github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #2316] The arguments --tracelog and --trace stay hanging if I use them with discord #1545

New issue
Closed
opened 2026-05-05 08:12:22 -06:00 by gitea-mirror · 9 comments
gitea-mirror commented 2026-05-05 08:12:22 -06:00
Owner
Copy link

Originally created by @kadogo on GitHub (Dec 25, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2316

Hello,

Distribution: Debian Stretch
Firejail version: compiled from GIT with --enable-apparmor

I just compiled firejail from the git but I had the same issue with backports on stretch

It look like --trace and --tracelog stay hanging in some case

$ .local/bin/firejail --debug --tracelog discord
Autoselecting /bin/bash as shell
Building quoted command line: 'discord' 
Command name #discord#
Found discord.profile profile in /home/user/.local/etc/firejail directory
Found discord-common.profile profile in /home/user/.local/etc/firejail directory
Found disable-common.inc profile in /home/user/.local/etc/firejail directory
Found disable-devel.inc profile in /home/user/.local/etc/firejail directory
Found disable-passwdmgr.inc profile in /home/user/.local/etc/firejail directory
Found disable-programs.inc profile in /home/user/.local/etc/firejail directory
Using the local network stack
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp.postexec file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp.protocol (null) 
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Mounting tmpfs on /var/cache/apache2
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Copying files in the new /etc directory:
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) 
copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc (null) 
copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc (null) 
copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) 
copying /etc/ca-certificates to private /etc
Creating empty /run/firejail/mnt/etc/ca-certificates directory
sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) 
copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) 
copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) 
Mount-bind /run/firejail/mnt/etc on top of /etc
Creating an empty /etc/ld.so.preload file
Copying files in the new /opt directory:
Mount-bind /run/firejail/mnt/opt on top of /opt
Copying files in the new bin directory
Checking /usr/local/bin/discord
Checking /usr/bin/discord
file /usr/share/discord/Discord not found
sbox run: /run/firejail/lib/fcopy /usr/bin/discord /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/xdg-mime
Checking /usr/bin/xdg-mime
sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-mime /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tr
Checking /usr/bin/tr
sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
Checking /bin/sed
sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/echo
Checking /usr/bin/echo
Checking /bin/echo
sbox run: /run/firejail/lib/fcopy /bin/echo /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/head
Checking /usr/bin/head
sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/cut
Checking /usr/bin/cut
sbox run: /run/firejail/lib/fcopy /usr/bin/cut /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/xdg-open
Checking /usr/bin/xdg-open
sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-open /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/grep
Checking /usr/bin/grep
Checking /bin/grep
sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/egrep
Checking /usr/bin/egrep
Checking /bin/egrep
sbox run: /run/firejail/lib/fcopy /bin/egrep /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/zsh
Checking /usr/bin/zsh
Checking /bin/zsh
Checking /usr/games/zsh
Checking /usr/local/games/zsh
Checking /usr/local/sbin/zsh
Checking /usr/sbin/zsh
Checking /sbin/zsh
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Replaced whitelist path: whitelist /home/user/.config/discord
Directory ${DOWNLOADS} resolved as Téléchargements
Replaced whitelist path: whitelist /home/user/Téléchargements
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Mounting tmpfs on /tmp directory
Whitelisting /home/user/.config/discord
714 710 254:3 /user/.config/discord /home/user/.config/discord rw,relatime master:71 - ext4 /dev/mapper/endworld--vg-home rw,data=ordered
mountid=714 fsname=/user/.config/discord dir=/home/user/.config/discord fstype=ext4
Whitelisting /home/user/Téléchargements
715 710 254:3 /user/Téléchargements /home/user/Téléchargements rw,relatime master:71 - ext4 /dev/mapper/endworld--vg-home rw,data=ordered
mountid=715 fsname=/user/Téléchargements dir=/home/user/Téléchargements fstype=ext4
Whitelisting /tmp/.X11-unix
716 713 254:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/endworld--vg-root rw,errors=remount-ro,data=ordered
mountid=716 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Whitelisting /tmp/pulse-PKdhtXMmr18n
717 713 254:1 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:1 - ext4 /dev/mapper/endworld--vg-root rw,errors=remount-ro,data=ordered
mountid=717 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4
Mounting read-only /home/user/.Xauthority
Disable /var/lib/systemd
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/lib/dkms
Disable /var/lib/upower
Disable /var/mail
Disable /var/opt
Disable /run/docker.sock (requested /var/run/docker.sock)
Disable /run/minissdpd.sock (requested /var/run/minissdpd.sock)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Disable /var/spool/anacron
Disable /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/lib/virtualbox
Disable /usr/share/flatpak
Disable /var/lib/flatpak
Disable /usr/include
Disable /usr/share/java
Disable /usr/lib/valgrind
Not blacklist /home/user/.config/discord
Mounting noexec /home/user/.config/discord
Mounting noexec /home/user/Téléchargements
Mounting noexec /tmp
Mounting noexec /tmp/.X11-unix
Mounting noexec /tmp/pulse-PKdhtXMmr18n
Disable /sys/fs
Disable /sys/module
/etc/pulse/client.conf not found
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/hidraw0
blacklist /dev/hidraw1
blacklist /dev/hidraw2
blacklist /dev/hidraw3
blacklist /dev/hidraw4
blacklist /dev/hidraw5
blacklist /dev/hidraw6
blacklist /dev/hidraw7
blacklist /dev/hidraw8
blacklist /dev/hidraw9
blacklist /dev/usb
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/video4
blacklist /dev/video5
blacklist /dev/video6
blacklist /dev/video7
blacklist /dev/video8
blacklist /dev/video9
Create the new ld.so.preload file
Mount the new ld.so.preload file
Current directory: /home/user
Dropping all capabilities
Install protocol filter: unix,inet,inet6,netlink
configuring 16 seccomp entries in /run/firejail/mnt/seccomp.protocol
configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32
Dual 32/64 bit seccomp filter configured
configuring 74 seccomp entries in /run/firejail/mnt/seccomp
seccomp filter configured
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
]0;firejail discord starting application
LD_PRELOAD=(null)
Running 'discord'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'discord' 
Mount the new ld.so.preload file
Current directory: /home/user
Dropping all capabilities
Install protocol filter: unix,inet,inet6,netlink
configuring 16 seccomp entries in /run/firejail/mnt/seccomp.protocol
configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32
Dual 32/64 bit seccomp filter configured
configuring 74 seccomp entries in /run/firejail/mnt/seccomp
seccomp filter configured
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
monitoring pid 25

