mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #2744] Firefox doesn't work with W^X enforced by firejail #1724
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#1724
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @KOLANICH on GitHub (Jun 3, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2744
@chiraag-nataraj commented on GitHub (Jun 3, 2019):
Which version of Firefox? Which version of firejail?
@Vincent43 commented on GitHub (Jun 3, 2019):
This is expected. browsers aren't compatible with W^X.
@KOLANICH commented on GitHub (Jun 3, 2019):
https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/
@KOLANICH commented on GitHub (Jun 3, 2019):
The latest one in Ubuntu repo.
The one built today from git.
@chiraag-nataraj commented on GitHub (Jun 3, 2019):
Okay, but GTK+ and Qt don't like W^X. At all. There's a lot more to this than just the JIT compiler.
@chiraag-nataraj commented on GitHub (Jun 3, 2019):
It doesn't look like we enable W^X for Firefox in the profiles we distribute, so I'm confused as to why you opened this issue, to be honest. The fact that Firefox (and pretty much every graphical program) doesn't work with W^X is a problem to file in their bug trackers, not on here.
This would be more understandable if we mistakenly enabled W^X for Firefox or something, but we're not doing that.
@chiraag-nataraj commented on GitHub (Jun 3, 2019):
I'm going to go ahead and close this since there isn't much we can do about it from our end. Feel free to re-open if I misunderstood something.
@KOLANICH commented on GitHub (Jun 3, 2019):
Definitely. But we need to track compatibility issues on our side too. Maybe a special issue which head post is updated by a bot reading specially formatted comments in profiles?
Yeah, if it is a case, this is surely their bugs.
@chiraag-nataraj commented on GitHub (Jun 3, 2019):
This isn't a compatibility issue, though. There's literally nothing we can do from our end besides disabling the flag for that profile. File bugs upstream and see if they'll change things. I highly suspect they won't :/
@Vincent43 commented on GitHub (Jun 3, 2019):
That article is quite dated so it's hard to figure what current status is. Also as already noted above support W^X in some part of app doesn't mean the whole running process under firejail will support it. Someone in comments stated that you have to build firefox with
--disable-ion(is it still valid?) but the cost is quite high. There are also some jit related options in config you may try disabling.@SkewedZeppelin commented on GitHub (Jun 3, 2019):
@Vincent43
https://searchfox.org/mozilla-central/source/js/src/devtools/automation/variants/nojit
seems so, who knows if it actually works
iirc on some platforms like POWER it ships disabled, so it should I guess?
@KOLANICH commented on GitHub (Jun 3, 2019):
https://bugzilla.mozilla.org/show_bug.cgi?id=1338207
https://bugzilla.mozilla.org/show_bug.cgi?id=1371877