Firejail: Pinta starts without menus
Hi,
using Ubuntu 16.04 Desktop 32-bit, so I installed firejail_0.9.56_1_i386.deb
$ firejail --version
firejail version 0.9.56
Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled
Starting "pinta" program from bash shell and program works fine.
Starting "firejail pinta" from bash shell and program starts without menus (PROBLEM).
To capture logs I did:
firejail --debug pinta &> pinta.txt
See attached file: pinta.txt
To narrow down the problem I copied original pinta.profile to my local config dir:
cp /etc/firejail/pinta.profile $HOME/.config/firejail/
and I commented out all commands from above file and from top down started uncommenting lines.
I have found out if I comment out both bellow lines:
#net none
#nodbus
then Pinta starts fine, menus displayed, problem solved.
But uncomment any of above two settings or uncomment both line, then Pinta does not display menus.
What should be the proper "cure" to fix this problem (except obvious commenting this two lines out).
Thanks
igor2x
All 8 comments
iirc this is an issue with unity/appindicators, #1728 contains some relevant information
SkewedZeppelin
on 20 Nov 2018
According to above web page I should install official firejail from Ubuntu package.
Removed current firejail
sudo apt-get remove --purge firejailMake sure there is no file in:
/usr/local/etc/firejail
/usr/local/bin/firejail
/usr/local/lib/x86_64-linux-gnu/firejail
$HOME/.config/firejail
Actually "firejail" dir/file do not even exists anymore.
Install firejail from official repository
sudo apt install firejailNow I have launched Pinta using firejail
firejail pinta
and Pinta started successfully and menus are displayed.I checked and pinta is jailed
firejail --listIt looks like problem solved. But immediately new problem pop-ed out.
When I start firefox:
firejail firefox
and type in some URL or select some bookmark and nothing happens, no web page loaded, just nothing, no indication that something is even happening.I have checked the firejail version:
firejail --version
firejail version 0.9.38.10
and I see some old version of firejail is installed from official Ubuntu repository.
I don't want to get into loop of: New version, whole new set of problems.
From gimp's bug report #1728 I also see firectl was supposed used, but when I do:
`firectl
I get:
firectl: command not foundI uninstalled firejail from official Ubuntu repository, because I just don't know how many additional problems will appear using official repo version and installed back firejail deb package from Firejail project web site. So now I am back to "firejail 0.9.56" version (the same as my first post in this bug report).
I also see I have reported few mounts ago very similar problem with menus not working in Firefox in bug #1942 and work-around solution was to create local file and disabling not working jailing feature. So now I did:
In /etc/firejail/ I created pinta.local file and typed in:
ignore net none
ignore nodbus
and now Pinta starts jailed with menus displayed.
This is similar workaround as in my first post of this thread but probably more error prone to potential profiles upgrades.
Don't know how good above work-around is, if some security feature is disabled, then program may in some way escape the sandbox jail.
igor2x
on 25 Nov 2018
Could you try it with the following pinta.local
env UBUNTU_MENUPROXY=0
#ignore net none
#ignore nodbus
smitsohu
on 26 Nov 2018
@smitsohu, I tried your setting and Pinta starts and displays menu and menus are working fine, but menu is not positioned on most top (where I like it), but little bit lower. So this solution semi-fixes the problem.
Terminal output of firejail pinta is:
Reading profile /etc/firejail/pinta.profile
Reading profile /etc/firejail/pinta.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Parent pid 15765, child pid 15768
Warning fseccomp: --protocol not supported on this platform
Child process initialized in 152.71 ms* (Pinta:4): WARNING *: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-1GcVFmW2bk: Connection refused
igor2x
on 29 Nov 2018
I guess env UBUNTU_MENUPROXY=0 is then the best solution we have in this moment.
A third approach would be to fiddle with Apparmor, which provides quite fine grained control over D-Bus.
smitsohu
on 29 Nov 2018
@igor2x Is this still an issue?
chiraag-nataraj
on 20 May 2019
@chiraag-nataraj, I currently use firejail 0.9.58.2 and there is the same problem.
I currently use /etc/firejail/pinta.local with settings:
ignore net none
ignore nodbus
Currently the best I can think of...
P.S. This is not such a crucial problem for me, if you like to close down the bug report it is fine with me. Pinta is currently more or less death project. The last official stable version was released 4 years ago. Probably not a lot of users are using it now days.
igor2x
on 21 May 2019
@igor2x I'll probably close this then, since you've found a workaround that works on your end. And wow, yeah...it hasn't been updated in a _long_ time...surprised the version in Debian sid is even still installable...
chiraag-nataraj
on 21 May 2019
Related issues
ericschdt
路
3Comments
reinerh
路
3Comments
bryce-lynch
路
4Comments
thiswillbeyourgithub
路
3Comments
yourcelf
路
4Comments
Most helpful comment
@smitsohu, I tried your setting and Pinta starts and displays menu and menus are working fine, but menu is not positioned on most top (where I like it), but little bit lower. So this solution semi-fixes the problem.
Terminal output of
firejail pintais: