[GH-ISSUE #2725] --timeout results in approximately 2 seconds of latency for all executions #1715

New issue

Closed

opened 2026-05-05 08:22:51 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 08:22:51 -06:00

Owner

Originally created by @apmorton on GitHub (May 26, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2725

c8e3cb72d4/src/firejail/sandbox.c (L306)

For some use cases this makes the timeout functionality unusable.

I have looked into solutions and I believe using timer_create to send a signal and configuring the signal to interrupt library calls should work.

I will take a stab at this sometime this week (after the release on Monday).

Originally created by @apmorton on GitHub (May 26, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2725 https://github.com/netblue30/firejail/blob/c8e3cb72d477013adb57beb03417acb0f076d739/src/firejail/sandbox.c#L306 For some use cases this makes the timeout functionality unusable. I have looked into solutions and I believe using `timer_create` to send a signal and configuring the signal to interrupt library calls should work. I will take a stab at this sometime this week (after the release on Monday).

gitea-mirror

2026-05-05 08:22:51 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 08:22:54 -06:00

Author

Owner

@netblue30 commented on GitHub (Jul 4, 2019):

Actually, the process runs one second less than what it was specified in --timeout (BUG!), then it receives SIGTERM and the sandbox waits one second end closes down. Here is a simple test program:

#include <stdio.h>
#include <unistd.h>
#include <signal.h>

int main(void) {
//	signal(SIGTERM, SIG_IGN);

	int cnt = 0;
	while (1) {
		usleep(100000);
		printf("%d\n", ++cnt);
	}

	return 0;
}

It counts in 100ms increments. gcc file.c and run under firejail:

$ time firejail --timeout=00:00:05 ./a.out
[...]
45
46
47
48
49
50

Parent is shutting down, bye...

real	0m5.210s
user	0m0.032s
sys	0m0.028s

So, there is a 0.2 s sandbox overhead that includes the 0.1 s wait after SIGTERM.

fix for the lost second on mainline: d690842346

@netblue30 commented on GitHub (Jul 4, 2019): Actually, the process runs one second less than what it was specified in --timeout (BUG!), then it receives SIGTERM and the sandbox waits one second end closes down. Here is a simple test program: ````` #include <stdio.h> #include <unistd.h> #include <signal.h> int main(void) { // signal(SIGTERM, SIG_IGN); int cnt = 0; while (1) { usleep(100000); printf("%d\n", ++cnt); } return 0; } ````` It counts in 100ms increments. gcc file.c and run under firejail: ````` $ time firejail --timeout=00:00:05 ./a.out [...] 45 46 47 48 49 50 Parent is shutting down, bye... real 0m5.210s user 0m0.032s sys 0m0.028s ````` So, there is a 0.2 s sandbox overhead that includes the 0.1 s wait after SIGTERM. fix for the lost second on mainline: https://github.com/netblue30/firejail/commit/d6908423468a90e8b0e0ea0aca6455a05fdb147f

gitea-mirror referenced this issue

2026-05-05 10:12:54 -06:00

[PR #1715] [MERGED] Create discord-canary.profile #4055

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1715

No description provided.

Rows
Columns