Firejail: Problems with kernel 5.4 and firejail

I can reproduce this on Linux 5.4:

$ firejail --appimage foobar.AppImage
Mounting appimage type 2
Error mounting appimage: appimage.c:122 appimage_set: Invalid argument

I'm not sure this is a firejail issue, as I'm seeing similar problems mounting (FUSE) filesystems on Linux 5.4 where firejail isn't involved. I'm in the middle of trying to determine what's going on exactly and will report back here if/when something relevant comes up.

I've worked around this with the following patch:

diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 7c60d918..bd9096c2 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -118,7 +118,7 @@ void appimage_set(const char *appimage) {
        }
        else {
                fmessage("Mounting appimage type 2\n");
-               if (mount(devloop, mntdir, "squashfs", flags,  mode) < 0)
+               if (mount(devloop, mntdir, "squashfs", flags, /*mode*/NULL) < 0)
                        errExit("mounting appimage");
        }

The squashfs driver had some API changes in 5.4, and the unsupported mode options are no longer ignored. As far as I can tell squashfs has never supported mode, they were just being ignored this whole time.

@Tuj3Bz90dV how do I turn that into a .patch file to modify the install for arch-based "ArcoLinux?"

(...Wonder why DuckDuckGo didn't find this page, and google only found got pages in Chinese, and this one (most "&-" tracking params removed): https://webcache.googleusercontent.com/search?q=cache:Oe4gjvSnzDEJ:https://forum.mxlinux.org/viewtopic.php%3Ff%3D118%26t%3D46090%26start%3D40+&hl=en)

@esotericDisciple Here's a worfkflow to add the above patch to a PKGBUILD for firejail-git:

• copy/paste the above diff into a file - e.g. appimage.patch - and save it into your PKGBUILD directory;
• add 'appimage.patch' (or whatever you named it) to the source array;
• add a prepare function to the PKGBUILD
  prepare() {
  cd firejail
  patch -Np1 -i ../appimage.patch
  }
• run updpkgsums
• run makepkg and install the resulting firejail archive.

Thanks @glitsj16 but it keeps rejecting the "hunk," a term that makes no sense to use but nevermind...Does it PKGBUILD have to be edited during the pikaur/yaourt install prompt? See, I can't figure out what the paths are different in the above examples and the snapshot of the AUR package itself ('cd firejail' won't work but 'cd "${srcdir}/${pkgname}"' or '/src/firejail-git/src/firejail,' will work for instance)...

@esotericDisciple Apologies for the untested advice above. I've gone ahead and fixed the relevant file directly. If you use a firejail-git PKGBUILD there's nothing extra that you need to do besides building that. In case you prefer a firejail PKGBUILD, follow the below instructions.

Does it PKGBUILD have to be edited during the pikaur/yaourt install prompt?

I don't use AUR helpers, but that's indeed the moment you will need to make a one-line change to the PKGBUILD. Try adding the below line in the build() function, directly after the cd it contains (whatever that might be):

cd "whatever"
sed -i -e 's/"squashfs", flags,  mode/"squashfs", flags, NULL/' src/firejail/appimage.c

Proceed as you always do and it should fix --appimage, I've tested it this time.
In case you notice the issue isn't fixed for you, please reopen this issue.

Probably it's a regression in the kernel, compare https://bugzilla.redhat.com/show_bug.cgi?id=1781863