github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #2302] Qutebrowser 1.5.2 (latest) not working with seccomp.drop name_to_handle_at #1535

New issue
Closed
opened 2026-05-05 08:11:56 -06:00 by gitea-mirror · 17 comments
gitea-mirror commented 2026-05-05 08:11:56 -06:00
Owner
Copy link

Originally created by @D-Nice on GitHub (Dec 18, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2302

After having updated all packages on my distro (void linux), I noticed qutebrowser would start, seemingly hang for 10 seconds, and then close.

Removing name_to_handle_at from the default profile, under seccomp.drop got qutebrowser working for me again without issues. Please let me know if there's any further information needed, to properly diagnose this issue.

Versions:

firejail version 0.9.56

qutebrowser v1.5.2
Git commit: 
Backend: QtWebEngine (Chromium 65.0.3325.230)

CPython: 3.6.7
Qt: 5.11.3 (compiled 5.11.2)
PyQt: 5.11.3

sip: 4.19.13
colorama: no
pypeg2: 2.15
jinja2: 2.10
pygments: 2.2.0
yaml: 3.13
cssutils: no
attr: 18.2.0
PyQt5.QtWebEngineWidgets: yes
PyQt5.QtWebKitWidgets: no
pdf.js: no
sqlite: 3.26.0
QtNetwork SSL: LibreSSL 2.8.3

Style: QFusionStyle
Platform: Linux-4.19.10_1-x86_64-with-glibc2.3.4, 64bit
Linux distribution: void (void)
Frozen: False
Imported from /usr/lib/python3.6/site-packages/qutebrowser
Using Python from /usr/bin/python3
Qt library executable path: /usr/lib/qt5/libexec, data path: /usr/share/qt5

Paths:
cache: /home/user/.cache/qutebrowser
config: /home/user/.config/qutebrowser
data: /home/user/.local/share/qutebrowser
runtime: /tmp/runtime-user/qutebrowser
system data: /usr/share/qutebrowser
Originally created by @D-Nice on GitHub (Dec 18, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2302 After having updated all packages on my distro (void linux), I noticed qutebrowser would start, seemingly hang for 10 seconds, and then close. Removing name_to_handle_at from the default profile, under seccomp.drop got qutebrowser working for me again without issues. Please let me know if there's any further information needed, to properly diagnose this issue. Versions: ``` firejail version 0.9.56 ``` ``` qutebrowser v1.5.2 Git commit: Backend: QtWebEngine (Chromium 65.0.3325.230) CPython: 3.6.7 Qt: 5.11.3 (compiled 5.11.2) PyQt: 5.11.3 sip: 4.19.13 colorama: no pypeg2: 2.15 jinja2: 2.10 pygments: 2.2.0 yaml: 3.13 cssutils: no attr: 18.2.0 PyQt5.QtWebEngineWidgets: yes PyQt5.QtWebKitWidgets: no pdf.js: no sqlite: 3.26.0 QtNetwork SSL: LibreSSL 2.8.3 Style: QFusionStyle Platform: Linux-4.19.10_1-x86_64-with-glibc2.3.4, 64bit Linux distribution: void (void) Frozen: False Imported from /usr/lib/python3.6/site-packages/qutebrowser Using Python from /usr/bin/python3 Qt library executable path: /usr/lib/qt5/libexec, data path: /usr/share/qt5 Paths: cache: /home/user/.cache/qutebrowser config: /home/user/.config/qutebrowser data: /home/user/.local/share/qutebrowser runtime: /tmp/runtime-user/qutebrowser system data: /usr/share/qutebrowser ```
gitea-mirror commented 2026-05-05 08:11:59 -06:00
Author
Owner
Copy link

@D-Nice commented on GitHub (Dec 18, 2018):

a quick addendum also is that init_module and delete_module were identified as missing and bad by the firejail audit, and I've added those in, without any noticeable issues so far.

