firejail xreader
if there's not a symlink in /usr/local/bin), try to open a pdf, and post the output?Firejail beta-testers wanted!
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
- Fred Barclay
- Level 12
- Posts: 4185
- Joined: Sat Sep 13, 2014 11:12 am
- Location: USA primarily
Re: Firejail beta-testers wanted!
slipstick: no idea. Can you run xreader from terminal (or
- slipstick
- Level 6
- Posts: 1071
- Joined: Sun Oct 21, 2012 9:56 pm
- Location: Somewhere on the /LL0 scale
Re: Firejail beta-testers wanted!
With no symlink in /usr/local/bin:
With the symlink:
In both cases, I don't get the chance to try to open a pdf.
And here's my /etc/firejail/xreader.profile:
EDIT:
Here's some lines from the end of my syslog that may be of interest:
Code: Select all
steve@steve-Z97X ~ $ firejail xreader
Reading profile /etc/firejail/xreader.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Parent pid 18413, child pid 18414
Private /etc installed in 12.11 ms
3 programs installed in 4.75 ms
Blacklist violations are logged to syslog
Child process initialized in 69.96 ms
Parent is shutting down, bye...
Code: Select all
steve@steve-Z97X ~ $ xreader
Reading profile /etc/firejail/xreader.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Parent pid 18459, child pid 18460
Private /etc installed in 3.14 ms
3 programs installed in 1.99 ms
Blacklist violations are logged to syslog
Child process initialized in 43.32 ms
Parent is shutting down, bye...
steve@steve-Z97X ~ $
And here's my /etc/firejail/xreader.profile:
Code: Select all
# Firejail profile for xreader
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/xreader.local
# Persistent global definitions
include /etc/firejail/globals.local
noblacklist ${HOME}/.cache/xreader
noblacklist ${HOME}/.config/xreader
# noblacklist ${HOME}/.local/share
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
# Breaks xreader on Mint 18.3
# include /etc/firejail/whitelist-var-common.inc
# apparmor
caps.drop all
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix
seccomp
shell none
tracelog
private-bin xreader,xreader-previewer,xreader-thumbnailer
private-dev
private-etc fonts,ld.so.cache
private-tmp
memory-deny-write-execute
noexec ${HOME}
noexec /tmp
Here's some lines from the end of my syslog that may be of interest:
Code: Select all
May 30 23:09:38 steve-Z97X kernel: [44662.543651] audit: type=1326 audit(1527739778.317:30): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=18257 comm="xreader" exe="/usr/local/bin/xreader" sig=31 arch=c000003e syscall=10 compat=0 ip=0x7fac496a8777 code=0x0
May 30 23:10:25 steve-Z97X firejail[4]: blacklist violation - sandbox 18278, exe xed, syscall opendir, path /home/steve/.config/enchant
May 30 23:14:38 steve-Z97X kernel: [44962.675765] audit: type=1326 audit(1527740078.460:31): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=18422 comm="xreader" exe="/usr/local/bin/xreader" sig=31 arch=c000003e syscall=10 compat=0 ip=0x7f4e94c1f777 code=0x0
May 30 23:16:04 steve-Z97X kernel: [45048.737183] audit: type=1326 audit(1527740164.527:32): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=18468 comm="xreader" exe="/usr/bin/xreader" sig=31 arch=c000003e syscall=10 compat=0 ip=0x7f00980d9777 code=0x0
May 30 23:17:01 steve-Z97X CRON[18485]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
May 30 23:20:24 steve-Z97X firejail[4]: blacklist violation - sandbox 18521, exe xed, syscall opendir, path /home/steve/.config/enchant
In theory, theory and practice are the same. In practice, they ain't.
- slipstick
- Level 6
- Posts: 1071
- Joined: Sun Oct 21, 2012 9:56 pm
- Location: Somewhere on the /LL0 scale
Re: Firejail beta-testers wanted!
Just found another "problem". I can't open some config files in my home directory with xed. For example, if I try (from Nemo) to open ~/.config/geany/geany.conf, I get a message "Could not open the file /home/steve/.config/geany/geany.conf "You do not have the permissions necessary to open the file". This is a file that I own in my home directory with permissions of -rw-rw-r--. Removing the symlink xed in /usr/local/bin allows me to open this. Maybe it's intentional for firejail to prevent opening these config files, but IMO, that's just too restrictive.
In theory, theory and practice are the same. In practice, they ain't.
Re: Firejail beta-testers wanted!
Hi Fred,
I know firejail 0.9.54 is out (I'm running it now), perhaps this'll help for 0.9.55?
Firejailing thunderbird stops my FireTray add-on and also my lightning calender, looks like a dbus issue.
I know firejail 0.9.54 is out (I'm running it now), perhaps this'll help for 0.9.55?
Firejailing thunderbird stops my FireTray add-on and also my lightning calender, looks like a dbus issue.
...
(thunderbird:9): libunity-CRITICAL **: 17:15:05.537: unity-launcher.vala:157: Unable to connect to session bus: Unknown or unsupported transport “DBUS_SESSION_BUS_ADDRESS=unix” for address “DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus”
...
- Fred Barclay
- Level 12
- Posts: 4185
- Joined: Sat Sep 13, 2014 11:12 am
- Location: USA primarily
Re: Firejail beta-testers wanted!
It's intentional in this case. I'll get a workaround posted.
- slipstick
- Level 6
- Posts: 1071
- Joined: Sun Oct 21, 2012 9:56 pm
- Location: Somewhere on the /LL0 scale
Re: Firejail beta-testers wanted!
Fred - your post today on FIrejail and Mint 19 reminded me of this thread. I'm still using LM18.3 (holding off on installing 19 until things settle down a bit and/or a new .iso is released) and firejail version 0.9.54. I'm still running with /usr/local/bin/xreader removed (because otherwise I can't read .pdf files) and with /usr/local/bin/xed removed (because otherwise I can't edit some config files in my home directory using xed). Any changes since your last post here?
In theory, theory and practice are the same. In practice, they ain't.
- Fred Barclay
- Level 12
- Posts: 4185
- Joined: Sat Sep 13, 2014 11:12 am
- Location: USA primarily
Re: Firejail beta-testers wanted!
Sorry, no change yet. There's an ugly work-around but I'm trying to figure out a better one. Let me scratch my brains a little on that...
- slipstick
- Level 6
- Posts: 1071
- Joined: Sun Oct 21, 2012 9:56 pm
- Location: Somewhere on the /LL0 scale
Re: Firejail beta-testers wanted!
Thanks for your help. The problem with not being able to use xed to edit config files in my /home is not a big deal - I don't need to do that often and can work around it - really more of an attitude on my part that I should be able to do what I want to files I own. But I would like to get the xreader problem fixed - can't believe I'm the only one with that problem.
In theory, theory and practice are the same. In practice, they ain't.