Your message dated Tue, 29 Aug 2017 21:56:44 +0000
with message-id <[email protected]>
and subject line Bug#872287: fixed in firejail 0.9.50~rc1-1
has caused the Debian Bug report #872287,
regarding firejail: Can not play a youtube video in mpv (with youtube-dl
support) when using firejail
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
872287: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872287
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: firejail
Version: 0.9.44.8-2
Severity: normal
Dear Maintainer,
if I play a youtube video with mpv without using firejail it works well but if
I use the included firejail profile for mpv it fails.
firejail --debug mpv https://www.youtube.com/embed/ucRWyGKBVzo
Autoselecting /bin/bash as shell
Command name #mpv#
Found mpv profile in /etc/firejail directory
Reading profile /etc/firejail/mpv.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Checking /usr/local/bin/mpv
firejail exec symlink detected
Checking /usr/bin/mpv
Checking /usr/local/bin/youtube-dl
Checking /usr/local/bin/python2.7
Checking /usr/bin/python2.7
DISPLAY :0, 0
Using the local network stack
Parent pid 4361, child pid 4362
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/martin/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Copying files in the new home:
Checking /usr/local/bin/mpv
firejail exec symlink detected
Checking /usr/bin/mpv
running: /run/firejail/mnt/cp -a /usr/bin/mpv /run/firejail/mnt/bin/mpvChecking
/usr/local/bin/youtube-dl
running: /run/firejail/mnt/cp -a /usr/local/bin/youtube-dl
/run/firejail/mnt/bin/youtube-dlChecking /usr/local/bin/python2.7
Checking /usr/bin/python2.7
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/module
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /dev/kmsg
Disable /proc/kmsg
Disable /home/martin/.zsh_history
Disable /home/martin/.bash_history
Mounting read-only /home/martin/.local/share/applications
Disable /home/martin/.config/autostart
Disable /etc/xdg/autostart
Disable /etc/X11/Xsession.d
Disable /var/spool/cron
Disable /var/spool/anacron
Disable /run/acpid.socket
Disable /etc/cron.d
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.daily
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/anacrontab
Mounting read-only /home/martin/.profile
Mounting read-only /home/martin/.bashrc
Mounting read-only /home/martin/.bash_logout
Mounting read-only /home/martin/.zshrc
Mounting read-only /home/martin/.profile
Mounting read-only /home/martin/.nano
Disable /home/martin/.ssh
Disable /home/martin/.gnupg
Disable /etc/shadow
Disable /etc/gshadow
Disable /etc/passwd-
Disable /etc/group-
Disable /etc/shadow-
Disable /etc/gshadow-
Disable /etc/ssh
Disable /sbin
Disable /usr/sbin
Disable /usr/local/sbin
Disable /home/martin/.FBReader
Disable /home/martin/.config/Atom
Disable /home/martin/.config/gthumb
Disable /home/martin/.config/transmission
Disable /home/martin/.config/libreoffice
Disable /home/martin/.config/eog
Disable /home/martin/.config/spotify
Disable /home/martin/.config/vlc
Not blacklist /home/martin/.config/mpv
Disable /home/martin/.config/totem
Disable /home/martin/.thunderbird
Disable /home/martin/.config/midori
Disable /home/martin/.mozilla
Disable /home/martin/.config/chromium
Disable /home/martin/.config/google-chrome
Disable /home/martin/.config/google-chrome-beta
Disable /home/martin/.config/vivaldi
Disable /home/martin/.config/epiphany
Disable /home/martin/.config/evolution
Disable /home/martin/.local/share/evolution
Disable /home/martin/.cache/evolution
Disable /home/martin/.config/tox
Disable /home/martin/.cache/gajim
Disable /home/martin/.local/share/gajim
Disable /home/martin/.config/gajim
Disable /home/martin/.steam
Disable /home/martin/.gitconfig
Disable /home/martin/.cache/mozilla
Disable /home/martin/.cache/epiphany
Disable /home/martin/.cache/spotify
Disable /home/martin/.cache/thunderbird
Disable /home/martin/.local/share/epiphany
Disable /home/martin/.local/share/spotify
Disable /home/martin/.local/share/totem
Disable /usr/include
Disable /usr/lib/valgrind
Disable /usr/share/perl-openssl-defaults
Disable /usr/share/perl
Disable /usr/share/perl5
Disable /usr/lib/perl5
Disable /usr/lib/ruby
Disable /home/martin/.pki/nssdb
Disable /sys/fs
DISPLAY :0, 0
Dropping all capabilities
Set protocol filter: unix,inet,inet6
Dual i386/amd64 seccomp filter configured
SECCOMP Filter:
VALIDATE_ARCHITECTURE
EXAMINE_SYSCAL
UNKNOWN ENTRY!!!
