Firejail: Firejail breaks gajim

Created on 20 Oct 2018  Â·  13Comments  Â·  Source: netblue30/firejail

Using latest version of firejail. Here's the output of 'gajim':

➜  ~ gajim                                                                                                                    
Reading profile /etc/firejail/gajim.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 28273, child pid 28274
Warning: skipping alsa for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping pki for private /etc
Private /etc installed in 35.31 ms
10 programs installed in 11.73 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Child process initialized in 125.34 ms
execvp: No such file or directory

Parent is shutting down, bye...
picture qazip

All 13 comments

I can't replicate on Arch. What distro and version of gajim are you using?
Cheers!

Fred-Barclay picture Fred-Barclay on 20 Oct 2018
👍1 
➜  ~ pacman -Q gajim firejail
gajim 1.0.3-3
firejail 0.9.56-1

I am using antergos. I used firecfg.

qazip picture qazip on 20 Oct 2018

@Fred-Barclay, why would you not be able to replicate? Can you provide your gajim profile and both versions of your firejail and gajim?

qazip picture qazip on 21 Oct 2018

I don't know. :confused: I've build firejail from yesterday's commit (7c481eb43c3a737eeb5a0e4fc089efa281549e4c) so my profile is https://github.com/netblue30/firejail/blob/92bff8a23c8d7eb89c9bc1c1f9c8a74f74524fc2/etc/gajim.profile

Fred-Barclay picture Fred-Barclay on 21 Oct 2018

I too cannot reproduce under firejail from master with gajim 1.0.3

You might have a broken install of python or something under Antergos, have you fully updated recently?
sudo pacman -Syyuu

SkewedZeppelin picture SkewedZeppelin on 21 Oct 2018
👍1

That is weird. I have everything properly updated. I tried running with that profile and it still doesn't run. Though it runs with --noprofile. What exactly does --noprofile do? Later I will try commenting line by line, to see where it breaks..

qazip picture qazip on 22 Oct 2018

So, I found out that commenting #private-bin python,python3,sh,gpg,gpg2,gajim makes it work. Any idea why?

qazip picture qazip on 22 Oct 2018
👍1

If you run firejail --build gajim and then close the program again, there should be a line with private-bin.

Does it contain something that is not yet in the profile?

EDIT: Nevermind, I just realized it is not working with Gajim.

smitsohu picture smitsohu on 30 Oct 2018

I can confirm the same error on Ubuntu 18.10 with

Gajim 1.1.0 beta1-1 and
firejail 0.9.56-1 ubuntu18.10.0

Commenting private-bin as above mentioned makes gajim work again.

cron0mat picture cron0mat on 31 Oct 2018

Same for me on Debian stretch with
Gajim 1.1.0-beta2-1
Firejail 0.9.56-2

Seems only to be a problem though if apparmor is enabled.
private-bin workaround is working here as well.

Gronkdalonka picture Gronkdalonka on 12 Nov 2018

I had the same problem. (F29, Gajim 1.0.3)

See #2313. Does ceb47b1 work for everyone?

rusty-snake picture rusty-snake on 27 Dec 2018

If this works for all, we can close here.

rusty-snake picture rusty-snake on 28 Dec 2018

Closing here, feel free to reopen.

rusty-snake picture rusty-snake on 10 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nuxwin picture nuxwin  Â·  3Comments
thiswillbeyourgithub picture thiswillbeyourgithub  Â·  3Comments
dandelionred picture dandelionred  Â·  3Comments
crass picture crass  Â·  3Comments
yourcelf picture yourcelf  Â·  4Comments