github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

foo #2691

New issue

Closed

opened 2026-05-05 09:21:01 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 09:21:01 -06:00

Owner

Originally created by @ghost on GitHub (Sep 8, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4516

Clean Ubuntu 21.04 install - installed from repos (0.9.64) and got errors about fcopy.
Installed the deb from the official website (0.9.66) after reading a closed bug report of similar and it being fixed since.
Issue persists.

Bug and expected behavior

Describe the bug.

Things do not run. With 0.9.64 I get:

Error: failed to run /run/firejail/lib/fcopy
Error: proc 29376 cannot sync with peer: unexpected EOF
With 0.9.66 I get
Error fcopy: invalid ownership for file /usr/local/bin/thing-you-do-not-trust
Error: failed to run /run/firejail/lib/fcopy, exiting...
Error: proc 60304 cannot sync with peer: unexpected EOF
Peer 60305 unexpectedly exited with status 1

What did you expect to happen?

The command to exit cleanly.

No profile and disabling firejail

What changed calling firejail --noprofile /path/to/program in a terminal?

(What happens when you just unleash the untrusted application!?) MADNESS!

It works fine

What changed calling the program by path (e.g. /usr/bin/vlc)?

It works fine

Reproduce

Steps to reproduce the behavior:

Run in bash firejail PROGRAM
See error ERROR
Read Error
Be Dissapointed...

Environment

Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)
Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 21.04
Release:	21.04
Codename:	hirsute

firejail - version 0.9.66

Additional context

Other context about the problem like related errors to understand the problem.

Checklist

The profile (and redirect profile if exists) hasn't already been fixed upstream.
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
I have performed a short search for similar issues (to avoid opening a duplicate).

Found one from last year but it's closed.

If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.

say what now

I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

not a browser issue

This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.

Log

debug output

Rather not

Relates to:

#1531

Originally created by @ghost on GitHub (Sep 8, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4516 Clean Ubuntu 21.04 install - installed from repos (0.9.64) and got errors about fcopy. Installed the deb from the official website (0.9.66) after reading a closed bug report of similar and it being fixed since. Issue persists. ### Bug and expected behavior - Describe the bug. Things do not run. With 0.9.64 I get: ``` Error: failed to run /run/firejail/lib/fcopy Error: proc 29376 cannot sync with peer: unexpected EOF With 0.9.66 I get Error fcopy: invalid ownership for file /usr/local/bin/thing-you-do-not-trust Error: failed to run /run/firejail/lib/fcopy, exiting... Error: proc 60304 cannot sync with peer: unexpected EOF Peer 60305 unexpectedly exited with status 1 ``` - What did you expect to happen? The command to exit cleanly. ### No profile and disabling firejail - What changed calling `firejail --noprofile /path/to/program` in a terminal? (What happens when you just unleash the untrusted application!?) MADNESS! It works fine - What changed calling the program by path (e.g. `/usr/bin/vlc`)? It works fine ### Reproduce Steps to reproduce the behavior: 1. Run in bash `firejail PROGRAM` 2. See error `ERROR` 3. Read Error 4. Be Dissapointed... ### Environment - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) ``` No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 21.04 Release: 21.04 Codename: hirsute ``` firejail - version 0.9.66 ### Additional context Other context about the problem like related errors to understand the problem. ### Checklist - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). Found one from last year but it's closed. - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. say what now - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. not a browser issue - [x] This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions. ### Log <details> <summary>debug output</summary> <p> Rather not </p> </details> Relates to: * #1531

gitea-mirror

2026-05-05 09:21:01 -06:00

closed this issue
added the
duplicate
label

gitea-mirror commented

2026-05-05 09:21:04 -06:00

Author

Owner

@reinerh commented on GitHub (Sep 8, 2021):

Error fcopy: invalid ownership for file /usr/local/bin/thing-you-do-not-trust
Error: failed to run /run/firejail/lib/fcopy, exiting...

Can you please show the permissions of the file /usr/local/bin/thing-you-do-not-trust?
Does it maybe belong to a different system user?

And are you using systemd-resolved?

@reinerh commented on GitHub (Sep 8, 2021): > Error fcopy: invalid ownership for file /usr/local/bin/thing-you-do-not-trust Error: failed to run /run/firejail/lib/fcopy, exiting... Can you please show the permissions of the file `/usr/local/bin/thing-you-do-not-trust`? Does it maybe belong to a different system user? And are you using `systemd-resolved`?

gitea-mirror commented

2026-05-05 09:21:04 -06:00

Author

Owner

@ghost commented on GitHub (Sep 9, 2021):

Perms are -rwxrwxr-x owner and group are me.