UNKNOWN ENTRY!!!
UNKNOWN ENTRY!!!
BLACKLIST 165 mount
BLACKLIST 166 umount2
BLACKLIST 101 ptrace
BLACKLIST 246 kexec_load
BLACKLIST 320 kexec_file_load
BLACKLIST 304 open_by_handle_at
BLACKLIST 303 name_to_handle_at
BLACKLIST 175 init_module
BLACKLIST 313 finit_module
BLACKLIST 174 create_module
BLACKLIST 176 delete_module
BLACKLIST 172 iopl
BLACKLIST 173 ioperm
BLACKLIST 251 ioprio_set
BLACKLIST 167 swapon
BLACKLIST 168 swapoff
BLACKLIST 103 syslog
BLACKLIST 310 process_vm_readv
BLACKLIST 311 process_vm_writev
BLACKLIST 139 sysfs
BLACKLIST 156 _sysctl
BLACKLIST 159 adjtimex
BLACKLIST 305 clock_adjtime
BLACKLIST 212 lookup_dcookie
BLACKLIST 298 perf_event_open
BLACKLIST 300 fanotify_init
BLACKLIST 312 kcmp
BLACKLIST 248 add_key
BLACKLIST 249 request_key
BLACKLIST 250 keyctl
BLACKLIST 134 uselib
BLACKLIST 163 acct
BLACKLIST 154 modify_ldt
BLACKLIST 155 pivot_root
BLACKLIST 206 io_setup
BLACKLIST 207 io_destroy
BLACKLIST 208 io_getevents
BLACKLIST 209 io_submit
BLACKLIST 210 io_cancel
BLACKLIST 216 remap_file_pages
BLACKLIST 237 mbind
BLACKLIST 239 get_mempolicy
BLACKLIST 238 set_mempolicy
BLACKLIST 256 migrate_pages
BLACKLIST 279 move_pages
BLACKLIST 278 vmsplice
BLACKLIST 161 chroot
BLACKLIST 184 tuxcall
BLACKLIST 169 reboot
BLACKLIST 180 nfsservctl
BLACKLIST 177 get_kernel_syms
RETURN_ALLOW
Save seccomp filter, size 880 bytes
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
starting application
LD_PRELOAD=(null)
execvp argument 0: mpv
execvp argument 1: https://www.youtube.com/embed/ucRWyGKBVzo
Child process initialized
monitoring pid 6
Playing: https://www.youtube.com/embed/ucRWyGKBVzo
[ytdl_hook] youtube-dl failed, trying to play URL directly ...
[ffmpeg] tls: The TLS connection was non-properly terminated.
Failed to recognize file format.
Exiting... (Errors when loading file)
Sandbox monitor: waitpid 6 retval 6 status 512
Parent is shutting down, bye...
firejail --trace mpv https://www.youtube.com/embed/ucRWyGKBVzo
Reading profile /etc/firejail/mpv.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 4833, child pid 4834
Child process initialized
6:mpv:fopen /proc/filesystems:0x563a656d6070
6:mpv:access /etc/selinux/config:-1
6:mpv:fopen /proc/self/status:0x563a6570d820
6:mpv:opendir /sys/devices/system/node:0x563a6570d820
6:mpv:fopen /sys/devices/system/node/node0/meminfo:0x563a65715860
6:mpv:fopen /proc/self/status:0x563a6570d820
6:mpv:mkdir /home:-1
6:mpv:mkdir /home/martin:-1
6:mpv:mkdir /home/martin/.config:-1
6:mpv:mkdir /home/martin/.config/mpv:-1
Playing: https://www.youtube.com/embed/ucRWyGKBVzo
6:mpv:access /etc/fonts/fonts.conf:0
6:mpv:access /etc/fonts/conf.d:0
6:mpv:opendir /etc/fonts/conf.d:0x7fe88c06fc50
6:mpv:access /etc/fonts/conf.d/10-scale-bitmap-fonts.conf:0
6:mpv:access /etc/fonts/conf.d/11-lcdfilter-default.conf:0
6:mpv:access /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans-mono.conf:0
6:mpv:access /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans.conf:0
6:mpv:access /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-serif.conf:0
6:mpv:access /etc/fonts/conf.d/20-unhint-small-dejavu-sans-mono.conf:0
6:mpv:access /etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf:0
6:mpv:access /etc/fonts/conf.d/20-unhint-small-dejavu-serif.conf:0
6:mpv:access /etc/fonts/conf.d/20-unhint-small-vera.conf:0
6:mpv:access /etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf:0
6:mpv:access /etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf:0
