash: 6739
ShutdownProgress: profile-before-change
StartupCrash: 0
StartupTime: 1539615248
TelemetryEnvironment: {"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20180704192850","version":"61.0.1","vendor":"Mozilla","displayVersion":"61.0.1","platformVersion":"61.0.1","xpcomAbi":"x86_64-gcc3","updaterAvailable":false},"partner":{"distributionId":"canonical","distributionVersion":"1.0","partnerId":"ubuntu","distributor":"canonical","distributorChannel":"ubuntu","partnerNames":["ubuntu"]},"system":{"memoryMB":7647,"virtualMaxMB":null,"cpu":{"count":4,"cores":4,"vendor":"GenuineIntel","family":6,"model":94,"stepping":3,"l2cacheKB":256,"l3cacheKB":6144,"speedMHz":3300,"extensions":["hasMMX","hasSSE","hasSSE2","hasSSE3","hasSSSE3","hasSSE4_1","hasSSE4_2","hasAVX","hasAVX2","hasAES"]},"os":{"name":"Linux","version":"4.13.0-custom1","locale":"ru-RU"},"hdd":{"profile":{"model":null,"revision":null},"binary":{"model":null,"revision":null},"system":{"model":null,"revision":null}},"gfx":{"D2DEnabled":null,"DWriteEnabled":null,"ContentBackend":"Skia","adapters":[{"description":"Intel Open Source Technology Center -- Mesa DRI Intel(R) HD Graphics 530 (Skylake GT2) ","vendorID":"Intel Open Source Technology Center","deviceID":"Mesa DRI Intel(R) HD Graphics 530 (Skylake GT2) ","subsysID":null,"RAM":null,"driver":null,"driverVersion":"3.0 Mesa 18.0.5","driverDate":null,"GPUActive":true}],"monitors":[],"features":{"compositor":"basic","gpuProcess":{"status":"unused"}}},"appleModelId":null},"settings":{"blocklistEnabled":true,"e10sEnabled":true,"e10sMultiProcesses":4,"telemetryEnabled":false,"locale":"und","update":{"channel":"release","enabled":false,"autoDownload":true},"userPrefs":{"browser.cache.disk.capacity":358400,"browser.search.region":"RU","browser.search.widget.inNavBar":false},"sandbox":{"effectiveContentProcessLevel":4},"addonCompatibilityCheckEnabled":true,"isDefaultBrowser":true},"profile":{"creationDate":17810},"addons":{"activeAddons":{"[email protected]":{"version":"2018.06.29.1026-fa231556","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":"A rich visual history feed and a reimagined home page make it easier than ever to find exactly what ","name":"Activity Stream","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"2.0","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":"Sets value(s) in the update url based on custom checks.","name":"Application Update Service Helper","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"1.0.5","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":"When you find something you want to view later, put it in Pocket.","name":"Pocket","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"0.9.7","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":null,"name":"Follow-on Search Telemetry","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"1.0","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":"Autofill forms with saved profiles","name":"Form Autofill","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"1.0","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":"Photon onboarding","name":"Photon onboarding","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"32.1.0","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":null,"name":"Firefox Screenshots","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"1.0.0","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":"Report site compatibility issues on webcompat.com.","name":"WebCompat Reporter","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716},"[email protected]":{"version":"2.0","scope":1,"type":"extension","updateDay":17716,"isSystem":true,"isWebExtension":false,"multiprocessCompatible":true,"blocklisted":false,"description":"Urgent post-release fixes for web compatibility.","name":"Web Compat","userDisabled":false,"appDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"installDay":17716}},"theme":{"id":"[email protected]","blocklisted":false,"description":"The default theme.","name":"Default","userDisabled":false,"appDisabled":false,"version":"","scope":1,"foreignInstall":false,"hasBinaryComponents":false,"installDay":0,"updateDay":0},"activePlugins":[{"name":"dummy","version":"0.1","description":"Blocklist unavailable","blocklisted":false,"disabled":true,"clicktoplay":false,"mimeTypes":["text/there.is.only.blocklist"],"updateDay":17819}],"activeGMPlugins":{"dummy-gmp":{"version":"0.1","userDisabled":false,"applyBackgroundUpdates":1}},"persona":"[email protected]"},"experiments":{"rollout-rdl":{"branch":"active","type":"normandy-prefrollout"},"rollout-release-61-tls-fallback-1-3":{"branch":"active","type":"normandy-prefrollout"}}}
ThreadIdNameMapping: 13:"Gecko_IOThread",14:"Timer",15:"Link Monitor",17:"JS Watchdog",25:"Hang Monitor",30:"Cache2 I/O",31:"Cookie",33:"GMPThread",34:"SoftwareVsyncThread",35:"Compositor",36:"VRListener",37:"ImgDecoder #1",38:"ImageIO",43:"IPDL Background",44:"LoadRoots",47:"SysProxySetting",55:"HTML5 Parser",66:"DOM Worker",75:"ImageBridgeChild",77:"ProcessHangMon",104:"SaveScripts",105:"Cache I/O",107:"DOM Worker",109:"localStorage DB",110:"QuotaManager IO",143:"DOM Worker",176:"mozStorage #5",228:"ImgDecoder #2",229:"ImgDecoder #3",381:"Shutdown Hang Terminator",390:"Minidump Writer",392:"ProxyResolution",
Throttleable: 1
URL: https://www.youtube.com/watch?v=fYLzdkLgU3M
UptimeTS: 165.12795649
Vendor: Mozilla
Version: 61.0.1
useragent_locale: und