If you need more informations let me know.
Cheers.

Originally created by @kadogo on GitHub (Dec 25, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2316 Hello, Distribution: Debian Stretch Firejail version: compiled from GIT with --enable-apparmor I just compiled firejail from the git but I had the same issue with backports on stretch It look like --trace and --tracelog stay hanging in some case ``` $ .local/bin/firejail --debug --tracelog discord Autoselecting /bin/bash as shell Building quoted command line: 'discord' Command name #discord# Found discord.profile profile in /home/user/.local/etc/firejail directory Found discord-common.profile profile in /home/user/.local/etc/firejail directory Found disable-common.inc profile in /home/user/.local/etc/firejail directory Found disable-devel.inc profile in /home/user/.local/etc/firejail directory Found disable-passwdmgr.inc profile in /home/user/.local/etc/firejail directory Found disable-programs.inc profile in /home/user/.local/etc/firejail directory Using the local network stack Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp.postexec file Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp.protocol (null) Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Mounting tmpfs on /var/cache/apache2 Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/user/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new /etc directory: copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc (null) copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc (null) copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) copying /etc/ca-certificates to private /etc Creating empty /run/firejail/mnt/etc/ca-certificates directory sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) Mount-bind /run/firejail/mnt/etc on top of /etc Creating an empty /etc/ld.so.preload file Copying files in the new /opt directory: Mount-bind /run/firejail/mnt/opt on top of /opt Copying files in the new bin directory Checking /usr/local/bin/discord Checking /usr/bin/discord file /usr/share/discord/Discord not found sbox run: /run/firejail/lib/fcopy /usr/bin/discord /run/firejail/mnt/bin (null) Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null) Checking /usr/local/bin/xdg-mime Checking /usr/bin/xdg-mime sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-mime /run/firejail/mnt/bin (null) Checking /usr/local/bin/tr Checking /usr/bin/tr sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin (null) Checking /usr/local/bin/sed Checking /usr/bin/sed Checking /bin/sed sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null) Checking /usr/local/bin/echo Checking /usr/bin/echo Checking /bin/echo sbox run: /run/firejail/lib/fcopy /bin/echo /run/firejail/mnt/bin (null) Checking /usr/local/bin/head Checking /usr/bin/head sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin (null) Checking /usr/local/bin/cut Checking /usr/bin/cut sbox run: /run/firejail/lib/fcopy /usr/bin/cut /run/firejail/mnt/bin (null) Checking /usr/local/bin/xdg-open Checking /usr/bin/xdg-open sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-open /run/firejail/mnt/bin (null) Checking /usr/local/bin/grep Checking /usr/bin/grep Checking /bin/grep sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null) Checking /usr/local/bin/egrep Checking /usr/bin/egrep Checking /bin/egrep sbox run: /run/firejail/lib/fcopy /bin/egrep /run/firejail/mnt/bin (null) Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null) Checking /usr/local/bin/zsh Checking /usr/bin/zsh Checking /bin/zsh Checking /usr/games/zsh Checking /usr/local/games/zsh Checking /usr/local/sbin/zsh Checking /usr/sbin/zsh Checking /sbin/zsh Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Replaced whitelist path: whitelist /home/user/.config/discord Directory ${DOWNLOADS} resolved as Téléchargements Replaced whitelist path: whitelist /home/user/Téléchargements Mounting a new /home directory Mounting a new /root directory Create a new user directory Mounting tmpfs on /tmp directory Whitelisting /home/user/.config/discord 714 710 254:3 /user/.config/discord /home/user/.config/discord rw,relatime master:71 - ext4 /dev/mapper/endworld--vg-home rw,data=ordered mountid=714 fsname=/user/.config/discord dir=/home/user/.config/discord fstype=ext4 Whitelisting /home/user/Téléchargements 715 710 254:3 /user/Téléchargements /home/user/Téléchargements rw,relatime master:71 - ext4 /dev/mapper/endworld--vg-home rw,data=ordered mountid=715 fsname=/user/Téléchargements dir=/home/user/Téléchargements fstype=ext4 Whitelisting /tmp/.X11-unix 716 713 254:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/endworld--vg-root rw,errors=remount-ro,data=ordered mountid=716 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Whitelisting /tmp/pulse-PKdhtXMmr18n 717 713 254:1 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:1 - ext4 /dev/mapper/endworld--vg-root rw,errors=remount-ro,data=ordered mountid=717 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Mounting read-only /home/user/.Xauthority Disable /var/lib/systemd Disable /var/cache/apt Disable /var/lib/apt Disable /var/lib/dkms Disable /var/lib/upower Disable /var/mail Disable /var/opt Disable /run/docker.sock (requested /var/run/docker.sock) Disable /run/minissdpd.sock (requested /var/run/minissdpd.sock) Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Disable /var/spool/anacron Disable /var/spool/cron Disable /var/mail (requested /var/spool/mail) Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /usr/lib/virtualbox Disable /usr/share/flatpak Disable /var/lib/flatpak Disable /usr/include Disable /usr/share/java Disable /usr/lib/valgrind Not blacklist /home/user/.config/discord Mounting noexec /home/user/.config/discord Mounting noexec /home/user/Téléchargements Mounting noexec /tmp Mounting noexec /tmp/.X11-unix Mounting noexec /tmp/pulse-PKdhtXMmr18n Disable /sys/fs Disable /sys/module /etc/pulse/client.conf not found blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/hidraw0 blacklist /dev/hidraw1 blacklist /dev/hidraw2 blacklist /dev/hidraw3 blacklist /dev/hidraw4 blacklist /dev/hidraw5 blacklist /dev/hidraw6 blacklist /dev/hidraw7 blacklist /dev/hidraw8 blacklist /dev/hidraw9 blacklist /dev/usb blacklist /dev/video0 blacklist /dev/video1 blacklist /dev/video2 blacklist /dev/video3 blacklist /dev/video4 blacklist /dev/video5 blacklist /dev/video6 blacklist /dev/video7 blacklist /dev/video8 blacklist /dev/video9 Create the new ld.so.preload file Mount the new ld.so.preload file Current directory: /home/user Dropping all capabilities Install protocol filter: unix,inet,inet6,netlink configuring 16 seccomp entries in /run/firejail/mnt/seccomp.protocol configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32 Dual 32/64 bit seccomp filter configured configuring 74 seccomp entries in /run/firejail/mnt/seccomp seccomp filter configured noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups ]0;firejail discord starting application LD_PRELOAD=(null) Running 'discord' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: 'discord' Mount the new ld.so.preload file Current directory: /home/user Dropping all capabilities Install protocol filter: unix,inet,inet6,netlink configuring 16 seccomp entries in /run/firejail/mnt/seccomp.protocol configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32 Dual 32/64 bit seccomp filter configured configuring 74 seccomp entries in /run/firejail/mnt/seccomp seccomp filter configured noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups monitoring pid 25 ``` If you need more informations let me know. Cheers.
gitea-mirror 2026-05-05 08:12:22 -06:00
gitea-mirror commented 2026-05-05 08:12:25 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 23, 2019):

