github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #1520] Firejail MySQL #1016

New issue

Closed

opened 2026-05-05 07:18:40 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 07:18:40 -06:00

Owner

Originally created by @cjconstante on GitHub (Sep 3, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1520

Hi. I have been trying to run MySQL for a jailed web server with fireajil. When i try to start the jail, it can not start because i changed the bind-address to 10.10.X.X segment. It only runs on 127.0.0.1 bind-address.
This says the log:
Sep 1 08:05:43 debian78 mysqld: 32:mysqld_safe:open /dev/null:2
Sep 1 08:05:43 debian78 mysqld: /usr/bin/mysqld_safe: line 229: 3306: command not found
Sep 1 08:05:43 debian78 mysqld_safe: mysqld from pid file 101:sed:fopen64 /proc/filesystems:0x25b9040#012101:sed:open //lib/charset.alias:-1#012/var/lib/mysql/89:sed:fopen64 /proc/filesystems:0x186d040#01289:sed:open //lib/charset.alias:-1#012/var/run/mysqld/mysqld.pid ended
Sep 1 08:05:56 debian78 kernel: [11735.262445] br0: port 1(veth5583eth0) entered forwarding state
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:fopen /etc/services:0x289a300
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:fopen64 /etc/mysql/debian.cnf:0x289a510
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:socket AF_INET SOCK_STREAM IPPROTO_TCP:4
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:connect 4 10.10.20.20 port 3306:-1
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: #007/usr/bin/mysqladmin: connect to server at '10.10.20.20' failed
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: error: 'Can't connect to MySQL server on '10.10.20.20' (111 "Connection refused")'
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: Check that mysqld is running on 10.10.20.20 and that the port is 3306.
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: You can check this by doing 'telnet 10.10.20.20 3306'
Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]:

How i can fix this?

Originally created by @cjconstante on GitHub (Sep 3, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1520 Hi. I have been trying to run MySQL for a jailed web server with fireajil. When i try to start the jail, it can not start because i changed the bind-address to 10.10.X.X segment. It only runs on 127.0.0.1 bind-address. This says the log: Sep 1 08:05:43 debian78 mysqld: 32:mysqld_safe:open /dev/null:2 Sep 1 08:05:43 debian78 mysqld: /usr/bin/mysqld_safe: line 229: 3306: command not found Sep 1 08:05:43 debian78 mysqld_safe: mysqld from pid file 101:sed:fopen64 /proc/filesystems:0x25b9040#012101:sed:open //lib/charset.alias:-1#012/var/lib/mysql/89:sed:fopen64 /proc/filesystems:0x186d040#01289:sed:open //lib/charset.alias:-1#012/var/run/mysqld/mysqld.pid ended Sep 1 08:05:56 debian78 kernel: [11735.262445] br0: port 1(veth5583eth0) entered forwarding state Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:fopen /etc/services:0x289a300 Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:fopen64 /etc/mysql/debian.cnf:0x289a510 Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:socket AF_INET SOCK_STREAM IPPROTO_TCP:4 Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: 557:mysqladmin:connect 4 10.10.20.20 port 3306:-1 Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: #007/usr/bin/mysqladmin: connect to server at '10.10.20.20' failed Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: error: 'Can't connect to MySQL server on '10.10.20.20' (111 "Connection refused")' Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: Check that mysqld is running on 10.10.20.20 and that the port is 3306. Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: You can check this by doing 'telnet 10.10.20.20 3306' Sep 1 08:06:12 debian78 /etc/init.d/mysql[565]: How i can fix this?

gitea-mirror

2026-05-05 07:18:40 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:18:45 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Sep 3, 2017):

What profile are you using? What version of Firejail are you running? And what is the command you're using to start it? Are you using a separate network namespace?

@SkewedZeppelin commented on GitHub (Sep 3, 2017): What profile are you using? What version of Firejail are you running? And what is the command you're using to start it? Are you using a separate network namespace?

gitea-mirror commented

2026-05-05 07:18:47 -06:00

Author

Owner

@cjconstante commented on GitHub (Sep 3, 2017):

Thanks for reply.
firejail version 0.9.50~rc2. I have tried with previous version and from debian testing repository.
With and without profile i get the same.

This is the command:
firejail --profile=/usr/local/etc/firejail/mysql.profile --private --net=br0 --ip=10.10.20.20 /etc/init.d/mysql start; sleep inf &

I have this in the profile:

noblacklist /sbin
noblacklist /usr/sbin
noblacklist /var/log
read-write /var/lib/mysql
read-write /var/run/mysqld
noblacklist /var/lib/mysql/mysql.sock
noblacklist /var/lib/mysqld/mysql.sock
noblacklist /var/run/mysql/mysqld.sock
noblacklist /var/run/mysqld/mysqld.sock
# noblacklist /var/opt

@cjconstante commented on GitHub (Sep 3, 2017): Thanks for reply. firejail version 0.9.50~rc2. I have tried with previous version and from debian testing repository. With and without profile i get the same. This is the command: firejail --profile=/usr/local/etc/firejail/mysql.profile --private --net=br0 --ip=10.10.20.20 /etc/init.d/mysql start; sleep inf & I have this in the profile: ````` noblacklist /sbin noblacklist /usr/sbin noblacklist /var/log read-write /var/lib/mysql read-write /var/run/mysqld noblacklist /var/lib/mysql/mysql.sock noblacklist /var/lib/mysqld/mysql.sock noblacklist /var/run/mysql/mysqld.sock noblacklist /var/run/mysqld/mysqld.sock # noblacklist /var/opt `````

gitea-mirror commented

2026-05-05 07:18:49 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

@cjconstante Is this still an issue?

@chiraag-nataraj commented on GitHub (Aug 23, 2018): @cjconstante Is this still an issue?

gitea-mirror commented

2026-05-05 07:18:50 -06:00

Author

Owner

@cjconstante commented on GitHub (Aug 23, 2018):

@chiraag-nataraj I don't remember exactly because this was a year ago. I think i disabled the private and net flags and then i enabled the admin, net and write flags in the command to run it.

@cjconstante commented on GitHub (Aug 23, 2018): @chiraag-nataraj I don't remember exactly because this was a year ago. I think i disabled the private and net flags and then i enabled the admin, net and write flags in the command to run it.

gitea-mirror commented

2026-05-05 07:18:51 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

Mmkay. If you don't have the issue anymore, let's go ahead and close this. Feel free to reopen if you run into the issue again.

@chiraag-nataraj commented on GitHub (Aug 23, 2018): Mmkay. If you don't have the issue anymore, let's go ahead and close this. Feel free to reopen if you run into the issue again.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1016

No description provided.

Rows
Columns