[GH-ISSUE #3068] Problems with kernel 5.4 and firejail

gitea-mirror commented

2026-05-05 08:35:27 -06:00

Owner

Originally created by @UriHerrera on GitHub (Nov 30, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3068

Please check https://github.com/AppImage/appimaged/issues/101.

I updated the kernel to Linux 5.4, using appimaged with firejail 0.9.60. There's a problem with firejail not being able to launch AppImages using the default profile or the --no-profile option.

I resolved my problem by downgrading the kernel.

Originally created by @UriHerrera on GitHub (Nov 30, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/3068 Please check https://github.com/AppImage/appimaged/issues/101. I updated the kernel to Linux 5.4, using [appimaged](https://github.com/AppImage/appimaged/commit/0f1c320b0905a960520816cd36b7eec9ff79484c) with firejail 0.9.60. There's a problem with firejail not being able to launch AppImages using the default profile or the `--no-profile` option. I resolved my problem by downgrading the kernel.

gitea-mirror

2026-05-05 08:35:27 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 08:35:30 -06:00

Author

Owner

@Vincent43 commented on GitHub (Nov 30, 2019):

I can reproduce this on Linux 5.4:

$ firejail --appimage foobar.AppImage
Mounting appimage type 2
Error mounting appimage: appimage.c:122 appimage_set: Invalid argument

@Vincent43 commented on GitHub (Nov 30, 2019): I can reproduce this on Linux 5.4: ``` $ firejail --appimage foobar.AppImage Mounting appimage type 2 Error mounting appimage: appimage.c:122 appimage_set: Invalid argument ```

gitea-mirror commented

2026-05-05 08:35:31 -06:00

Author

Owner

@ghost commented on GitHub (Nov 30, 2019):

I'm not sure this is a firejail issue, as I'm seeing similar problems mounting (FUSE) filesystems on Linux 5.4 where firejail isn't involved. I'm in the middle of trying to determine what's going on exactly and will report back here if/when something relevant comes up.

@ghost commented on GitHub (Nov 30, 2019): I'm not sure this is a firejail issue, as I'm seeing similar problems mounting (FUSE) filesystems on Linux 5.4 where firejail isn't involved. I'm in the middle of trying to determine what's going on exactly and will report back here if/when something relevant comes up.

gitea-mirror commented

2026-05-05 08:35:32 -06:00

Author

Owner

@Tuj3Bz90dV commented on GitHub (Dec 6, 2019):

I've worked around this with the following patch:

diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 7c60d918..bd9096c2 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -118,7 +118,7 @@ void appimage_set(const char *appimage) {
        }
        else {
                fmessage("Mounting appimage type 2\n");
-               if (mount(devloop, mntdir, "squashfs", flags,  mode) < 0)
+               if (mount(devloop, mntdir, "squashfs", flags, /*mode*/NULL) < 0)
                        errExit("mounting appimage");
        }

The squashfs driver had some API changes in 5.4, and the unsupported mode options are no longer ignored. As far as I can tell squashfs has never supported mode, they were just being ignored this whole time.

@Tuj3Bz90dV commented on GitHub (Dec 6, 2019): I've worked around this with the following patch: ```diff diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 7c60d918..bd9096c2 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c @@ -118,7 +118,7 @@ void appimage_set(const char *appimage) { } else { fmessage("Mounting appimage type 2\n"); - if (mount(devloop, mntdir, "squashfs", flags, mode) < 0) + if (mount(devloop, mntdir, "squashfs", flags, /*mode*/NULL) < 0) errExit("mounting appimage"); } ``` The `squashfs` driver had some API changes in 5.4, and the unsupported `mode` options are no longer ignored. As far as I can tell `squashfs` has never supported `mode`, they were just being ignored this whole time.

gitea-mirror commented

2026-05-05 08:35:33 -06:00

Author

Owner

@neurodiverseEsoteric commented on GitHub (Dec 13, 2019):

@Tuj3Bz90dV how do I turn that into a .patch file to modify the install for arch-based "ArcoLinux?"

(...Wonder why DuckDuckGo didn't find this page, and google only found got pages in Chinese, and this one (most "&-" tracking params removed): https://webcache.googleusercontent.com/search?q=cache:Oe4gjvSnzDEJ:https://forum.mxlinux.org/viewtopic.php%3Ff%3D118%26t%3D46090%26start%3D40+&hl=en)

@neurodiverseEsoteric commented on GitHub (Dec 13, 2019): @Tuj3Bz90dV how do I turn that into a .patch file to modify the install for arch-based "ArcoLinux?" (...Wonder why DuckDuckGo didn't find this page, and google only found got pages in Chinese, and this one (most "&-" tracking params removed): https://webcache.googleusercontent.com/search?q=cache:Oe4gjvSnzDEJ:https://forum.mxlinux.org/viewtopic.php%3Ff%3D118%26t%3D46090%26start%3D40+&hl=en)

gitea-mirror commented

2026-05-05 08:35:33 -06:00

Author

Owner

@ghost commented on GitHub (Dec 13, 2019):

