github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #1755] Various Issues #1190

New issue
Closed
opened 2026-05-05 07:37:42 -06:00 by gitea-mirror · 5 comments
gitea-mirror commented 2026-05-05 07:37:42 -06:00
Owner
Copy link

Originally created by @SkewedZeppelin on GitHub (Jan 29, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1755

Below is a comment by @bmeh copied from here

I would like to note that Electron apps (too) (Wire, for example, amongst many others) have not been working for me for a few months now. I am getting error while loading shared libraries: libnode.so: cannot open shared object file: No such file or directory, which could be a problem caused by not having the directory containing the executable and libnode.so whitelisted, except it is. At least with a previous version I could just cd to the directory that contains libnode.so and it would work, but it doesn't work anymore that way either. Additionally, even in this case, the application wouldn't always show up properly (meaning it freezes, not getting displayed as expected), it would just start giving me such errors:

[154:0109/161459.161525:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.161653:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.161807:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.161940:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162080:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.162209:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162347:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.162476:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162617:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.162765:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.
[154:0109/161459.162917:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name
[154:0109/161459.163052:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.

And on occasions, it would work as expected (???), but it's pretty rare.

Aaaaand steam-native is broken as well. It has been for a while.

Note: all the applications not working with firejail do work without it.

I don't know what changed, but it seems like firejail has been broken for a few months now. I tried downgrading to an older version, but it doesn't work either. Any pointers to a workaround or something? Mind you, firejail --noprofile foobar works, but yeah.

Distro: Arch Linux

firejail version 0.9.52

Compile time support:
        - AppArmor support is disabled
        - AppImage support is enabled
        - bind support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - git install support is disabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

firejail --quiet --private-dev --nodvd --notv ls -1 /dev:

dri
full
log
null
nvidia0
nvidiactl
nvidia-modeset
ptmx
pts
random
shm
snd
tty
urandom
video0
zero

Update:

This is very odd, commenting noroot in /etc/firejail/steam.profile (and wire.profile) solves all the issues, and the window is responsive and is displayed correctly. Huh?

Originally created by @SkewedZeppelin on GitHub (Jan 29, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1755 Below is a comment by @bmeh copied from [here](https://github.com/netblue30/firejail/issues/1740#issuecomment-361060829) ------- I would like to note that Electron apps (too) (Wire, for example, amongst many others) have not been working for me for a few months now. I am getting `error while loading shared libraries: libnode.so: cannot open shared object file: No such file or directory`, which could be a problem caused by not having the directory containing the executable and `libnode.so` whitelisted, except it is. At least with a previous version I could just `cd` to the directory that contains `libnode.so` and it would work, but it doesn't work anymore that way either. Additionally, even in this case, the application wouldn't always show up properly (meaning it freezes, not getting displayed as expected), it would just start giving me such errors: ``` [154:0109/161459.161525:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.161653:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.161807:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.161940:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162080:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.162209:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162347:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.162476:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162617:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.162765:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. [154:0109/161459.162917:ERROR:gles2_cmd_decoder.cc(17403)] [.DisplayCompositor-0x1b3cb0f68000]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name [154:0109/161459.163052:ERROR:gles2_cmd_decoder.cc(9636)] [.DisplayCompositor-0x1b3cb0f68000]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering. ``` And on occasions, it would work as expected (???), but it's pretty rare. Aaaaand `steam-native` is broken as well. It has been for a while. Note: all the applications not working with firejail do work without it. I don't know what changed, but it seems like firejail has been broken for a few months now. I tried downgrading to an older version, but it doesn't work either. Any pointers to a workaround or something? Mind you, `firejail --noprofile foobar` works, but yeah. Distro: Arch Linux ``` firejail version 0.9.52 Compile time support: - AppArmor support is disabled - AppImage support is enabled - bind support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - git install support is disabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` `firejail --quiet --private-dev --nodvd --notv ls -1 /dev`: ``` dri full log null nvidia0 nvidiactl nvidia-modeset ptmx pts random shm snd tty urandom video0 zero ``` Update: This is very odd, commenting `noroot` in `/etc/firejail/steam.profile` (and `wire.profile`) solves all the issues, and the window is responsive and is displayed correctly. Huh?
gitea-mirror commented 2026-05-05 07:37:46 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Jan 29, 2018):

@bmeh noroot is known to cause issues with the NVIDIA proprietary drivers. You can run the following command to disable it in all profiles.
sudo sh -c "echo 'ignore noroot' >> /etc/firejail/globals.local"

<!-- gh-comment-id:361113931 --> @SkewedZeppelin commented on GitHub (Jan 29, 2018): @bmeh `noroot` is known to cause issues with the NVIDIA proprietary drivers. You can run the following command to disable it in all profiles. `sudo sh -c "echo 'ignore noroot' >> /etc/firejail/globals.local"`
gitea-mirror commented 2026-05-05 07:37:47 -06:00
Author
Owner
Copy link

@chiraag-nataraj commented on GitHub (May 6, 2018):

fwiw, noroot also breaks Electron apps iirc, for reasons that aren't clear.
[edit] No, noroot doesn't break Electron apps!

<!-- gh-comment-id:386847408 --> @chiraag-nataraj commented on GitHub (May 6, 2018): fwiw, `noroot` also breaks Electron apps iirc, for reasons that aren't clear. [edit] No, `noroot` _doesn't_ break Electron apps!
gitea-mirror commented 2026-05-05 07:37:49 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (May 11, 2018):

@bmeh Can you confirm this is still an issue with Firejail 0.9.54?

<!-- gh-comment-id:388355530 --> @smitsohu commented on GitHub (May 11, 2018): @bmeh Can you confirm this is still an issue with Firejail 0.9.54?
gitea-mirror commented 2026-05-05 07:37:50 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (May 24, 2018):

@bmeh Should be fixed in latest Firejail, see also related #1748. Closing the issue, feel free to reopen if you encounter the problem again. Thanks for the report!

<!-- gh-comment-id:391800431 --> @smitsohu commented on GitHub (May 24, 2018): @bmeh Should be fixed in latest Firejail, see also related #1748. Closing the issue, feel free to reopen if you encounter the problem again. Thanks for the report!
gitea-mirror commented 2026-05-05 07:37:52 -06:00
Author
Owner
Copy link

@bmeh commented on GitHub (Sep 5, 2018):

@smitsohu Oh my mistake, I did not notice the mention. I am currently holding back version 0.9.54 for a reason I have forgotten, things work well with 0.9.52 without noroot. When I get the time, and it will be available in the official packages for Arch Linux, I will upgrade to 0.9.56 and open a new issue if I still have issues like I did with 0.9.54 which is - if I remember correctly - not related to noroot. It could have been fixed by now, so who knows. :)

<!-- gh-comment-id:418911452 --> @bmeh commented on GitHub (Sep 5, 2018): @smitsohu Oh my mistake, I did not notice the mention. I am currently holding back version 0.9.54 for a reason I have forgotten, things work well with 0.9.52 without `noroot`. When I get the time, and it will be available in the official packages for Arch Linux, I will upgrade to 0.9.56 and open a new issue if I still have issues like I did with 0.9.54 which is - if I remember correctly - not related to `noroot`. It could have been fixed by now, so who knows. :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1190
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?