6:mpv:access /etc/fonts/conf.d/30-metric-aliases.conf:0
6:mpv:access /etc/fonts/conf.d/30-urw-aliases.conf:0
6:mpv:access /etc/fonts/conf.d/31-cantarell.conf:0
6:mpv:access /etc/fonts/conf.d/40-nonlatin.conf:0
6:mpv:access /etc/fonts/conf.d/45-latin.conf:0
6:mpv:access /etc/fonts/conf.d/49-sansserif.conf:0
6:mpv:access /etc/fonts/conf.d/50-user.conf:0
6:mpv:access /home/martin/.config/fontconfig/conf.d:-1
6:mpv:access /home/martin/.config/fontconfig/conf.d:-1
6:mpv:access /home/martin/.config/fontconfig/fonts.conf:0
6:mpv:access /home/martin/.config/fontconfig/fonts.conf:0
6:mpv:access /home/martin/.fonts.conf.d:-1
6:mpv:access /home/martin/.fonts.conf.d:-1
6:mpv:access /home/martin/.fonts.conf:-1
6:mpv:access /home/martin/.fonts.conf:-1
6:mpv:access /etc/fonts/conf.d/51-local.conf:0
6:mpv:access /etc/fonts/local.conf:-1
6:mpv:access /etc/fonts/local.conf:-1
6:mpv:access /etc/fonts/conf.d/57-dejavu-sans-mono.conf:0
6:mpv:access /etc/fonts/conf.d/57-dejavu-sans.conf:0
6:mpv:access /etc/fonts/conf.d/57-dejavu-serif.conf:0
6:mpv:access /etc/fonts/conf.d/58-dejavu-lgc-sans-mono.conf:0
6:mpv:access /etc/fonts/conf.d/58-dejavu-lgc-sans.conf:0
6:mpv:access /etc/fonts/conf.d/58-dejavu-lgc-serif.conf:0
6:mpv:access /etc/fonts/conf.d/60-latin.conf:0
6:mpv:access /etc/fonts/conf.d/65-fonts-lmodern.conf:0
6:mpv:access /etc/fonts/conf.d/65-fonts-persian.conf:0
6:mpv:access /etc/fonts/conf.d/65-nonlatin.conf:0
6:mpv:access /etc/fonts/conf.d/69-unifont.conf:0
6:mpv:access /etc/fonts/conf.d/70-no-bitmaps.conf:0
6:mpv:access /etc/fonts/conf.d/80-delicious.conf:0
6:mpv:access /etc/fonts/conf.d/90-fonts-linux-libertine.conf:0
6:mpv:access /etc/fonts/conf.d/90-synthetic.conf:0
6:mpv:access /etc/fonts/conf.d:0
6:mpv:open64 /dev/null:11
[ytdl_hook] youtube-dl failed, trying to play URL directly ...
6:mpv:fopen /etc/hosts:0x7fe888000f00
6:mpv:socket AF_INET SOCK_DGRAM IPPROTO_IP:7
6:mpv:connect 7 127.0.2.1 port 53:0
6:mpv:socket AF_INET SOCK_STREAM IPPROTO_TCP:7
6:mpv:connect 7 172.217.0.14 port 443:-1
6:mpv:fopen /etc/ssl/certs/ca-certificates.crt:0x7fe8880023b0
[ffmpeg] tls: The TLS connection was non-properly terminated.
Failed to recognize file format.
Exiting... (Errors when loading file)
Parent is shutting down, bye...
Best regards,
Martin
-- System Information:
Debian Release: 9.1
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.11.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages firejail depends on:
ii libapparmor1 2.11.0-3
ii libc6 2.24-11+deb9u1
Versions of packages firejail recommends:
ii iptables 1.6.0+snapshot20161117-6
ii xauth 1:1.0.9-1+b2
ii xserver-xephyr 2:1.19.2-1+deb9u1
firejail suggests no packages.
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Source: firejail
Source-Version: 0.9.50~rc1-1
We believe that the bug you reported is fixed in the latest version of
firejail, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reiner Herrmann <[email protected]> (supplier of updated firejail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Aug 2017 18:31:22 +0200
Source: firejail
Binary: firejail firejail-profiles
Architecture: source
Version: 0.9.50~rc1-1
Distribution: experimental
Urgency: low
Maintainer: Reiner Herrmann <[email protected]>
Changed-By: Reiner Herrmann <[email protected]>
Description:
firejail - sandbox to restrict the application environment
firejail-profiles - profiles for the firejail application sandbox
Closes: 866014 869707 872287 872720
Changes:
firejail (0.9.50~rc1-1) experimental; urgency=low
.