It's the same problem for me when I launch ElectronMail. I'm running:

firejail --net=none\
             --noprofile\
             --noblacklist="$HOME"/.config/electron-mail --whitelist="$HOME"/.config/electron-mail\
             --debug-blacklists --debug-whitelists --output="${logfile}" --tracelog\
        /usr/local/bin/electron-mail

and --tracelog causes it to hang. I noticed this in your discord output:

Replaced whitelist path: whitelist /home/user/.config/discord

Does that mean you have a symbolic link? I also have a symbolic link to a place where the app needs to write to (and thus get a "Replaced whitelist path" message), so I wonder if that's related.

It's quite annoying, because if I try to debug firejail by running:

strace firejail --net=none\
             --noprofile\
             --noblacklist="$HOME"/.config/electron-mail --whitelist="$HOME"/.config/electron-mail\
             --debug-blacklists --debug-whitelists --output="${logfile}" --tracelog\
        /usr/local/bin/electron-mail

It crashes with:

write(2, "Warning: cannot switch egid to r"..., 36Warning: cannot switch egid to root

so I cannot use strace to reach the moment of the hang.

<!-- gh-comment-id:475859853 --> @ghost commented on GitHub (Mar 23, 2019): It's the same problem for me when I launch [ElectronMail](https://github.com/vladimiry/ElectronMail). I'm running: ``` firejail --net=none\ --noprofile\ --noblacklist="$HOME"/.config/electron-mail --whitelist="$HOME"/.config/electron-mail\ --debug-blacklists --debug-whitelists --output="${logfile}" --tracelog\ /usr/local/bin/electron-mail ``` and `--tracelog` causes it to hang. I noticed this in your discord output: ``` Replaced whitelist path: whitelist /home/user/.config/discord ``` Does that mean you have a symbolic link? I also have a symbolic link to a place where the app needs to write to (and thus get a "Replaced whitelist path" message), so I wonder if that's related. It's quite annoying, because if I try to debug firejail by running: ``` strace firejail --net=none\ --noprofile\ --noblacklist="$HOME"/.config/electron-mail --whitelist="$HOME"/.config/electron-mail\ --debug-blacklists --debug-whitelists --output="${logfile}" --tracelog\ /usr/local/bin/electron-mail ``` It crashes with: ``` write(2, "Warning: cannot switch egid to r"..., 36Warning: cannot switch egid to root ``` so I cannot use strace to reach the moment of the hang.
gitea-mirror commented 2026-05-05 08:12:26 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Mar 23, 2019):

Chrome doesn't work with --tracelog either. Since Electron from Discord and Electron-mail is similar IIRC to chromium, this is probably just a limitation of the programmes.

<!-- gh-comment-id:475878610 --> @Fred-Barclay commented on GitHub (Mar 23, 2019): Chrome doesn't work with `--tracelog` either. Since Electron from Discord and Electron-mail is similar IIRC to chromium, this is probably just a limitation of the programmes.
gitea-mirror commented 2026-05-05 08:12:27 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 23, 2019):

Indeed Electron-Mail runs an embedded version of Chromium.