@esotericDisciple Here's a worfkflow to add the above patch to a PKGBUILD for firejail-git:

copy/paste the above diff into a file - e.g. appimage.patch - and save it into your PKGBUILD directory;
add 'appimage.patch' (or whatever you named it) to the source array;
add a prepare function to the PKGBUILD
prepare() {
cd firejail
patch -Np1 -i ../appimage.patch
}
run updpkgsums
run makepkg and install the resulting firejail archive.

@ghost commented on GitHub (Dec 13, 2019): @esotericDisciple Here's a worfkflow to add the above patch to a PKGBUILD for firejail-git: - copy/paste the above diff into a file - e.g. appimage.patch - and save it into your PKGBUILD directory; - add 'appimage.patch' (or whatever you named it) to the source array; - add a prepare function to the PKGBUILD prepare() { cd firejail patch -Np1 -i ../appimage.patch } - run updpkgsums - run makepkg and install the resulting firejail archive.

gitea-mirror commented

2026-05-05 08:35:34 -06:00

Author

Owner

@neurodiverseEsoteric commented on GitHub (Dec 14, 2019):

Thanks @glitsj16 but it keeps rejecting the "hunk," a term that makes no sense to use but nevermind...Does it PKGBUILD have to be edited during the pikaur/yaourt install prompt? See, I can't figure out what the paths are different in the above examples and the snapshot of the AUR package itself ('cd firejail' won't work but 'cd "${srcdir}/${pkgname}"' or '/src/firejail-git/src/firejail,' will work for instance)...

@neurodiverseEsoteric commented on GitHub (Dec 14, 2019): Thanks @glitsj16 but it keeps rejecting the "hunk," a term that makes no sense to use but nevermind...Does it PKGBUILD have to be edited during the pikaur/yaourt install prompt? See, I can't figure out what the paths are different in the above examples and the snapshot of the AUR package itself ('cd firejail' won't work but 'cd "${srcdir}/${pkgname}"' or '/src/firejail-git/src/firejail,' will work for instance)...

gitea-mirror commented

2026-05-05 08:35:34 -06:00

Author

Owner

@ghost commented on GitHub (Dec 14, 2019):

@esotericDisciple Apologies for the untested advice above. I've gone ahead and fixed the relevant file directly. If you use a firejail-git PKGBUILD there's nothing extra that you need to do besides building that. In case you prefer a firejail PKGBUILD, follow the below instructions.

Does it PKGBUILD have to be edited during the pikaur/yaourt install prompt?

I don't use AUR helpers, but that's indeed the moment you will need to make a one-line change to the PKGBUILD. Try adding the below line in the build() function, directly after the cd it contains (whatever that might be):

cd "whatever"
sed -i -e 's/"squashfs", flags,  mode/"squashfs", flags, NULL/' src/firejail/appimage.c

Proceed as you always do and it should fix --appimage, I've tested it this time.
In case you notice the issue isn't fixed for you, please reopen this issue.

@ghost commented on GitHub (Dec 14, 2019): @esotericDisciple Apologies for the untested advice above. I've gone ahead and fixed the relevant file directly. If you use a `firejail-git` PKGBUILD there's nothing extra that you need to do besides building that. In case you prefer a `firejail` PKGBUILD, follow the below instructions. > Does it PKGBUILD have to be edited during the pikaur/yaourt install prompt? I don't use AUR helpers, but that's indeed the moment you will need to make a one-line change to the PKGBUILD. Try adding the below line in the build() function, directly after the cd it contains (whatever that might be): ``` cd "whatever" sed -i -e 's/"squashfs", flags, mode/"squashfs", flags, NULL/' src/firejail/appimage.c ``` Proceed as you always do and it should fix `--appimage`, I've tested it this time. In case you notice the issue isn't fixed for you, please reopen this issue.

gitea-mirror commented

2026-05-05 08:35:34 -06:00

Author

Owner

@smitsohu commented on GitHub (Mar 8, 2020):

Probably it's a regression in the kernel, compare https://bugzilla.redhat.com/show_bug.cgi?id=1781863

@smitsohu commented on GitHub (Mar 8, 2020): Probably it's a regression in the kernel, compare https://bugzilla.redhat.com/show_bug.cgi?id=1781863

gitea-mirror referenced this issue

2026-05-05 10:14:20 -06:00

[PR #1923] [MERGED] add disable-interpreters.inc to gnome-logs #4131

Rows
Columns

[GH-ISSUE #3068] Problems with kernel 5.4 and firejail #1923