mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #25] loop devices #17
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#17
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @suedi on GitHub (Aug 14, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/25
I guess this is the active place for firejail now so I re-post here the same trouble
that I did on sourceforge.
I am on 0.9.28-rc1
I met with a problem I do not understand using firejail.
When I have an application started in firejail and do as root,
outside of jail, losetup -d /dev/loopXX ( or umount -d )
the command returns OK but loop device is just marked auto-clear
that is will remain until all references to it are closed.
If I have no application started with firejail the command just releases
the loop device so that makes me draw the conclusion that firejail
instance hold a reference to it.
Anyway I tried both private-dev and mounting a tmpfs on the directoty holding the
mount point but still firejail holds a reference to the loop device.
I tried lsof that reported no open references then I tried
fuser -v -m mntpnt and my whole system went down.
Please explain how it comes to have this reference!
How can I tell firejail not to hold a reference to the loop device????
@ghost commented on GitHub (Aug 14, 2015):
You mentioned a mount point, which suggests you're mounting your loop device somewhere. Can you tell us what you're doing with the loop device? We need to be able to reproduce this on our own machines so please let us know what steps you do to set up and use your loop device.
@suedi commented on GitHub (Aug 18, 2015):
I am on a puppy linux like system using AUFS.
The loop devices are squash archives of different Arch linux packages I use on that system.
At boot time these packages are loop mounted and then added to AUFS union.
AUFS root is /
This can also be done dynamically with a booted up system.
Example: BUNDLE="htop.sb"
Mounting
unmounting
Note removing BUNDLE from aufs is OK. Unmounting Bundle is OK
That is the files in that BUNDLE disappears from system.
Freeing the loop device does not work that is it gets marked for auto-clear
and disappears first when all firejail are exited.
If I check mount point /mnt/live/memory/bundles/"$BUNDLE" it is empty but the
dir cannot be removed
loset | grep htop.sb yields
I am starting firejail as an unprivilegied user
please let me know If you need more information
@netblue30 commented on GitHub (Aug 26, 2015):
There is no way you could do that. When firejail starts it creates a new mount namespace and inherits all existing mounts on your system. So, your loop device mount gets a new reference. The reference will be removed once you exit firejail .
@suedi commented on GitHub (Aug 26, 2015):
I don't get this
cause the umount works fine. Not a trace in /proc/mounts or in filesystem
Only thing left is the mount point and a entry in losetup
if the unmount works fine why shouldn't the losetup -f also work
Okay I guess I have to accept this and re-write some of my system tools
to take this into account.
So I guess I am closing this issue
Thanks for help, keep up the good work.