<!-- gh-comment-id:448352142 --> @D-Nice commented on GitHub (Dec 18, 2018): a quick addendum also is that init_module and delete_module were identified as missing and bad by the firejail audit, and I've added those in, without any noticeable issues so far.
gitea-mirror commented 2026-05-05 08:12:00 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 26, 2019):

@D-Nice to confirm:
works:

seccomp.drop @clock,@raw-io,@reboot,@swap,acct,bpf,chroot,mount,nfsservctl,pivot_root,setdomainname,sethostname,umount2,vhangup,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice

didn't work:
seccomp

<!-- gh-comment-id:505802311 --> @rusty-snake commented on GitHub (Jun 26, 2019): @D-Nice to confirm: works: ``` seccomp.drop @clock,@raw-io,@reboot,@swap,acct,bpf,chroot,mount,nfsservctl,pivot_root,setdomainname,sethostname,umount2,vhangup,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice ``` didn't work: `seccomp`
gitea-mirror commented 2026-05-05 08:12:01 -06:00
Author
Owner
Copy link

@D-Nice commented on GitHub (Jun 26, 2019):

qutebrowser won't start with either of those.

With the seccomp filter for the most recent default profile I have, qutebrowser starts, but no page ever loads.

seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice

profile I've been using

# Firejail profile for qutebrowser
# Description: Keyboard-driven, vim-like browser based on PyQt5
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/qutebrowser.local
# Persistent global definitions
include /etc/firejail/globals.local

noblacklist ${HOME}/.cache/qutebrowser
noblacklist ${HOME}/.config/qutebrowser
noblacklist ${HOME}/.local/share/qutebrowser

# Allow python (blacklisted by disable-interpreters.inc)
noblacklist ${PATH}/python2*
noblacklist ${PATH}/python3*
noblacklist /usr/lib/python2*
noblacklist /usr/lib/python3*

# with >=llvm-4 mesa drivers need llvm stuff
noblacklist /usr/lib/llvm*

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-programs.inc

mkdir ${HOME}/.cache/qutebrowser
mkdir ${HOME}/.config/qutebrowser
mkdir ${HOME}/.local/share/qutebrowser
whitelist ${DOWNLOADS}
whitelist ${HOME}/.cache/qutebrowser
whitelist ${HOME}/.config/qutebrowser
whitelist ${HOME}/.local/share/qutebrowser
include /etc/firejail/whitelist-common.inc

caps.drop all
netfilter
nodvd
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
<!-- gh-comment-id:505913943 --> @D-Nice commented on GitHub (Jun 26, 2019): qutebrowser won't start with either of those. With the seccomp filter for the most recent default profile I have, qutebrowser starts, but no page ever loads. ```seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice``` profile I've been using ``` # Firejail profile for qutebrowser # Description: Keyboard-driven, vim-like browser based on PyQt5 # This file is overwritten after every install/update # Persistent local customizations include /etc/firejail/qutebrowser.local # Persistent global definitions include /etc/firejail/globals.local noblacklist ${HOME}/.cache/qutebrowser noblacklist ${HOME}/.config/qutebrowser noblacklist ${HOME}/.local/share/qutebrowser # Allow python (blacklisted by disable-interpreters.inc) noblacklist ${PATH}/python2* noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* # with >=llvm-4 mesa drivers need llvm stuff noblacklist /usr/lib/llvm* include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-interpreters.inc include /etc/firejail/disable-programs.inc mkdir ${HOME}/.cache/qutebrowser mkdir ${HOME}/.config/qutebrowser mkdir ${HOME}/.local/share/qutebrowser whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/qutebrowser whitelist ${HOME}/.config/qutebrowser whitelist ${HOME}/.local/share/qutebrowser include /etc/firejail/whitelist-common.inc caps.drop all netfilter nodvd nonewprivs noroot notv protocol unix,inet,inet6,netlink ```
gitea-mirror commented 2026-05-05 08:12:02 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 26, 2019):

Work the following? (rm chroot)

seccomp.drop @clock,@raw-io,@reboot,@swap,acct,bpf,mount,nfsservctl,pivot_root,setdomainname,sethostname,umount2,vhangup,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice

Only name_to_handle_at, chroot, init_module and delete_module are loggen in syslog?

<!-- gh-comment-id:505916159 --> @rusty-snake commented on GitHub (Jun 26, 2019): Work the following? (rm chroot) ``` seccomp.drop @clock,@raw-io,@reboot,@swap,acct,bpf,mount,nfsservctl,pivot_root,setdomainname,sethostname,umount2,vhangup,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice ``` Only `name_to_handle_at`, `chroot`, `init_module` and `delete_module` are loggen in syslog?
gitea-mirror commented 2026-05-05 08:12:03 -06:00
Author
Owner
Copy link

@D-Nice commented on GitHub (Jun 28, 2019):

Latest doesn't work.