Not sure about systemd-resolved. I just upgraded and frankly the only real thing I know about the changes between releases is multi GPU is completely broken.

I forgot to note (again multi GPU broken == weeks of work, debugging and my brain is mush) the thing_I_do_not_trust is a py script and it was working on Ubuntu 18.04.5. I just copied it over and got the one fcopy error. So then I updated the script and got the different but still fcopy error. So it was working for the previous version of firejail...but again my whole system worked with everything I had in (Ubuntu) 18.04...20/21.04...more regression/broken than anything.

*Update - I still have to confess ignorance about your systemd-resolved question but systemd has been causing a hell of a lot of problems...looking at jumping ship fosho.

@ghost commented on GitHub (Sep 9, 2021): Perms are -rwxrwxr-x owner and group are me. Not sure about systemd-resolved. I just upgraded and frankly the only real thing I know about the changes between releases is multi GPU is completely broken. I forgot to note (again multi GPU broken == weeks of work, debugging and my brain is mush) the thing_I_do_not_trust is a py script and it was working on Ubuntu 18.04.5. I just copied it over and got the one fcopy error. So then I updated the script and got the different but still fcopy error. So it was working for the previous version of firejail...but again my whole system worked with everything I had in (Ubuntu) 18.04...20/21.04...more regression/broken than anything. *Update - I still have to confess ignorance about your systemd-resolved question but systemd has been causing a hell of a lot of problems...looking at jumping ship fosho.

gitea-mirror commented

2026-05-05 09:21:06 -06:00

Author

Owner

@reinerh commented on GitHub (Sep 10, 2021):

I was asking about systemd-resolved, because I found it in the function that prints your error message:
af947720d5/src/fcopy/main.c (L321-L352)

If I understand it correctly, the error can happen if /usr/local/bin/thing-you-do-not-trust is neither a directory, file, or symlink. Or if you run it as non-root and the file has a different owner than the user running firejail. Or if you are running it as root and it's a path somewhere in /run/systemd/resolve (though that does not seem to be the case for you).

@reinerh commented on GitHub (Sep 10, 2021): I was asking about systemd-resolved, because I found it in the function that prints your error message: https://github.com/netblue30/firejail/blob/af947720d5d5f7b4eff5bd498c66a5b31e4e4e8a/src/fcopy/main.c#L321-L352 If I understand it correctly, the error can happen if `/usr/local/bin/thing-you-do-not-trust` is neither a directory, file, or symlink. Or if you run it as non-root and the file has a different owner than the user running firejail. Or if you are running it as root and it's a path somewhere in `/run/systemd/resolve` (though that does not seem to be the case for you).

gitea-mirror commented

2026-05-05 09:21:07 -06:00

Author

Owner

@ghost commented on GitHub (Sep 11, 2021):

Gotcha. I'm mostly buried in my own projects/code/chores so I've largely tuned out changes between updates until now. I've found anything past 19.10 (in Ubuntu years) is brutally broken. Doesn't matter what distro/base/de...I'd like to know what the hell happened that everything has exploded...though I suspect for most my issues (non-firejail) it's preemptive insanity for Wayland. Despite that firejail has been working for everything else I use it for, just that one bin gives me grief. Fails with the repo package/profile, fails with the current package/profile and fails with the current package/newest-profile.

@ghost commented on GitHub (Sep 11, 2021): Gotcha. I'm mostly buried in my own projects/code/chores so I've largely tuned out changes between updates until now. I've found anything past 19.10 (in Ubuntu years) is brutally broken. Doesn't matter what distro/base/de...I'd like to know what the hell happened that everything has exploded...though I suspect for most my issues (non-firejail) it's preemptive insanity for Wayland. Despite that firejail has been working for everything else I use it for, just that one bin gives me grief. Fails with the repo package/profile, fails with the current package/profile and fails with the current package/newest-profile.

gitea-mirror commented

2026-05-05 09:21:08 -06:00

Author

Owner

@kmk3 commented on GitHub (Jul 9, 2025):

Error fcopy: invalid ownership for file /usr/local/bin/thing-you-do-not-trust

Perms are -rwxrwxr-x owner and group are me.

Error messages should be clearer as of:

#6801

Closing as a duplicate of:

#1531

@kmk3 commented on GitHub (Jul 9, 2025): > ``` > Error fcopy: invalid ownership for file /usr/local/bin/thing-you-do-not-trust > ``` > Perms are -rwxrwxr-x owner and group are me. Error messages should be clearer as of: * #6801 Closing as a duplicate of: * #1531

gitea-mirror referenced this issue

2026-05-05 10:20:59 -06:00

[PR #2691] [MERGED] cantata.profile #4486

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2691

No description provided.

Rows
Columns