github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #270] adduser doesn't work while firejail in use #187

New issue

Closed

opened 2026-05-05 05:16:47 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 05:16:47 -06:00

Owner

Originally created by @theotherandre on GitHub (Jan 29, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/270

I used the released package 0.9.36 as well as a self compiled 0.9.36 from Debian on my Jessie box.

Start e. g. firejail firefox (or any other program) as normal user
su to root
adduser test
The result is:
Adding user "test" ...
Adding new group "test" (1004) ...
groupadd: failure while writing changes to /etc/group
adduser: "/usr/sbin/groupadd -g 1004 test" returned error code 10. Exiting.
The same with firejail --noprofile firefox
Normal writing to /etc/group works. I think, there should be no relation between a jail started by a normal user and the denial of system task outside of the jail.

Originally created by @theotherandre on GitHub (Jan 29, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/270 I used the released package 0.9.36 as well as a self compiled 0.9.36 from Debian on my Jessie box. - Start e. g. firejail firefox (or any other program) as normal user - su to root - adduser test - The result is: - `Adding user "test" ...` - `Adding new group "test" (1004) ...` - `groupadd: failure while writing changes to /etc/group` - `adduser: "/usr/sbin/groupadd -g 1004 test" returned error code 10. Exiting.` The same with firejail --noprofile firefox Normal writing to /etc/group works. I think, there should be no relation between a jail started by a normal user and the denial of system task outside of the jail.

gitea-mirror

2026-05-05 05:16:47 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 05:16:52 -06:00

Author

Owner

@manevich commented on GitHub (Jan 29, 2016):

Most likely, this is same issue as I reported: firejail blacklists important system files by mounting tmpfs over them. On older kernels, this causes error when you try to remove such files.
See issue https://github.com/netblue30/firejail/issues/261
No solution except upgrading to newer kernel.
With linux-image-4.2.0-0.bpo.1-amd64 everything fine.

@manevich commented on GitHub (Jan 29, 2016): Most likely, this is same issue as I reported: firejail blacklists important system files by mounting tmpfs over them. On older kernels, this causes error when you try to remove such files. See issue https://github.com/netblue30/firejail/issues/261 No solution except upgrading to newer kernel. With linux-image-4.2.0-0.bpo.1-amd64 everything fine.

gitea-mirror commented

2026-05-05 05:16:56 -06:00

Author

Owner

@theotherandre commented on GitHub (Jan 30, 2016):

Yes I agree it appears to be the same problem. I tested it with a stock kernel 3.18.26 running on my server and the problem did not occur there.

  Von: manevich <notifications@github.com>

An: netblue30/firejail firejail@noreply.github.com
CC: theotherandre theotherandre@noreply.github.com
Gesendet: 18:21 Freitag, 29.Januar 2016
Betreff: Re: [firejail] adduser doesn't work while firejail in use (#270)

Most likely, this is same issue as I reported: on older kernels firejail locks important system files by mounting tmpfs over them.
See issue #261
No solution except upgrading to newer kernel.
With linux-image-4.2.0-0.bpo.1-amd64 everything fine.—
Reply to this email directly or view it on GitHub.

@theotherandre commented on GitHub (Jan 30, 2016): Yes I agree it appears to be the same problem. I tested it with a stock kernel 3.18.26 running on my server and the problem did not occur there. ``` Von: manevich <notifications@github.com> ``` An: netblue30/firejail firejail@noreply.github.com CC: theotherandre theotherandre@noreply.github.com Gesendet: 18:21 Freitag, 29.Januar 2016 Betreff: Re: [firejail] adduser doesn't work while firejail in use (#270) Most likely, this is same issue as I reported: on older kernels firejail locks important system files by mounting tmpfs over them. See issue #261 No solution except upgrading to newer kernel. With linux-image-4.2.0-0.bpo.1-amd64 everything fine.— Reply to this email directly or view it on GitHub.

gitea-mirror commented

2026-05-05 05:16:58 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 1, 2016):

I documented the problem on the project page: https://firejail.wordpress.com/support/known-problems/

@netblue30 commented on GitHub (Feb 1, 2016): I documented the problem on the project page: https://firejail.wordpress.com/support/known-problems/

gitea-mirror referenced this issue

2026-05-05 10:03:39 -06:00

[PR #187] [MERGED] whitelist keysnail config for firefox #3559

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#187

No description provided.

Rows
Columns