I don't have a syslogger on my void install.

<!-- gh-comment-id:506804609 --> @D-Nice commented on GitHub (Jun 28, 2019): Latest doesn't work. I don't have a syslogger on my void install.
gitea-mirror commented 2026-05-05 08:12:04 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 29, 2019):

were identified as missing and bad by the firejail audit

How do you did that then?

<!-- gh-comment-id:506957942 --> @rusty-snake commented on GitHub (Jun 29, 2019): > were identified as missing and bad by the firejail audit How do you did that then?
gitea-mirror commented 2026-05-05 08:12:04 -06:00
Author
Owner
Copy link

@f4814 commented on GitHub (Jul 3, 2019):

My qutebrowser (1.6.2) also does not work with seccomp and tracelog enabled.

(None of the fixes @rusty-snake can fix the default profile, only completely disabling this options works)

When I run qutebrowser with -l debug it spits out:

libEGL warning: DRI2: failed to open radeonsi (search paths /usr/lib64/dri)
libEGL warning: DRI2: failed to open swrast (search paths /usr/lib64/dri)
libEGL warning: DRI2: failed to open swrast (search paths /usr/lib64/dri)
[... Those are mostly sql querys I cut. But I'm happy to upload the full log, if it can help ...]
15:17:46 DEBUG    qt         Unknown module:none:0 Error creating openGL context

@D-Nice are you getting similar errors, or are we talking about a different issue entirely?

(OS: Gentoo, Firejail version: 0.9.50, qutebrowser: 1.6.3)

<!-- gh-comment-id:508093139 --> @f4814 commented on GitHub (Jul 3, 2019): My qutebrowser (1.6.2) also does not work with `seccomp` and `tracelog` enabled. (None of the fixes @rusty-snake can fix the default profile, only completely disabling this options works) When I run qutebrowser with `-l debug` it spits out: ``` libEGL warning: DRI2: failed to open radeonsi (search paths /usr/lib64/dri) libEGL warning: DRI2: failed to open swrast (search paths /usr/lib64/dri) libEGL warning: DRI2: failed to open swrast (search paths /usr/lib64/dri) [... Those are mostly sql querys I cut. But I'm happy to upload the full log, if it can help ...] 15:17:46 DEBUG qt Unknown module:none:0 Error creating openGL context ``` @D-Nice are you getting similar errors, or are we talking about a different issue entirely? (OS: Gentoo, Firejail version: 0.9.50, qutebrowser: 1.6.3)
gitea-mirror commented 2026-05-05 08:12:04 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 3, 2019):

@f4814 if you have systemd, is there anything relatet in the journal (sudo journalctl | grep syscall). Or if you have another syslog then there?

Firejail version: 0.9.50

If this isn't typo then this version is realy outdated.

<!-- gh-comment-id:508095957 --> @rusty-snake commented on GitHub (Jul 3, 2019): @f4814 if you have systemd, is there anything relatet in the journal (`sudo journalctl | grep syscall`). Or if you have another syslog then there? > Firejail version: 0.9.50 If this isn't typo then this version is realy outdated.
gitea-mirror commented 2026-05-05 08:12:05 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 3, 2019):

#2669 works env=QTWEBENGINE_DISABLE_SANDBOX=1?

<!-- gh-comment-id:508097207 --> @rusty-snake commented on GitHub (Jul 3, 2019): #2669 works `env=QTWEBENGINE_DISABLE_SANDBOX=1`?
gitea-mirror commented 2026-05-05 08:12:05 -06:00
Author
Owner
Copy link

@f4814 commented on GitHub (Jul 4, 2019):

@rusty-snake It is the current stable version in the gentoo repository. But yes it is very outdated.

I switched to the current testing version and everything works like a charm now. Sorry to bother you.

<!-- gh-comment-id:508531966 --> @f4814 commented on GitHub (Jul 4, 2019): @rusty-snake It is the current stable version in the gentoo repository. But yes it is very outdated. I switched to the current testing version and everything works like a charm now. Sorry to bother you.
gitea-mirror commented 2026-05-05 08:12:05 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 4, 2019):

There was two fixes on the profiel in the last year: #2087, ca3964fe.

@D-Nice can you confirm that it works with the lastet version.

