Bug#823365: Ahh ... Probably already fixed upstream
Hi Guy, On Thu, May 05, 2016 at 01:26:04PM +0100, Guy Heatley wrote: > > Can you please recheck with libselinux1 2.5-1 (when it lands in testing) > > and tell me if it solved your problem? > > I certainly will. > > BTW, the workaround detailed on the github site seems to work, namely > adding this switch to the commandline: Did you already have the possibility to check if firejail works again without the workaround? Kind regards, Reiner signature.asc Description: Digital signature
Bug#823365: Ahh ... Probably already fixed upstream
On 21/05/2016 22:31, Reiner Herrmann wrote: > Hi Guy, > > Did you already have the possibility to check if firejail works again > without the workaround? > > Kind regards, > Reiner > Hi Reiner, Apologies for my tardy response! Yes - it worked without requiring to apply the workaround, once the new SE Linux version was installed. Cheers, -- Guy signature.asc Description: OpenPGP digital signature
Bug#823365: Ahh ... Probably already fixed upstream
https://github.com/netblue30/firejail/issues/494 "A recent libselinux1 update (2.5-1) introduces a bug where it attempts to re-mount /proc directory." This issue is closed on the Github site so hopefully will shortly filter down into testing. -- Guy signature.asc Description: OpenPGP digital signature
Bug#823365: Ahh ... Probably already fixed upstream
Control: tags -1 + moreinfo Hi Guy, On Wed, May 04, 2016 at 05:40:41PM +0100, Guy Heatley wrote: > > https://github.com/netblue30/firejail/issues/494 > "A recent libselinux1 update (2.5-1) introduces a bug where it attempts > to re-mount /proc directory." > > This issue is closed on the Github site so hopefully will shortly filter > down into testing. I also assume that you ran into this libselinux1 regression. Can you please recheck with libselinux1 2.5-1 (when it lands in testing) and tell me if it solved your problem? Kind regards, Reiner signature.asc Description: Digital signature
Bug#823365: Ahh ... Probably already fixed upstream
On 04/05/2016 18:28, Reiner Herrmann wrote: >> https://github.com/netblue30/firejail/issues/494 > I also assume that you ran into this libselinux1 regression. > Can you please recheck with libselinux1 2.5-1 (when it lands in testing) > and tell me if it solved your problem? > > Kind regards, > Reiner > Hi Reiner, I certainly will. BTW, the workaround detailed on the github site seems to work, namely adding this switch to the commandline: --seccomp.drop=umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,nfsservctl,get_kernel_syms Cheers, -- Guy signature.asc Description: OpenPGP digital signature
