I'm using Manjaro Linux. I have a Nvidia video card.
I have firefox on my system that was installed using the tar.gz package of the official site. I have put the firefox directory on /usr/lib/.
I can't start firefox using firejail firefox.
I have also tried firejail --allow-debuggers --ignore=seccomp --ignore=protocol firefox -no-remote, no success.
The output error message that I get when I do firejail firefoxis:
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 20536, child pid 20537
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 150.75 ms
Error: no suitable firefox executable found
Parent is shutting down, bye...
When I do firejail /usr/lib/firefox/firefox I get a firefox window (yupi!) but on my terminal I still get the above message and my prompt returns to state that is when opening a terminal, instead of the prompt staying idle (which is the state that is should be, meaning that the program is running). The prompt not being idle gives me the indication that maybe firefox isn't firejailed when running firejail /usr/lib/firefox/firefox.
My firefox version is 64.0.2 (64-bit)
My firejail --version is:
firejail version 0.9.56
Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled
alexandre1985
All 13 comments
I have firefox on my system that was installed using the tar.gz package of the official site.
Why not install from package manager?
I can't start firefox using firejail firefox.
Does the tar add a launcher/binary to bin? it will only search your path like normal
When I do firejail /usr/lib/firefox/firefox I get a firefox window (yupi!) but on my terminal I still get the above message and my prompt returns to state that is when opening a terminal
If you already have an existing instance of Firefox open, it will join it, and not spawn a new one
SkewedZeppelin
on 24 Jan 2019
I have made sudo ln -s /my/firefox/path /usr/bin/firefox and now firejail firefox works.
Thanks
alexandre1985
on 24 Jan 2019
I believe the problem was with the directory being /usr/lib/firefox/ because when I did whereis firefox it gave me:
firefox: /usr/bin/firefox /usr/lib/firefox /usr/local/bin/firefox
and /usr/lib/firefox isn't the program path, it should return /usr/lib/firefox/firefox instead.
I believe the problem comes from there.
Now, I have moved my firefox directory to another location and opening firefox through firefox.desktop is ok, running with firejail. So, no problem with that.
I have a symbolic link from /usr/local/bin/firefox to /usr/bin/firejail. To give you full information, I also have another symbolic link from /usr/bin/firefox to my new firefox path.
Now, when I run firefox it goes to /usr/local/bin/firefox -> /usr/bin/firejail so it is picking up firejail but I get this error message:
bash: /usr/lib/firefox/firefox: No such file or directory
So, it is my understanding that this error appears because firejail is grabbing the old firefox directory. I want firejail to update to the new firefox directory, how can I do that?
alexandre1985
on 25 Jan 2019
What does ls -lh /usr/bin/firefox give? I suspect that symbolic link points to /usr/lib/firefox/firefox...
chiraag-nataraj
on 25 Jan 2019
Also, to echo @SkewedZeppelin, why not just install firefox from the repositories?
chiraag-nataraj
on 25 Jan 2019
@chiraag-nataraj ls -lh /usr/bin/firefox gives the new firefox directory.
Installing firefox from the repository won't give updates to firefox automatically. I will only update firefox when the repository updates it, which is not that quick.
This is a firefox issue, I will try to create a new profile and see if that works.
Will submit this issue to firefox forum, thank you anyway :+1:
alexandre1985
on 25 Jan 2019
Installing firefox from the repository won't give updates to firefox automatically. I will only update firefox when the repository updates it, which is not that quick.
Manjaro Unstable has 66... https://repology.org/metapackage/firefox/versions
And if you only want to upgrade firefox to unstable while keeping everything else in stable, that should be possible via your package manager. What you're doing is an ugly hack because you will have to either manually check for and download updates or run firefox as root(!!) to have the autoupdater succeed. Neither is a good option.
chiraag-nataraj
on 25 Jan 2019
I manually check for updates, don't mind about that.
My firefox isn't as root.
How do I install firefox as unstable and keep everything else in stable @chiraag-nataraj ?
alexandre1985
on 25 Jan 2019
I manually check for updates, don't mind about that.
This is strictly inferior to using the package manager with well-maintained packages.
How do I install firefox as unstable and keep everything else in stable @chiraag-nataraj ?
I don't know Arch or Manjaro, but I suspect there's something similar to apt's pinning mechanism in Debian.
chiraag-nataraj
on 25 Jan 2019
I stand corrected: https://wiki.manjaro.org/index.php?title=System_Maintenance
chiraag-nataraj
on 25 Jan 2019
You could use the AUR...that might work?
chiraag-nataraj
on 25 Jan 2019
@chiraag-nataraj I think I will leave things as they are.
Thank you
alexandre1985
on 25 Jan 2019
I also have a firefox alias so that is why when I ran firefox on the terminal it went to /usr/lib/firefox/firefox. Just found out that.
It was a long time that I have configured that alias, so that's why I didn't remember.
Now everything is 100% well. Sorry :sweat_smile:
alexandre1985
on 27 Jan 2019
Related issues
ghost
路
3Comments
thiswillbeyourgithub
路
3Comments
HulaHoopWhonix
路
4Comments
ericschdt
路
3Comments
kmotoko
路
3Comments