<!-- gh-comment-id:508534312 --> @rusty-snake commented on GitHub (Jul 4, 2019): There was two fixes on the profiel in the last year: #2087, ca3964fe. @D-Nice can you confirm that it works with the lastet version.
gitea-mirror commented 2026-05-05 08:12:06 -06:00
Author
Owner
Copy link

@D-Nice commented on GitHub (Jul 5, 2019):

I'll see to give it a try when I can and report back

<!-- gh-comment-id:508826658 --> @D-Nice commented on GitHub (Jul 5, 2019): I'll see to give it a try when I can and report back
gitea-mirror commented 2026-05-05 08:12:06 -06:00
Author
Owner
Copy link

@D-Nice commented on GitHub (Jul 5, 2019):

were identified as missing and bad by the firejail audit

How do you did that then?

At that point it worked with a partially edited seccomp filter. An update since has rendered the seccomp filter unusable for me.

I'm already using the latest, 0.9.60 firejail. I've also tried adding the env variable to the default profile, pages still fail to load.

I am getting an eventual crash with the following locked right after it:

[8:25:0705/144902.519010:ERROR:zygote_host_impl_linux.cc(271)] Failed to adjust OOM score of renderer with pid 236: Permission denied (13)
14:49:14 INFO: SIGINT/SIGTERM received, shutting down!
14:49:14 INFO: Do the same again to forcefully quit.
[8:25:0705/144914.535913:ERROR:zygote_host_impl_linux.cc(271)] Failed to adjust OOM score of renderer with pid 243: Permission denied (13)
[40:40:0100/000000.136021:ERROR:broker_posix.cc(43)] Invalid node channel message
[68:68:0100/000000.135456:ERROR:broker_posix.cc(43)] Invalid node channel message
[54:54:0100/000000.135772:ERROR:broker_posix.cc(43)] Invalid node channel message
[75:75:0100/000000.135575:ERROR:broker_posix.cc(43)] Invalid node channel message
[47:47:0100/000000.135769:ERROR:broker_posix.cc(43)] Invalid node channel message
[61:61:0100/000000.135738:ERROR:broker_posix.cc(43)] Invalid node channel message
[82:82:0100/000000.135375:ERROR:broker_posix.cc(43)] Invalid node channel message
[131:131:0100/000000.135424:ERROR:broker_posix.cc(43)] Invalid node channel message

The zygote errors I get even with seccomp disabled so that should not be the culprit.