This report also contains technical information about the state of the application when it crashed.

What am I doing wrong?

Source

Iggy-J

Most helpful comment

You may try latest firejail release from PPA: https://launchpad.net/~deki/+archive/ubuntu/firejail

sudo add-apt-repository ppa:deki/firejail
sudo apt-get update

It's owned by @reinerh who is our collaborator and maintainer of firejail package in Ubuntu/Debian so it should be safe.

If above doesn't help then this may also be caused by apparmor which is by default enabled on Ubuntu. Please post output of:
journalctl -r |grep DENIED

Vincent43 on 15 Oct 2018

👍4

All 9 comments

You may try latest firejail release from PPA: https://launchpad.net/~deki/+archive/ubuntu/firejail

sudo add-apt-repository ppa:deki/firejail
sudo apt-get update

It's owned by @reinerh who is our collaborator and maintainer of firejail package in Ubuntu/Debian so it should be safe.

If above doesn't help then this may also be caused by apparmor which is by default enabled on Ubuntu. Please post output of:
journalctl -r |grep DENIED

Vincent43 on 15 Oct 2018

👍4

Thanks, I've tried the latest version, but in doesn't help. Apparmor is not the reason, because i have SELinux, but wait! I run the entire system in permissive mode, and SELinux is not the matter, I suppose. Yes, I've made it work with 18.04 and made a policy for Firejail, it's far from perfect, but it works, if I switch to the enforcing mode. There are many denial messages from SELinux, but I can show you the audit.log, all of them ended with granting access in permissive mode. I wouldn't waste your time in other case. The blank tabs appear only if I open many of them at the same time, one by one, and browse nothing in all of them. If i open the tab, than open any site in it, and after that open one more tab - it will be a "healthy" one. It's weird. Please, help me with ideas.

