github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #4406] Electron apps segfault in libglib when trying to upload files #2653

New issue

Closed

opened 2026-05-05 09:18:55 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 09:18:55 -06:00

Owner

Originally created by @haarp on GitHub (Jul 16, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4406

Initially discussed in https://github.com/netblue30/firejail/discussions/4405

Hello,

so I've been having this problem for a while now. I run a few Electron apps (MS Teams, Discord, Signal) with firejail. All of them work fine for the most part, but will crash shortly after attempting to upload files.

Start app
Put file somewhere app can access ($HOME/Downloads)
Open upload dialog in app and select file
App crashes shortly after selecting the file, or as soon as you press another key to write a comment. If you're quick enough, sometimes you can upload and post the file before the crash.

There doesn't seem to be anyone else having this problem, or at least my Google-Fu failed me. The behavior is very similar across all three of these apps. They work fine when run directly without firejail

Here's some log from Discord:

(discord:39): Gtk-WARNING **: Symlink resolution failed: Failed to read the symbolic link “/home/haarp/.local/share/recently-used.xbel”: No such file or directory
(discord:39): Gtk-WARNING **: Attempting to set the permissions of '(invalid filename)', but failed: Bad address
(discord:39): Gtk-WARNING **: Attempting to store changes into '(invalid filename)', but failed: (null)

GSlice: MemChecker: attempt to release non-allocated block: 0xfoo size=16
***MEMORY-ERROR***: discord[39]: GSlice: assertion failed: sinfo->n_allocated > 0

Parent is shutting down, bye...

and from syslog:

kernel: Discord[7964]: segfault at ... ip ... sp ... error 4 in libglib-2.0.so.0.6800.3[...]
kernel: Code: 44 8d 78 ff 48 8b 0b 4d 89 fe 49 c1 e6 04 4c 01 f1 4c 8b 21 48 89 c5 4d 85 e4 0f 84 ec 00 00 00 49 8b 44 24 08 48 85 c0 74 52 <48> 8b 10 49 89 54 24 08 49 89 c4 48 8b 41 08 48 85 c0 75 2e 66 0f

It seems to be related to the GTK file picker, which makes use of libglib. libglib originates from my system and is not part of the Discord distribution. Recompiling libglib did not help.

Gentoo Linux, firejail-0.9.64.4, using mostly the default profiles (at least nothing that should cause such problems).

Any ideas? It msut be firejail, but I don't understand how or why. Thanks!

Originally created by @haarp on GitHub (Jul 16, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4406 ### Initially discussed in https://github.com/netblue30/firejail/discussions/4405 Hello, so I've been having this problem for a while now. I run a few Electron apps (MS Teams, Discord, Signal) with firejail. All of them work fine for the most part, but will crash shortly after attempting to upload files. - Start app - Put file somewhere app can access (`$HOME/Downloads`) - Open upload dialog in app and select file - App crashes shortly after selecting the file, or as soon as you press another key to write a comment. If you're quick enough, sometimes you can upload and post the file before the crash. There doesn't seem to be anyone else having this problem, or at least my Google-Fu failed me. The behavior is very similar across all three of these apps. *They work fine when run directly without firejail* Here's some log from Discord: ``` (discord:39): Gtk-WARNING **: Symlink resolution failed: Failed to read the symbolic link “/home/haarp/.local/share/recently-used.xbel”: No such file or directory (discord:39): Gtk-WARNING **: Attempting to set the permissions of '(invalid filename)', but failed: Bad address (discord:39): Gtk-WARNING **: Attempting to store changes into '(invalid filename)', but failed: (null) GSlice: MemChecker: attempt to release non-allocated block: 0xfoo size=16 ***MEMORY-ERROR***: discord[39]: GSlice: assertion failed: sinfo->n_allocated > 0 Parent is shutting down, bye... ``` and from syslog: ``` kernel: Discord[7964]: segfault at ... ip ... sp ... error 4 in libglib-2.0.so.0.6800.3[...] kernel: Code: 44 8d 78 ff 48 8b 0b 4d 89 fe 49 c1 e6 04 4c 01 f1 4c 8b 21 48 89 c5 4d 85 e4 0f 84 ec 00 00 00 49 8b 44 24 08 48 85 c0 74 52 <48> 8b 10 49 89 54 24 08 49 89 c4 48 8b 41 08 48 85 c0 75 2e 66 0f ``` It seems to be related to the GTK file picker, which makes use of libglib. libglib originates from my system and is not part of the Discord distribution. Recompiling libglib did not help. Gentoo Linux, firejail-0.9.64.4, using mostly the default profiles (at least nothing that should cause such problems). Any ideas? It msut be firejail, but I don't understand how or why. Thanks!

gitea-mirror closed this issue

2026-05-05 09:18:56 -06:00

gitea-mirror commented

2026-05-05 09:18:57 -06:00

Author

Owner

@smitsohu commented on GitHub (Jul 17, 2021):

From a distance this looks rather like a bug somewhere in Electron/Glib that is merely triggered by the sandbox.

They work fine when run directly without firejail

Can you please try firejail --noprofile discord and firejail --noprofile --tracelog discord? With the latter there might be additional messages in the syslog.

@smitsohu commented on GitHub (Jul 17, 2021): From a distance this looks rather like a bug somewhere in Electron/Glib that is merely triggered by the sandbox. > They work fine when run directly without firejail Can you please try `firejail --noprofile discord` and `firejail --noprofile --tracelog discord`? With the latter there might be additional messages in the syslog.

gitea-mirror commented

2026-05-05 09:18:58 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jul 17, 2021):

The latter don't work with chrom*.