Debug log of qutebrowser when trying to load a page with default profile

14:21:50 DEBUG    commands   command:run:534 command called: open ['-t', 'google.ca']
14:21:50 DEBUG    commands   command:run:549 Calling qutebrowser.browser.commands.CommandDispatcher.openurl(<qutebrowser.browser.commands.CommandDispatcher>, 'google.ca', False, False, True, False, None, False, False)
14:21:50 DEBUG    url        urlutils:get_path_if_valid:381 Checking if 'google.ca' is a path
14:21:50 DEBUG    url        urlutils:is_url:266 Checking if 'google.ca' is a URL (autosearch=naive).
14:21:50 DEBUG    url        urlutils:is_url:303 Checking via naive check
14:21:50 DEBUG    url        urlutils:is_url:307 url = True
14:21:50 DEBUG    url        urlutils:fuzzy_url:214 URL is a fuzzy address
14:21:50 DEBUG    url        urlutils:fuzzy_url:217 Converting fuzzy term 'google.ca' to URL -> http://google.ca
14:21:50 DEBUG    webview    tabbedbrowser:tabopen:464 Creating new tab with URL PyQt5.QtCore.QUrl('http://google.ca'), background False, related False, idx None
14:21:50 DEBUG    webview    tabbedbrowser:_get_new_tab_idx:556 tabs.new_position last -> opening new tab at -1, next left: 5 / right: 6
14:21:50 DEBUG    webview    browsertab:_on_before_load_started:955 Going to start loading: http://google.ca
14:21:50 DEBUG    webview    tabbedbrowser:on_title_changed:623 Changing title for idx 27 to 'http://google.ca'
14:21:50 DEBUG    webview    browsertab:_on_before_load_started:955 Going to start loading: http://google.ca
14:21:50 DEBUG    webview    tabbedbrowser:on_title_changed:623 Changing title for idx 27 to 'http://google.ca'
14:21:50 DEBUG    mouse      mouse:eventFilter:55 <qutebrowser.browser.webengine.webview.WebEngineView object at 0x7f591422dee8> got new child <PyQt5.QtWidgets.QWidget object at 0x7f59141755e8>, installing filter
14:21:50 DEBUG    webview    tabbedbrowser:on_title_changed:623 Changing title for idx 27 to 'http://google.ca/'
14:21:50 DEBUG    signals    signalfilter:_filter_signals:91 ignoring: cur_url_changed(PyQt5.QtCore.QUrl('http://google.ca/')) (tab 27)
[8:29:0705/142150.875107:ERROR:zygote_host_impl_linux.cc(271)] Failed to adjust OOM score of renderer with pid 231: Permission denied (13)
14:21:50 DEBUG    misc       app:on_focus_object_changed:836 Focus object changed: <PyQt5.QtWidgets.QWidget object at 0x7f59141755e8>
14:21:50 DEBUG    modes      tabbedbrowser:on_current_changed:701 Current tab changed, focusing <qutebrowser.browser.webengine.webenginetab.WebEngineTab tab_id=27 url='http://google.ca/'>
14:21:50 DEBUG    modes      tabbedbrowser:on_current_changed:709 Mode before tab change: normal (mode_on_change = normal)
14:21:50 DEBUG    modes      modeman:leave:307 Ignoring leave request for KeyMode.hint (reason tab changed) as we're in mode KeyMode.normal
14:21:50 DEBUG    modes      modeman:leave:307 Ignoring leave request for KeyMode.caret (reason tab changed) as we're in mode KeyMode.normal
14:21:50 DEBUG    modes      modeman:leave:307 Ignoring leave request for KeyMode.insert (reason tab changed) as we're in mode KeyMode.normal
14:21:50 DEBUG    modes      modeman:leave:307 Ignoring leave request for KeyMode.passthrough (reason tab changed) as we're in mode KeyMode.normal
14:21:50 DEBUG    modes      tabbedbrowser:on_current_changed:721 Mode after tab change: normal (mode_on_change = normal)
14:21:50 DEBUG    modes      modeman:_handle_keypress:199 match: 2, forward_unbound_keys: auto, passthrough: True, is_non_alnum: True, dry_run: False --> filter: True (focused: <PyQt5.QtWidgets.QWidget object at 0x7f59141755e8>)
14:21:50 DEBUG    modes      modeman:_handle_keyrelease:219 filter: True
14:21:51 DEBUG    webview    browsertab:_set_load_status:921 load status for <qutebrowser.browser.webengine.webenginetab.WebEngineTab tab_id=27 url='http://google.ca/'>: LoadStatus.loading
14:21:51 DEBUG    signals    signalfilter:_filter_signals:86 emitting: cur_load_status_changed(<LoadStatus.loading: 6>) (tab 27)
14:21:51 DEBUG    signals    signalfilter:_filter_signals:86 emitting: cur_load_started() (tab 27)
14:21:51 DEBUG    modes      modeman:leave:307 Ignoring leave request for KeyMode.insert (reason load started) as we're in mode KeyMode.normal
14:21:51 DEBUG    modes      modeman:leave:307 Ignoring leave request for KeyMode.hint (reason load started) as we're in mode KeyMode.normal
14:21:53 DEBUG    destroy    lineparser:_after_save:80 Saved to /home/user/.local/share/qutebrowser/cmd-history
14:22:07 DEBUG    misc       app:on_focus_object_changed:836 Focus object changed: None