 Logs begin at Sat 2018-10-06 16:16:27 MSK, end at Tue 2018-10-16 19:17:05 MSK. --
окт 16 19:17:05 ubuntu kernel: Chrome_~dThread[22015]: segfault at 0 ip 00007fe2a0650fdd sp 00007fe29eaabb00 error 6 in libxul.so[7fe29f971000+5f99000]
окт 16 19:17:05 ubuntu audit[22008]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=8 subj=unconfined_u:unconfined_r:firejail_t:s0 pid=22008 comm="Chrome_~dThread" exe="/usr/lib/firefox/firefox" sig=11 res=1
окт 16 19:17:05 ubuntu audit[23370]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=8 subj=unconfined_u:unconfined_r:firejail_t:s0 pid=23370 comm="firefox" exe="/usr/lib/firefox/firefox" sig=31 res=1
окт 16 19:17:05 ubuntu audit[23370]: SECCOMP auid=1000 uid=1000 gid=1000 ses=8 subj=unconfined_u:unconfined_r:firejail_t:s0 pid=23370 comm="firefox" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=101 compat=0 ip=0x7f7c0e28dbe
окт 16 19:17:05 ubuntu audit: PROCTITLE proctitle=2F62696E2F7368002F7573722F62696E2F66697265666F78
окт 16 19:17:05 ubuntu audit[21944]: SYSCALL arch=c000003e syscall=87 success=yes exit=0 a0=7f7c08f094c0 a1=7f7c1b9144a0 a2=75 a3=a items=0 ppid=21935 pid=21944 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=100
окт 16 19:17:05 ubuntu audit[21944]: AVC avc:  denied  { unlink } for  pid=21944 comm="firefox" name="lock" dev="sda1" ino=19664850 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:object_r:mozilla_home_t:s0 tclass=l
окт 16 19:17:01 ubuntu audit[23315]: USER_END pid=23315 uid=0 auid=0 ses=11 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
окт 16 19:17:01 ubuntu CRON[23315]: pam_unix(cron:session): session closed for user root
окт 16 19:17:01 ubuntu audit[23315]: CRED_DISP pid=23315 uid=0 auid=0 ses=11 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
окт 16 19:17:01 ubuntu CRON[23327]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
окт 16 19:17:01 ubuntu CRON[23315]: pam_unix(cron:session): session opened for user root by (uid=0)
окт 16 19:17:01 ubuntu audit[23315]: USER_START pid=23315 uid=0 auid=0 ses=11 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
окт 16 19:17:01 ubuntu audit[23315]: CRED_ACQ pid=23315 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
окт 16 19:17:01 ubuntu audit[23315]: USER_ACCT pid=23315 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=succes
окт 16 19:16:01 ubuntu audit[21944]: SECCOMP auid=1000 uid=1000 gid=1000 ses=8 subj=unconfined_u:unconfined_r:firejail_t:s0 pid=21944 comm=4D696E6964756D7020577269746572 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=101 comp
окт 16 19:16:01 ubuntu audit[22372]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=8 subj=unconfined_u:unconfined_r:firejail_t:s0 pid=22372 comm="firefox" exe="/usr/lib/firefox/firefox" sig=31 res=1
окт 16 19:16:01 ubuntu audit[22372]: SECCOMP auid=1000 uid=1000 gid=1000 ses=8 subj=unconfined_u:unconfined_r:firejail_t:s0 pid=22372 comm="firefox" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=101 compat=0 ip=0x7f7c0e28dbe
окт 16 19:15:52 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:52 ubuntu audit[21944]: SYSCALL arch=c000003e syscall=257 success=yes exit=115 a0=ffffff9c a1=7f7bed598280 a2=641 a3=180 items=0 ppid=21935 pid=21944 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1
окт 16 19:15:52 ubuntu audit[21944]: AVC avc:  denied  { append } for  pid=21944 comm=444F4D20576F726B6572 path="/home/user/.mozilla/firefox/3hczw0ph.default/sessionstore-backups/recovery.jsonlz4.tmp" dev="sda1" ino=19668849 scontext=unco
окт 16 19:15:52 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:52 ubuntu audit[21944]: SYSCALL arch=c000003e syscall=82 success=yes exit=0 a0=7f7be55fdc90 a1=7f7bed598160 a2=fff9800000000000 a3=7f7be52faeb0 items=0 ppid=21935 pid=21944 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsui
окт 16 19:15:52 ubuntu audit[21944]: AVC avc:  denied  { rename } for  pid=21944 comm=444F4D20576F726B6572 name="sessionstore.jsonlz4" dev="sda1" ino=19665299 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:object_r
окт 16 19:15:51 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:51 ubuntu audit[21944]: SYSCALL arch=c000003e syscall=87 success=yes exit=0 a0=7f7bdece53e0 a1=7f7bdece544f a2=c6013320 a3=0 items=0 ppid=21935 pid=21944 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sg
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { unlink } for  pid=21944 comm=51756F74614D616E6167657220494F name="3312185054sbndi_pspte.sqlite-shm" dev="sda1" ino=19668780 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { remove_name } for  pid=21944 comm=51756F74614D616E6167657220494F name="3312185054sbndi_pspte.sqlite-shm" dev="sda1" ino=19668780 scontext=unconfined_u:unconfined_r:firejail_t:s0 tco
окт 16 19:15:51 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:51 ubuntu audit[21944]: SYSCALL arch=c000003e syscall=9 success=yes exit=140170530775040 a0=0 a1=8000 a2=3 a3=1 items=0 ppid=21935 pid=21944 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { map } for  pid=21944 comm=51756F74614D616E6167657220494F path="/home/user/.mozilla/firefox/3hczw0ph.default/storage/default/about+newtab/idb/3312185054sbndi_pspte.sqlite-shm" dev="s
