github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3780] whois profile block hostname resolution via getaddrinfo (Name or service not known) #2381

New issue

Closed

opened 2026-05-05 09:03:42 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 09:03:42 -06:00

Owner

Originally created by @MiltosKoutsokeras on GitHub (Nov 28, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3780

The whois program cannot resolve hostnames when its profile is enabled in firejail.

Bug and expected behavior

The whois profile in /etc/firejail/whois.profile does not allow hostname resolution and getaddrinfo fails with Name or service not known.
What did you expect to happen? whois should return the ARIN WHOIS data record, resolving the service to ask (whois.arin.net in my case) and the query object.

No profile and disabling firejail

What changed calling firejail --noprofile /path/to/program in a terminal? Works as expected.
What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)? Running the program by path:

/usr/local/bin/whois <Query Object>

wields the same result, firejail list:

<Process ID>:<User name>::/usr/bin/firejail /usr/bin/whois <Query Object>

Running the program with original path /usr/bin/whois does not showcases the error. can be any host or IP address you would like to query, e.g. github.com.

Reproduce
Steps to reproduce the behavior:

Run in bash firejail whois github.com
See error getaddrinfo(<Whois service here>): Name or service not known

Environment

Arch Linux
Firejail version 0.9.64

Additional context
I think the whois program is not allowed to read the hostname resolution configuration of the system environment. Since each Linux distribution has its own setup for this (systemd, files, other) the maintainers should look into it in more detail and per environment.

Checklist

The upstream profile (and redirect profile if exists) have no changes fixing it.
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
Programs needed for interaction are listed in the profile.
A short search for duplicates was performed.
If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.

Originally created by @MiltosKoutsokeras on GitHub (Nov 28, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3780 The `whois` program cannot resolve hostnames when its profile is enabled in firejail. **Bug and expected behavior** - The `whois` profile in `/etc/firejail/whois.profile` does not allow hostname resolution and `getaddrinfo` fails with `Name or service not known`. - What did you expect to happen? `whois` should return the ARIN WHOIS data record, resolving the service to ask (whois.arin.net in my case) and the query object. **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? Works as expected. - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? Running the program by path: ``` /usr/local/bin/whois <Query Object> ``` wields the same result, firejail list: ``` <Process ID>:<User name>::/usr/bin/firejail /usr/bin/whois <Query Object> ``` Running the program with original path `/usr/bin/whois` does not showcases the error. <Query Object> can be any host or IP address you would like to query, e.g. github.com. **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail whois github.com` 2. See error `getaddrinfo(<Whois service here>): Name or service not known` **Environment** - Arch Linux - Firejail version 0.9.64 **Additional context** I think the `whois` program is not allowed to read the hostname resolution configuration of the system environment. Since each Linux distribution has its own setup for this (systemd, files, other) the maintainers should look into it in more detail and per environment. **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] Programs needed for interaction are listed in the profile. - [x] A short search for duplicates was performed. - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages.

gitea-mirror closed this issue

2026-05-05 09:03:44 -06:00

gitea-mirror commented

2026-05-05 09:03:45 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 29, 2020):

whois github.com works for me, but fedora has an other whois implementation IIRC. Anyway if it's a config thing it's private-etc. protocol has no unix, this could also be a cause. What shows firejail --build=whois.profile whois github.com && grep private-etc whois.profile?

@rusty-snake commented on GitHub (Nov 29, 2020): `whois github.com` works for me, but fedora has an other whois implementation IIRC. Anyway if it's a config thing it's `private-etc`. `protocol` has no `unix`, this could also be a cause. What shows `firejail --build=whois.profile whois github.com && grep private-etc whois.profile`?

gitea-mirror commented

2026-05-05 09:03:46 -06:00

Author

Owner

@ghost commented on GitHub (Dec 10, 2020):

On my Arch box all the below commands show the getaddrinfo failure, suggesting this is not a firejail issue:

$ /usr/bin/whois github.com
$ firejail /usr/bin/whois github.com
$ firejail --noprofile /usr/bin/whois github.com

After some digging I stumbled on this. And indeed, none of the below commands show the getaddrinfo failure:

$ /usr/bin/whois namesilo.net
$ firejail /usr/bin/whois namesilo.net
$ firejail --noprofile /usr/bin/whois namesilo.net

@ghost commented on GitHub (Dec 10, 2020): On my Arch box *all* the below commands show the `getaddrinfo` failure, suggesting this is not a firejail issue: ``` $ /usr/bin/whois github.com $ firejail /usr/bin/whois github.com $ firejail --noprofile /usr/bin/whois github.com ``` After some digging I stumbled on [this](https://github.com/rfc1036/whois/issues/88). And indeed, *none* of the below commands show the `getaddrinfo` failure: ``` $ /usr/bin/whois namesilo.net $ firejail /usr/bin/whois namesilo.net $ firejail --noprofile /usr/bin/whois namesilo.net ```

gitea-mirror commented

2026-05-05 09:03:47 -06:00

Author

Owner

@MiltosKoutsokeras commented on GitHub (Dec 12, 2020):

It would possibly be a matter of combination between whois, resolver and maybe firejail. I noticed in my system that once firejail is not used, the whois works.

@MiltosKoutsokeras commented on GitHub (Dec 12, 2020): It would possibly be a matter of combination between whois, resolver and maybe firejail. I noticed in my system that once firejail is not used, the whois works.

gitea-mirror commented

2026-05-05 09:03:49 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 4, 2021):

Any progress here?

@rusty-snake commented on GitHub (Jan 4, 2021): Any progress here?

gitea-mirror commented

2026-05-05 09:03:49 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 6, 2021):

I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.

@rusty-snake commented on GitHub (Apr 6, 2021): I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2381

No description provided.

Rows
Columns