<!-- gh-comment-id:508839680 --> @D-Nice commented on GitHub (Jul 5, 2019): > > were identified as missing and bad by the firejail audit > > How do you did that then? At that point it worked with a partially edited seccomp filter. An update since has rendered the seccomp filter unusable for me. I'm already using the latest, 0.9.60 firejail. I've also tried adding the env variable to the default profile, pages still fail to load. I am getting an eventual crash with the following locked right after it: ``` [8:25:0705/144902.519010:ERROR:zygote_host_impl_linux.cc(271)] Failed to adjust OOM score of renderer with pid 236: Permission denied (13) 14:49:14 INFO: SIGINT/SIGTERM received, shutting down! 14:49:14 INFO: Do the same again to forcefully quit. [8:25:0705/144914.535913:ERROR:zygote_host_impl_linux.cc(271)] Failed to adjust OOM score of renderer with pid 243: Permission denied (13) [40:40:0100/000000.136021:ERROR:broker_posix.cc(43)] Invalid node channel message [68:68:0100/000000.135456:ERROR:broker_posix.cc(43)] Invalid node channel message [54:54:0100/000000.135772:ERROR:broker_posix.cc(43)] Invalid node channel message [75:75:0100/000000.135575:ERROR:broker_posix.cc(43)] Invalid node channel message [47:47:0100/000000.135769:ERROR:broker_posix.cc(43)] Invalid node channel message [61:61:0100/000000.135738:ERROR:broker_posix.cc(43)] Invalid node channel message [82:82:0100/000000.135375:ERROR:broker_posix.cc(43)] Invalid node channel message [131:131:0100/000000.135424:ERROR:broker_posix.cc(43)] Invalid node channel message ``` The zygote errors I get even with seccomp disabled so that should not be the culprit. Debug log of qutebrowser when trying to load a page with default profile ``` 14:21:50 DEBUG commands command:run:534 command called: open ['-t', 'google.ca'] 14:21:50 DEBUG commands command:run:549 Calling qutebrowser.browser.commands.CommandDispatcher.openurl(<qutebrowser.browser.commands.CommandDispatcher>, 'google.ca', False, False, True, False, None, False, False) 14:21:50 DEBUG url urlutils:get_path_if_valid:381 Checking if 'google.ca' is a path 14:21:50 DEBUG url urlutils:is_url:266 Checking if 'google.ca' is a URL (autosearch=naive). 14:21:50 DEBUG url urlutils:is_url:303 Checking via naive check 14:21:50 DEBUG url urlutils:is_url:307 url = True 14:21:50 DEBUG url urlutils:fuzzy_url:214 URL is a fuzzy address 14:21:50 DEBUG url urlutils:fuzzy_url:217 Converting fuzzy term 'google.ca' to URL -> http://google.ca 14:21:50 DEBUG webview tabbedbrowser:tabopen:464 Creating new tab with URL PyQt5.QtCore.QUrl('http://google.ca'), background False, related False, idx None 14:21:50 DEBUG webview tabbedbrowser:_get_new_tab_idx:556 tabs.new_position last -> opening new tab at -1, next left: 5 / right: 6 14:21:50 DEBUG webview browsertab:_on_before_load_started:955 Going to start loading: http://google.ca 14:21:50 DEBUG webview tabbedbrowser:on_title_changed:623 Changing title for idx 27 to 'http://google.ca' 14:21:50 DEBUG webview browsertab:_on_before_load_started:955 Going to start loading: http://google.ca 14:21:50 DEBUG webview tabbedbrowser:on_title_changed:623 Changing title for idx 27 to 'http://google.ca' 14:21:50 DEBUG mouse mouse:eventFilter:55 <qutebrowser.browser.webengine.webview.WebEngineView object at 0x7f591422dee8> got new child <PyQt5.QtWidgets.QWidget object at 0x7f59141755e8>, installing filter 14:21:50 DEBUG webview tabbedbrowser:on_title_changed:623 Changing title for idx 27 to 'http://google.ca/' 14:21:50 DEBUG signals signalfilter:_filter_signals:91 ignoring: cur_url_changed(PyQt5.QtCore.QUrl('http://google.ca/')) (tab 27) [8:29:0705/142150.875107:ERROR:zygote_host_impl_linux.cc(271)] Failed to adjust OOM score of renderer with pid 231: Permission denied (13) 14:21:50 DEBUG misc app:on_focus_object_changed:836 Focus object changed: <PyQt5.QtWidgets.QWidget object at 0x7f59141755e8> 14:21:50 DEBUG modes tabbedbrowser:on_current_changed:701 Current tab changed, focusing <qutebrowser.browser.webengine.webenginetab.WebEngineTab tab_id=27 url='http://google.ca/'> 14:21:50 DEBUG modes tabbedbrowser:on_current_changed:709 Mode before tab change: normal (mode_on_change = normal) 14:21:50 DEBUG modes modeman:leave:307 Ignoring leave request for KeyMode.hint (reason tab changed) as we're in mode KeyMode.normal 14:21:50 DEBUG modes modeman:leave:307 Ignoring leave request for KeyMode.caret (reason tab changed) as we're in mode KeyMode.normal 14:21:50 DEBUG modes modeman:leave:307 Ignoring leave request for KeyMode.insert (reason tab changed) as we're in mode KeyMode.normal 14:21:50 DEBUG modes modeman:leave:307 Ignoring leave request for KeyMode.passthrough (reason tab changed) as we're in mode KeyMode.normal 14:21:50 DEBUG modes tabbedbrowser:on_current_changed:721 Mode after tab change: normal (mode_on_change = normal) 14:21:50 DEBUG modes modeman:_handle_keypress:199 match: 2, forward_unbound_keys: auto, passthrough: True, is_non_alnum: True, dry_run: False --> filter: True (focused: <PyQt5.QtWidgets.QWidget object at 0x7f59141755e8>) 14:21:50 DEBUG modes modeman:_handle_keyrelease:219 filter: True 14:21:51 DEBUG webview browsertab:_set_load_status:921 load status for <qutebrowser.browser.webengine.webenginetab.WebEngineTab tab_id=27 url='http://google.ca/'>: LoadStatus.loading 14:21:51 DEBUG signals signalfilter:_filter_signals:86 emitting: cur_load_status_changed(<LoadStatus.loading: 6>) (tab 27) 14:21:51 DEBUG signals signalfilter:_filter_signals:86 emitting: cur_load_started() (tab 27) 14:21:51 DEBUG modes modeman:leave:307 Ignoring leave request for KeyMode.insert (reason load started) as we're in mode KeyMode.normal 14:21:51 DEBUG modes modeman:leave:307 Ignoring leave request for KeyMode.hint (reason load started) as we're in mode KeyMode.normal 14:21:53 DEBUG destroy lineparser:_after_save:80 Saved to /home/user/.local/share/qutebrowser/cmd-history 14:22:07 DEBUG misc app:on_focus_object_changed:836 Focus object changed: None ```
gitea-mirror commented 2026-05-05 08:12:06 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 6, 2019):