окт 16 19:15:51 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:51 ubuntu audit[21944]: SYSCALL arch=c000003e syscall=257 success=yes exit=113 a0=ffffff9c a1=7f7bdf14ec92 a2=80042 a3=1a0 items=0 ppid=21935 pid=21944 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { create } for  pid=21944 comm=51756F74614D616E6167657220494F name="3312185054sbndi_pspte.sqlite-wal" scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:object_r:m
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { add_name } for  pid=21944 comm=51756F74614D616E6167657220494F name="3312185054sbndi_pspte.sqlite-wal" scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:object_r
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { write } for  pid=21944 comm=51756F74614D616E6167657220494F name="idb" dev="sda1" ino=19661027 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:object_r:mozilla
окт 16 19:15:51 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:51 ubuntu audit[21944]: SYSCALL arch=c000003e syscall=257 success=yes exit=97 a0=ffffff9c a1=7f7bdf148340 a2=80042 a3=1a4 items=0 ppid=21935 pid=21944 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { open } for  pid=21944 comm=6D6F7A53746F72616765202333 path="/home/user/.mozilla/firefox/3hczw0ph.default/content-prefs.sqlite" dev="sda1" ino=19660972 scontext=unconfined_u:unconfin
окт 16 19:15:51 ubuntu audit[21944]: AVC avc:  denied  { read } for  pid=21944 comm=6D6F7A53746F72616765202333 name="content-prefs.sqlite" dev="sda1" ino=19660972 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:obje
окт 16 19:15:50 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:50 ubuntu audit[22154]: SYSCALL arch=c000003e syscall=9 success=yes exit=140000065519616 a0=0 a1=678 a2=1 a3=1 items=0 ppid=21944 pid=22154 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=
окт 16 19:15:50 ubuntu audit[22154]: AVC avc:  denied  { map } for  pid=22154 comm=57656220436F6E74656E74 path="/home/user/.cache/fontconfig/a41116dafaf8b233ac2c61cb73f2ea5f-le64.cache-7" dev="sda1" ino=19660955 scontext=unconfined_u:unco
окт 16 19:15:50 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:50 ubuntu audit[22154]: SYSCALL arch=c000003e syscall=204 success=yes exit=8 a0=88 a1=20 a2=7f5436c352a0 a3=59 items=0 ppid=21944 pid=22154 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=
окт 16 19:15:50 ubuntu audit[22154]: AVC avc:  denied  { getsched } for  pid=22154 comm=57656220436F6E74656E74 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:unconfined_r:firejail_t:s0 tclass=process permissive=1
окт 16 19:15:50 ubuntu audit: PROCTITLE proctitle=2F7573722F6C69622F66697265666F782F66697265666F78002D636F6E74656E7470726F63002D6368696C6449440032002D6973466F7242726F77736572002D70726566734C656E003131383134002D7363686564756C65725072656673
окт 16 19:15:50 ubuntu audit[22154]: SYSCALL arch=c000003e syscall=141 success=yes exit=0 a0=0 a1=8d a2=0 a3=59 items=0 ppid=21944 pid=22154 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts
окт 16 19:15:50 ubuntu audit[22154]: AVC avc:  denied  { setsched } for  pid=22154 comm=57656220436F6E74656E74 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:unconfined_r:firejail_t:s0 tclass=process permissive=1
окт 16 19:15:50 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:50 ubuntu audit[22154]: SYSCALL arch=c000003e syscall=16 success=yes exit=0 a0=2 a1=5401 a2=7ffec07cd0f0 a3=59 items=0 ppid=21944 pid=22154 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=
окт 16 19:15:50 ubuntu audit[22154]: AVC avc:  denied  { use } for  pid=22154 comm=57656220436F6E74656E74 path="/dev/pts/0" dev="devpts" ino=3 ioctlcmd=0x5401 scontext=unconfined_u:unconfined_r:firejail_t:s0 tcontext=unconfined_u:unconfin
окт 16 19:15:50 ubuntu audit: PROCTITLE proctitle="/usr/lib/firefox/firefox"
окт 16 19:15:50 ubuntu audit[22154]: SYSCALL arch=c000003e syscall=59 success=yes exit=0 a0=7f7bdf1ff280 a1=7f7bdf15a560 a2=7f7bdf1c7800 a3=59 items=0 ppid=21944 pid=22154 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=10

Iggy-J on 16 Oct 2018

It looks like the problem is in FF itself. I opened about:config and changed the value of browser.tabs.remote.autostart to false, as it was adviced in one of the FF 60 bugreports. After that I can't reproduce the situation with crash on close and blank tabs. I'll keep on testing.

Iggy-J on 17 Oct 2018

Does it happen when you run firefox without firejail?

Vincent43 on 17 Oct 2018

No, I faced the problems only with FF+Firejail. The FF works stable outside of sandbox.

Iggy-J on 17 Oct 2018

Then it isn't FF problem. Did you tried with selinux disabled on boot?

Vincent43 on 17 Oct 2018

Yes, just a minute ago tried with fully disabled SELinux. The problem still exists, but it disappears if I switch that flag in FF.

Iggy-J on 18 Oct 2018

Is this still an issue with the latest firejail and firefox?