Void-packages: Firejail: Firefox profile broken

Created on 20 Mar 2020  路  1Comment  路  Source: void-linux/void-packages

System

  • xuname:
    Void 5.4.26_1 x86_64 GenuineIntel uptodate rrFFFF
  • package:
    firejail-0.9.62_1

Expected behavior

Upon executing firejail firefox Firefox starts and remains listed in the output of firejail --top

Actual behavior

Firefox starts, appears for a brief moment in the output of firejail --top, then closes without ever opening a window. See footnote for the output of the command.

Steps to reproduce the behavior

  1. Install Firejail and Firefox (firefox-74.0_1 at the time of writing this)
  2. (important) Make sure no other Firefox process is running
  3. Run firejail --top on a terminal
  4. (optional) Run firejail watch echo 1 on a different terminal and confirm that it appears in the firejail --top output to make sure Firejail works as expected for other software
  5. Run firejail firefox on a different terminal, confirm that Firefox does not start and examine the output of the command

Footnotes

Installing AppArmor to silence the Firejail warnings doesn't fix this issue. Other X software such as HexChat and Chromium can run inside Firejail with no issues.

This was working some time ago but I can't remember the exact Firefox and Firejail versions. I think it may have been around the time of Firefox 70.

Output of the command:

~~~
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 4188, child pid 4189
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Post-exec seccomp protector enabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 118.78 ms

Parent is shutting down, bye...
~~~

Most helpful comment

>All comments

Was this page helpful?
0 / 5 - 0 ratings