Package: firejail
Followup-For: Bug #1015151
X-Debbugs-Cc: debbug.1015...@sideload.33mail.com
I did another test, this time ensuring that the profile was read:
$ firejail --net=vnet0 --dns="$(ip address show dev vnet0 | awk
'/inet\>/{gsub(/[/].*/,""); print $2 }')"\
--profile=<(printf '%s\n' 'ignore noroot')\
lynx -dump
'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015151'
Same output:
===8<------------------------------
Reading profile /dev/fd/63
…
firejail: util.c:910: create_empty_dir_as_root: Assertion `(s.st_mode & 07777)
== (mode)' failed.
Error: proc 15924 cannot sync with peer: unexpected EOF
Peer 15928 unexpectedly killed (Segmentation fault)
===8<------------------------------
So the “ignore noroot” option makes no difference.
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990,
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-16-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firejail depends on:
ii libapparmor1 2.13.6-10
ii libc6 2.31-13+deb11u3
ii libselinux1 3.1-3
Versions of packages firejail recommends:
ii firejail-profiles 0.9.64.4-2+deb11u1
ii iproute2 5.10.0-4
ii iptables 1.8.7-1
ii xauth 1:1.1-1
ii xdg-dbus-proxy 0.1.2-2
ii xpra 3.0.13+dfsg1-1
ii xvfb 2:1.20.11-1+deb11u1
firejail suggests no packages.
-- Configuration Files:
/etc/firejail/firejail.config changed [not included]
-- no debconf information
