github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #4256] CI broken (again) #2595

New issue

Closed

opened 2026-05-05 09:16:06 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:16:06 -06:00

Owner

Originally created by @ghost on GitHub (May 7, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4256

Seeing several broken CI builds on the latest PR's.

For example: https://github.com/netblue30/firejail

/runs/2527146106?check_suite_focus=true#step:7:7731
make[1]: *** [Makefile:6: utils] Error 1
make[1]: Leaving directory '/home/runner/work/firejail/firejail/test'
make: *** [Makefile:246: test-utils] Error 2

@reinerh Can you make anything out of this? I hate to bother you with this but this CI stuff is beyond me and you seem to be the one who is best placed in this context. Feel free to report if I shouldn't bother you with similar issues in the future. TIA!

Originally created by @ghost on GitHub (May 7, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4256 Seeing several broken CI builds on the latest PR's. For example: https://github.com/netblue30/firejail ``` /runs/2527146106?check_suite_focus=true#step:7:7731 make[1]: *** [Makefile:6: utils] Error 1 make[1]: Leaving directory '/home/runner/work/firejail/firejail/test' make: *** [Makefile:246: test-utils] Error 2 ``` @reinerh Can you make anything out of this? I hate to bother you with this but this CI stuff is beyond me and you seem to be the one who is best placed in this context. Feel free to report if I shouldn't bother you with similar issues in the future. TIA!

gitea-mirror closed this issue

2026-05-05 09:16:07 -06:00

gitea-mirror commented

2026-05-05 09:16:09 -06:00

Author

Owner

@reinerh commented on GitHub (May 7, 2021):

TESTING: build (test/utils/build.exp)
spawn /bin/bash
echo testing > ~/firejail-test-file-7699
runner@fv-az96-462:~/work/firejail/firejail/test/utils$ 
<est/utils$ echo testing > ~/firejail-test-file-7699    
runner@fv-az96-462:~/work/firejail/firejail/test/utils$ 
<ils$ firejail --build cat ~/firejail-test-file-7699    
testing
--- Built profile beings after this line ---
# Save this file as "application.profile" (change "application" with the
# program name) in ~/.config/firejail directory. Firejail will find it
# automatically every time you sandbox your application.
#
# Run "firejail application" to test it. In the file there are
# some other commands you can try. Enable them by removing the "#".

# Firejail profile for cat
# Persistent local customizations
#include cat.local
# Persistent global definitions
#include globals.local

### Basic Blacklisting ###
### Enable as many of them as you can! A very important one is
### "disable-exec.inc". This will make among other things your home
### and /tmp directories non-executable.
include disable-common.inc
#include disable-devel.inc
#include disable-exec.inc
#include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
#include disable-xdg.inc

### Home Directory Whitelisting ###
### If something goes wrong, this section is the first one to comment out.
### Instead, you'll have to relay on the basic blacklisting above.
whitelist ${HOME}/firejail-test-file-7699
include whitelist-common.inc

### The Rest of the Filesystem ###
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
private-bin cat,
private-dev
#nodvd
#noinput
#notv
#nou2f
#novideo
private-etc none
private-tmp

### Security Filters ###
#apparmor
caps.drop all
netfilter
#nogroups
#noroot
nonewprivs
net none
seccomp
# seccomp.keep openat,mmap,fstat,close,mprotect,read,write,munmap,access,brk,readlink,getpid,arch_prctl,lseek,fadvise64,pread64,execve
# 17 syscalls total
# Probably you will need to add more syscalls to seccomp.keep. Look for
# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while
# running your sandbox.
#shell none
#tracelog
runner@fv-az96-462:~/work/firejail/firejail/test/utils$ TESTING ERROR 2

build.exp test is failing, probably because of the --build related changes by @netblue30.
I guess the expected profile also needs to be adapted.

