Bug#898891: marked as done (firejail-profiles: firejail --name=... can no longer be used with the firefox profile)

[Debian Bug Tracking System]

Your message dated Wed, 3 Oct 2018 23:55:03 +0200
with message-id <20181003215503.gh9...@zira.vinc17.org>
and subject line Re: Bug#898891: firejail-profiles: firejail --name=... can no 
longer be used with the firefox profile
has caused the Debian Bug report #898891,
regarding firejail-profiles: firejail --name=... can no longer be used with the 
firefox profile
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
898891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898891
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: firejail-profiles
Version: 0.9.54-1
Severity: important

With the previous profiles, I could use the following firefox script:

exec /usr/bin/firejail --name=firefox firefox-esr "$@"

and everything was fine. After starting firefox, I could open a
new URL with it and didn't get any error. For instance:

cventin:~> firefox http://localhost/
Reading profile /etc/firejail/firefox-esr.profile
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: Sandbox name changed to firefox-1
Parent pid 20640, child pid 20641
Blacklist violations are logged to syslog
Child process initialized in 124.80 ms

Parent is shutting down, bye...
cventin:~>

With the new profile, the URL is still opened, but firejail now
terminates with an exit status 1. For instance:

cventin:~> firefox http://localhost/
Reading profile /etc/firejail/firefox-esr.profile
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: Sandbox name changed to firefox-1
Parent pid 22332, child pid 22333
Warning: An abstract unix socket for session D-BUS might still be available. 
Use --net or remove unix from --protocol set.
Post-exec seccomp protector enabled
Warning fseccomp: syscall "ni_syscall" not available on this platform
Warning fseccomp: syscall "umount" not available on this platform
Seccomp list in: 
@clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice,
 check list: @default-keep, prelist: 
adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 149.79 ms

Parent is shutting down, bye...
zsh: exit 1     firefox http://localhost/
cventin:~[1]>

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-1-amd64 (SMP w/12 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firejail-profiles depends on:
ii  firejail  0.9.54-1

firejail-profiles recommends no packages.

firejail-profiles suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Version: 0.9.56-2

On 2018-10-03 13:43:57 +0200, Reiner Herrmann wrote:
> Are you experiencing the issue also with firejail 0.9.56?

No problems with firejail 0.9.56-2. Closing.

> Can you try compiling/installing firejail from git
> (after uninstalling the Debian package):
>  https://github.com/netblue30/firejail.git
> And then start a bisection [1] of the commits between git tags
> 0.9.52 and 0.9.54? Maybe it's possible to figure out what's going
> wrong when we find the commit that causes it.

Note that the issue was not due to the firejail version, but due to
the firejail-profiles version.

-- 
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

--- End Message ---