github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2021] gdb does not work with --allow-debuggers and kernel >= 4.9 #1360

New issue

Closed

opened 2026-05-05 07:55:44 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 07:55:44 -06:00

Owner

Originally created by @opk12 on GitHub (Jul 1, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2021

gdb fails with "Bad system call" on

firejail 0.9.54-1 + linux 4.17.3-1-ARCH (arch linux 2018.07.01),
0.9.54-1~bpo9+1 + linux 4.9.0-6-amd64 (debian stretch).

Below is a log from debian stretch.

user@debian:~/Desktop$ firejail --allow-debuggers
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 14585, child pid 14586
Child process initialized in 65.09 ms
user@debian:~/Desktop$ gdb bash
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from bash...(no debugging symbols found)...done.
(gdb) run
Starting program: /bin/bash 
Bad system call
user@debian:~/Desktop$ exit

Parent is shutting down, bye...
user@debian:~/Desktop$ uname -ra
Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux
user@debian:~/Desktop$ firejail --version
firejail version 0.9.54

Compile time support:
	- AppArmor support is enabled
	- AppImage support is enabled
	- bind support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Originally created by @opk12 on GitHub (Jul 1, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2021 gdb fails with "Bad system call" on - firejail 0.9.54-1 + linux 4.17.3-1-ARCH (arch linux 2018.07.01), - 0.9.54-1~bpo9+1 + linux 4.9.0-6-amd64 (debian stretch). Below is a log from debian stretch. ``` user@debian:~/Desktop$ firejail --allow-debuggers Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 14585, child pid 14586 Child process initialized in 65.09 ms user@debian:~/Desktop$ gdb bash GNU gdb (Debian 7.12-6) 7.12.0.20161007-git Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from bash...(no debugging symbols found)...done. (gdb) run Starting program: /bin/bash Bad system call user@debian:~/Desktop$ exit Parent is shutting down, bye... user@debian:~/Desktop$ uname -ra Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux user@debian:~/Desktop$ firejail --version firejail version 0.9.54 Compile time support: - AppArmor support is enabled - AppImage support is enabled - bind support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ```

gitea-mirror closed this issue

2026-05-05 07:55:46 -06:00

gitea-mirror commented

2026-05-05 07:55:47 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 9, 2018):

The default profile blocks the personality syscall, which seems to prevent gdb from working (that's the syscall that kills gdb, anyway...). Let me experiment a bit.

@chiraag-nataraj commented on GitHub (Jul 9, 2018): The default profile blocks the `personality` syscall, which seems to prevent `gdb` from working (that's the syscall that kills `gdb`, anyway...). Let me experiment a bit.

gitea-mirror commented

2026-05-05 07:55:48 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 9, 2018):

Yup, unblocking the personality syscall will do the trick. Let me put in a fix to allow-debuggers.

@chiraag-nataraj commented on GitHub (Jul 9, 2018): Yup, unblocking the `personality` syscall will do the trick. Let me put in a fix to `allow-debuggers`.

gitea-mirror commented

2026-05-05 07:55:49 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Jul 9, 2018):

@opk12 Can you confirm the fix works on your end before I close this?

@chiraag-nataraj commented on GitHub (Jul 9, 2018): @opk12 Can you confirm the fix works on your end before I close this?

gitea-mirror commented

2026-05-05 07:55:49 -06:00

Author

Owner

@opk12 commented on GitHub (Jul 11, 2018):

@chiraag-nataraj It works on debian and arch linux, thanks

@opk12 commented on GitHub (Jul 11, 2018): @chiraag-nataraj It works on debian and arch linux, thanks

gitea-mirror referenced this issue

2026-05-05 10:10:29 -06:00

[PR #1360] [MERGED] Allow env for youtube-dl in mpv profile #3926

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1360

No description provided.

Rows
Columns