How do you run the AI? firejail --proifle=discord --appimage ./path/to/the/appimage.AppImage?

@rusty-snake commented on GitHub (Jul 17, 2021): The latter don't work with chrom*. How do you run the AI? `firejail --proifle=discord --appimage ./path/to/the/appimage.AppImage`?

gitea-mirror commented

2026-05-05 09:18:59 -06:00

Author

Owner

@haarp commented on GitHub (Jul 17, 2021):

Thanks for your replies!

Probably this can be worked around with --env=G_SLICE=always-malloc

I've already tried. This still crashes, but shifts the segfault from libglib to libc. In my tests, I've also sometimes seen libgobject.

Can you please try firejail --noprofile discord and firejail --noprofile --tracelog discord? If the latter works (it doesn't in some cases) there might be additional messages in the syslog.

Sorry, I am not comfortable running it completely unsandboxed. But I did try a minimal sandbox, see below. --tracelog unfortunately doesn't work, firejail will just stall.

How do you run the AI? firejail --proifle=discord --appimage ./path/to/the/appimage.AppImage?

It's installed via ebuild, which extracts the upstream .deb into /opt/discord and symlinks the binary to /usr/bin/discord. Then I run firejail --profile=discord discord.

I've been testing a minimal profile and I can track the crashes down to whitelisting. This crashes:

noblacklist ${HOME}/.config/discord
whitelist ${HOME}/.config/discord

include disable-passwdmgr.inc
include disable-programs.inc

This doesn't:

noblacklist ${HOME}/.config/discord

include disable-passwdmgr.inc
include disable-programs.inc

@haarp commented on GitHub (Jul 17, 2021): Thanks for your replies! > Probably this can be worked around with `--env=G_SLICE=always-malloc` I've already tried. This still crashes, but shifts the segfault from libglib to libc. In my tests, I've also sometimes seen libgobject. > Can you please try `firejail --noprofile discord` and `firejail --noprofile --tracelog discord`? If the latter works (it doesn't in some cases) there might be additional messages in the syslog. Sorry, I am not comfortable running it completely unsandboxed. But I did try a minimal sandbox, see below. `--tracelog` unfortunately doesn't work, firejail will just stall. > How do you run the AI? `firejail --proifle=discord --appimage ./path/to/the/appimage.AppImage`? It's installed via ebuild, which extracts the upstream .deb into `/opt/discord` and symlinks the binary to `/usr/bin/discord`. Then I run `firejail --profile=discord discord`. I've been testing a minimal profile and I can track the crashes down to whitelisting. This crashes: ``` noblacklist ${HOME}/.config/discord whitelist ${HOME}/.config/discord include disable-passwdmgr.inc include disable-programs.inc ``` This doesn't: ``` noblacklist ${HOME}/.config/discord include disable-passwdmgr.inc include disable-programs.inc ```

gitea-mirror commented

2026-05-05 09:19:00 -06:00

Author

Owner

@haarp commented on GitHub (Jul 17, 2021):

Oh boy, I found it! 🎉

It's ~/.local/share/recently-used.xbel. If I add it to the whitelist, no more crashes.
whitelist ${HOME}/.local/share/recently-used.xbel

Come to think of it, the log did mention that file, but I disregarded it as a harmless message. Curiously, it's not a symlink, but a regular file.
Gtk-WARNING **: Symlink resolution failed: Failed to read the symbolic link “/home/haarp/.local/share/recently-used.xbel”: No such file or directory

Now with that file whitelisted, it still has complaints (as it tries to clone-modify-replace it), but no crashes:
Gtk-WARNING **: Attempting to store changes into '/home/haarp/.local/share/recently-used.xbel', but failed: Failed to rename file “/home/haarp/.local/share/recently-used.xbel.PVC460” to “/home/haarp/.local/share/recently-used.xbel”: g_rename() failed: Device or resource busy

@haarp commented on GitHub (Jul 17, 2021): Oh boy, I found it! :tada: It's `~/.local/share/recently-used.xbel`. If I add it to the whitelist, no more crashes. ```whitelist ${HOME}/.local/share/recently-used.xbel``` Come to think of it, the log did mention that file, but I disregarded it as a harmless message. Curiously, it's not a symlink, but a regular file. ```Gtk-WARNING **: Symlink resolution failed: Failed to read the symbolic link “/home/haarp/.local/share/recently-used.xbel”: No such file or directory``` Now with that file whitelisted, it still has complaints (as it tries to clone-modify-replace it), but no crashes: ```Gtk-WARNING **: Attempting to store changes into '/home/haarp/.local/share/recently-used.xbel', but failed: Failed to rename file “/home/haarp/.local/share/recently-used.xbel.PVC460” to “/home/haarp/.local/share/recently-used.xbel”: g_rename() failed: Device or resource busy```

gitea-mirror commented

2026-05-05 09:19:00 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 9, 2021):

Can we close here?

@rusty-snake commented on GitHub (Oct 9, 2021): Can we close here?

gitea-mirror commented

2026-05-05 09:19:01 -06:00

Author

Owner

@haarp commented on GitHub (Oct 10, 2021):

Yup.

@haarp commented on GitHub (Oct 10, 2021): Yup.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2653

No description provided.

Rows
Columns