* New upstream release candidate.
- Several profile fixes (Closes: #866014, #872287, #872720)
Thanks to Martin Dosch for the reports and a patch.
- Improve cross build support (Closes: #869707)
Thanks to Helmut Grohne for providing the patch.
* debian/copyright: Switch URLs to https.
* Bump Standards-Version to 4.1.0.
Checksums-Sha1:
a3617bd9612e255d72c395314a7d1aaebd003bb2 2469 firejail_0.9.50~rc1-1.dsc
e8ea2f86bfdd9b02f4213ad82d2b80842da129b9 277012 firejail_0.9.50~rc1.orig.tar.xz
f0823570c3ef822cebd63fa2fa721afff9ad5d63 488
firejail_0.9.50~rc1.orig.tar.xz.asc
b8b8916791a5ecda842bd3245105dde7919a174f 8500
firejail_0.9.50~rc1-1.debian.tar.xz
49768cbc1dad262a8e61a7b769b64ab09bfbe1d9 5567
firejail_0.9.50~rc1-1_source.buildinfo
Checksums-Sha256:
70a42a41608645f12ec180df6307ce53f6c60ac3d2aad6787ee559acac5f6ceb 2469
firejail_0.9.50~rc1-1.dsc
44e3bf0edd15b2b8b9d406aaaf9ad1746b1316467baa9a9490b494ba11d5c33d 277012
firejail_0.9.50~rc1.orig.tar.xz
27cdda649b549479f4c50c59b7bfb494c4e70cff7c9b8ae378292a5aeeb3903e 488
firejail_0.9.50~rc1.orig.tar.xz.asc
3bc7b6abd06ce06053e9f04a3f48b222184e62b944118a75a858379016f171d3 8500
firejail_0.9.50~rc1-1.debian.tar.xz
28ce8ca8fd7ed6a54ff2303884dc9adddd9c6b76bc47576394c5e2d577310717 5567
firejail_0.9.50~rc1-1_source.buildinfo
Files:
9003916801bd3708a9252c3ee4353c2e 2469 utils optional firejail_0.9.50~rc1-1.dsc
76f1246a2939aa799c6fe357ec30650f 277012 utils optional
firejail_0.9.50~rc1.orig.tar.xz
8677381ed1c6c11a6d094e470ea2cde0 488 utils optional
firejail_0.9.50~rc1.orig.tar.xz.asc
dff7eb012bdd24325f71703b10b07b77 8500 utils optional
firejail_0.9.50~rc1-1.debian.tar.xz
f072cceed4a7bc663b93a818d95d011c 5567 utils optional
firejail_0.9.50~rc1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE2Pb6feok2Q1urHM7zPBJKNsO6qcFAlmlsIgACgkQzPBJKNsO
6qf+iw/9E0LFog0HnIkYqf3PossdzpK56nVy9eNVu+UQ5V8BwhaKZadC0MmqRT0w
3zKYL5BeaTFMcD5aLXV2pN3QA7e6FkP3/ZquHv0lszB7tGagqmDkgNX9jIpygPDH
IszEZM/51FUDbFUnANQ0JucjCoQawvkCqyFZmsUDmlHttulMHTCmr0q/VFND9ci2
9qqRRa4vvSkCQkKzfCc2XeQQhGJJaVRRs/8eiv+Q83pLAAgcDN41aTx8oCP56uPO
VepEi0RKbDNGl4RjAZ5KJ0lSc5sLtuSB9AF0Jh4stS/YGCuO4fGPyBBqdCn0s2xz
yI27pbBphbulRH/IoxrYUl3521ynQS3oSXHyA/z+bF0+BrbFs00tUxjzEKSXr3kc
4d12/aQyUMvWUAU1WtoxJ50dZhd9JkSJ8PeEreiAvHNp53ZOFZvQG7GOoegzzGM1
5Cko+FzsyVDUHFbEu+47LUuYpIlvp1IPdTRXlIkQpf1I8Ih5QjdEZwQmImVqbigZ
/cd8W/jBFfpKx8X+exJO/p1JjKicdxO62kdJZp4md/Q0ntLu/HZmDlhpsCKfrGUe
7tMjFYLOIPBOUZ2bgI/lY4tBV3N4652CNFQqa9ezsd3/rv3ByUrEio1YEMV6aRA+
S1go3LtvyluxaC4VG0NlBNI7zodDJJSUkFBSPuEZbgBAk2E46DQ=
=2gaW
-----END PGP SIGNATURE-----
--- End Message ---