I also wonder if the problem that caused me to add traces is related to Chromium. My Electron-Mail config folder is whitelisted but the settings never stick. I add accounts and they're lost when the session ends, never updated in $HOME/.config/electron-mail/.

<!-- gh-comment-id:475897299 --> @ghost commented on GitHub (Mar 23, 2019): Indeed Electron-Mail runs an embedded version of Chromium. I also wonder if the problem that caused me to add traces is related to Chromium. My Electron-Mail config folder is whitelisted but the settings never stick. I add accounts and they're lost when the session ends, never updated in `$HOME/.config/electron-mail/`.
gitea-mirror commented 2026-05-05 08:12:28 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Mar 24, 2019):

@libBletchley I'd be pretty sure the issue is with --net=none. Try running without that.

Also I'll get a profile in for electron-mail. 😄

<!-- gh-comment-id:475915809 --> @Fred-Barclay commented on GitHub (Mar 24, 2019): @libBletchley I'd be pretty sure the issue is with `--net=none`. Try running without that. Also I'll get a profile in for electron-mail. :smile:
gitea-mirror commented 2026-05-05 08:12:28 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 24, 2019):

The app executes just fine without a network - it just gets a "cannot connect to server" popup. Are you saying that --net=none is not compatible with --tracelog or strace?

Or if you're talking about the settings not sticking, indeed I can see how an app might refuse to store a config that fails to connect. But I've verified that. I used a working network with firejail and was able to login. But the account info still did not persist. I'm just using --net=none now because there's no need to connect while troubleshooting the problem of config changes not sticking.

<!-- gh-comment-id:475945471 --> @ghost commented on GitHub (Mar 24, 2019): The app executes just fine without a network - it just gets a "cannot connect to server" popup. Are you saying that `--net=none` is not compatible with `--tracelog` or `strace`? Or if you're talking about the settings not sticking, indeed I can see how an app might refuse to store a config that fails to connect. But I've verified that. I used a working network with firejail and was able to login. But the account info still did not persist. I'm just using `--net=none` now because there's no need to connect while troubleshooting the problem of config changes not sticking.
gitea-mirror commented 2026-05-05 08:12:29 -06:00
Author
Owner
Copy link

@Fred-Barclay commented on GitHub (Mar 24, 2019):

@libBletchley --net-none blocks internet access and also dbus access on newer distros IIRC. Probably electron-mail uses dbus to save your settings, so since it can't access dbus your changes aren't saved.

<!-- gh-comment-id:475984094 --> @Fred-Barclay commented on GitHub (Mar 24, 2019): @libBletchley `--net-none` blocks internet access and also dbus access on newer distros IIRC. Probably electron-mail uses dbus to save your settings, so since it can't access dbus your changes aren't saved.
gitea-mirror commented 2026-05-05 08:12:30 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 24, 2019):

--net-none blocks internet access and also dbus access on newer distros IIRC.

Ah, thanks for the explanation. In any case, I'm running with --net omitted on firejail version 0.9.44.8 and it's the same problem. I opened a separate issue (#2617) since the issue herein is about --tracelog.

Probably electron-mail uses dbus to save your settings

I get the impression that ElectronMail has some association with Electron, and electron.profile has nodbus.

<!-- gh-comment-id:475996104 --> @ghost commented on GitHub (Mar 24, 2019): > `--net-none` blocks internet access and also dbus access on newer distros IIRC. Ah, thanks for the explanation. In any case, I'm running with `--net` omitted on firejail version 0.9.44.8 and it's the same problem. I opened a separate issue (#2617) since the issue herein is about `--tracelog`. > Probably electron-mail uses dbus to save your settings I get the impression that ElectronMail has some association with Electron, and `electron.profile` [has](https://github.com/netblue30/firejail/blob/master/etc/electron.profile) `nodbus`.
gitea-mirror commented 2026-05-05 08:12:30 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 31, 2019):

How to future work here?

<!-- gh-comment-id:516952367 --> @rusty-snake commented on GitHub (Jul 31, 2019): How to future work here?
gitea-mirror commented 2026-05-05 08:12:31 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 22, 2019):

I'm closing here due to inactivity and deleted user.

<!-- gh-comment-id:523846832 --> @rusty-snake commented on GitHub (Aug 22, 2019): I'm closing here due to inactivity and deleted user.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1545
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?