github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3987] cannot confine using apparmor on Arch linux LTS kernel #2494

New issue

Closed

opened 2026-05-05 09:10:42 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 09:10:42 -06:00

Owner

Originally created by @virgilhem on GitHub (Feb 13, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3987

Since a recent kernel update I got the error "Warning: Cannot confine the application using AppArmor" when using the "--apparmor" flag"

The verification performed in src/firejail/sandbox.c failed with the error EINVAL:

test.c:
#include <sys/apparmor.h>
#include <stdio.h>
int main() {
if(aa_change_onexec("firejail-default")<0) { perror(NULL); }
}

$ gcc -lapparmor test.c
$ ./a.out
Invalid argument

Still the "aa-status" command shows that the firejail-default profile is correctly loaded in the kernel.
Don't know if this is a distro specfic issue.

Originally created by @virgilhem on GitHub (Feb 13, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/3987 Since a recent kernel update I got the error "Warning: Cannot confine the application using AppArmor" when using the "--apparmor" flag" The verification performed in src/firejail/sandbox.c failed with the error EINVAL: test.c: #include <sys/apparmor.h> #include <stdio.h> int main() { if(aa_change_onexec("firejail-default")<0) { perror(NULL); } } $ gcc -lapparmor test.c $ ./a.out Invalid argument Still the "aa-status" command shows that the firejail-default profile is correctly loaded in the kernel. Don't know if this is a distro specfic issue.

gitea-mirror

2026-05-05 09:10:42 -06:00

closed this issue
added the
notourbug
label

gitea-mirror commented

2026-05-05 09:10:46 -06:00

Author

Owner

@ghost commented on GitHub (Feb 16, 2021):

Don't know if this is a distro specfic issue.

I can confirm your observations on Arch Linux with linux-lts 5.4.98. Luckily linux-lts 5.10.16 is in testing so I tried that as well and that works as expected (no output from your test.c). Looks like a kernel issue IMO.

@ghost commented on GitHub (Feb 16, 2021): > Don't know if this is a distro specfic issue. I can confirm your observations on Arch Linux with linux-lts `5.4.98.` Luckily linux-lts `5.10.16` is in [testing](https://archlinux.org/packages/testing/x86_64/linux-lts/) so I tried that as well and that works as expected (no output from your test.c). Looks like a kernel issue IMO.

gitea-mirror commented

2026-05-05 09:10:47 -06:00

Author

Owner

@virgilhem commented on GitHub (Mar 2, 2021):

FYI the issue has been reported upstream:
https://gitlab.com/apparmor/apparmor/-/issues/150

@virgilhem commented on GitHub (Mar 2, 2021): FYI the issue has been reported upstream: https://gitlab.com/apparmor/apparmor/-/issues/150

gitea-mirror commented

2026-05-05 09:10:48 -06:00

Author

Owner

@rusty-snake commented on GitHub (Aug 4, 2021):

FYI https://gitlab.com/apparmor/apparmor/-/issues/150 was closed last week.

@rusty-snake commented on GitHub (Aug 4, 2021): FYI https://gitlab.com/apparmor/apparmor/-/issues/150 was closed last week.

gitea-mirror referenced this issue

2026-05-05 10:18:36 -06:00

[PR #2494] [MERGED] Add new profile for xfce4-mixer #4357

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2494

No description provided.

Rows
Columns