@reinerh commented on GitHub (May 7, 2021): ``` TESTING: build (test/utils/build.exp) spawn /bin/bash echo testing > ~/firejail-test-file-7699 runner@fv-az96-462:~/work/firejail/firejail/test/utils$ <est/utils$ echo testing > ~/firejail-test-file-7699 runner@fv-az96-462:~/work/firejail/firejail/test/utils$ <ils$ firejail --build cat ~/firejail-test-file-7699 testing --- Built profile beings after this line --- # Save this file as "application.profile" (change "application" with the # program name) in ~/.config/firejail directory. Firejail will find it # automatically every time you sandbox your application. # # Run "firejail application" to test it. In the file there are # some other commands you can try. Enable them by removing the "#". # Firejail profile for cat # Persistent local customizations #include cat.local # Persistent global definitions #include globals.local ### Basic Blacklisting ### ### Enable as many of them as you can! A very important one is ### "disable-exec.inc". This will make among other things your home ### and /tmp directories non-executable. include disable-common.inc #include disable-devel.inc #include disable-exec.inc #include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc #include disable-xdg.inc ### Home Directory Whitelisting ### ### If something goes wrong, this section is the first one to comment out. ### Instead, you'll have to relay on the basic blacklisting above. whitelist ${HOME}/firejail-test-file-7699 include whitelist-common.inc ### The Rest of the Filesystem ### include whitelist-usr-share-common.inc include whitelist-var-common.inc private-bin cat, private-dev #nodvd #noinput #notv #nou2f #novideo private-etc none private-tmp ### Security Filters ### #apparmor caps.drop all netfilter #nogroups #noroot nonewprivs net none seccomp # seccomp.keep openat,mmap,fstat,close,mprotect,read,write,munmap,access,brk,readlink,getpid,arch_prctl,lseek,fadvise64,pread64,execve # 17 syscalls total # Probably you will need to add more syscalls to seccomp.keep. Look for # seccomp errors in /var/log/syslog or /var/log/audit/audit.log while # running your sandbox. #shell none #tracelog runner@fv-az96-462:~/work/firejail/firejail/test/utils$ TESTING ERROR 2 ``` `build.exp` test is failing, probably because of the `--build` related changes by @netblue30. I guess the expected profile also needs to be adapted.

gitea-mirror commented

2026-05-05 09:16:10 -06:00

Author

Owner

@reinerh commented on GitHub (May 7, 2021):

I hate to bother you with this but this CI stuff is beyond me and you seem to be the one who is best placed in this context. Feel free to report if I shouldn't bother you with similar issues in the future. TIA!

No problem, you can keep "bothering" me. ;-)
I can try to fix the test later, if no one beats me to it.

@reinerh commented on GitHub (May 7, 2021): > I hate to bother you with this but this CI stuff is beyond me and you seem to be the one who is best placed in this context. Feel free to report if I shouldn't bother you with similar issues in the future. TIA! No problem, you can keep "bothering" me. ;-) I can try to fix the test later, if no one beats me to it.

gitea-mirror commented

2026-05-05 09:16:10 -06:00

Author

Owner

@kmk3 commented on GitHub (May 8, 2021):

@reinerh commented 14 hours ago:

build.exp test is failing, probably because of the --build related
changes by @netblue30.

To add to that, for reference, the earliest failing "Build CI" run on
/actions appears to be this one:

Trigger: commit 43e47483f ("more --build")
URL: https://github.com/netblue30/firejail/runs/2521528578?check_suite_focus=true

Latest working "Build CI" run:

Trigger: PR #4248
URL: https://github.com/netblue30/firejail/runs/2519883326?check_suite_focus=true

@kmk3 commented on GitHub (May 8, 2021): @reinerh commented 14 hours ago: > `build.exp` test is failing, probably because of the `--build` related > changes by @netblue30. To add to that, for reference, the earliest failing "Build CI" run on [/actions][1] appears to be this one: * Trigger: commit 43e47483f ("more --build") * URL: <https://github.com/netblue30/firejail/runs/2521528578?check_suite_focus=true> Latest working "Build CI" run: * Trigger: PR #4248 * URL: <https://github.com/netblue30/firejail/runs/2519883326?check_suite_focus=true> [1]: https://github.com/netblue30/firejail/actions

gitea-mirror commented

2026-05-05 09:16:12 -06:00

Author

Owner

@kmk3 commented on GitHub (May 11, 2021):

@reinerh closed this in c69836c 6 hours ago

Thanks. I was considering opening a PR to disable the test, but this is a much
better outcome.

For future reference, these are the PRs that appear to have been affected by
this issue:

@kmk3 commented on GitHub (May 11, 2021): > @reinerh closed this in c69836c 6 hours ago Thanks. I was considering opening a PR to disable the test, but this is a much better outcome. For future reference, these are the PRs that appear to have been affected by this issue: * #4248 * #4251 * #4254 * #4255 * #4257 * #4258 * #4259 * #4260 * #4266

gitea-mirror referenced this issue

2026-05-05 10:20:02 -06:00

[PR #2595] [MERGED] fixes for aria2c not resolving domain names #4435

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2595

No description provided.

Rows
Columns