@D-Nice for me it also works. Using firejail from git. Don't know which version @f4814 mean with "current testing".

I've also tried adding the env variable to the default profile, pages still fail to load.

--env=VAR=VALUE on the commandline
env VAR=VALUE in profiles
I posted a mixup.

Maybe it is a void specific issue.

<!-- gh-comment-id:508907311 --> @rusty-snake commented on GitHub (Jul 6, 2019): @D-Nice for me it also works. Using firejail from git. Don't know which version @f4814 mean with "current testing". > I've also tried adding the env variable to the default profile, pages still fail to load. `--env=VAR=VALUE` on the commandline `env VAR=VALUE` in profiles I posted a mixup. Maybe it is a void specific issue.
gitea-mirror commented 2026-05-05 08:12:07 -06:00
Author
Owner
Copy link

@D-Nice commented on GitHub (Jul 9, 2019):

it may very well be, or to do with my own qutebrowser config if it works for you. I will try and find some time in the coming weeks, to try on a different distro (clean config then my qt config) and a clean void install just to report back. I'll close this for now.

<!-- gh-comment-id:509683762 --> @D-Nice commented on GitHub (Jul 9, 2019): it may very well be, or to do with my own qutebrowser config if it works for you. I will try and find some time in the coming weeks, to try on a different distro (clean config then my qt config) and a clean void install just to report back. I'll close this for now.
gitea-mirror commented 2026-05-05 08:12:07 -06:00
Author
Owner
Copy link

@q3cpma commented on GitHub (Jan 3, 2020):

Same problem here on Gentoo with firejail 0.9.62 and qutebrowser 1.8.3, I had to whitelist the name_to_handle_at syscall to solve it.

<!-- gh-comment-id:570514775 --> @q3cpma commented on GitHub (Jan 3, 2020): Same problem here on Gentoo with firejail 0.9.62 and qutebrowser 1.8.3, I had to whitelist the `name_to_handle_at` syscall to solve it.
gitea-mirror commented 2026-05-05 08:12:08 -06:00
Author
Owner
Copy link

@D-Nice commented on GitHub (Jan 24, 2020):

Thanks for the includion via d626fa96e8

Latest release is still missing it though, so I had to manually add it after the recent update. A hotfix release would be useful when possible!

<!-- gh-comment-id:577944570 --> @D-Nice commented on GitHub (Jan 24, 2020): Thanks for the includion via https://github.com/netblue30/firejail/commit/d626fa96e8d3891039b97ff4f344ed8868041b51 Latest release is still missing it though, so I had to manually add it after the recent update. A hotfix release would be useful when possible!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1535
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?