[GH-ISSUE #5211] Transmission crashes in a second #2918

New issue

Closed

opened 2026-05-05 09:34:56 -06:00 by gitea-mirror · 18 comments

gitea-mirror commented 2026-05-05 09:34:56 -06:00

Owner

Copy link

Originally created by @egor-yudkin on GitHub (Jun 21, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5211

Description

Running Transmission torrent client with default profile makes it crash in a second.
I'm using default transmission profiles.

Steps to Reproduce

1. Run firejail transmission-gtk

Expected behavior

Transmission should continue to run normally

Actual behavior

1. Application window opens for a second, then disappears

Behavior without a profile

Application works fine with --noprofile

Additional context

I tried to use a trasmission-gtk.local profile with DBus filter as described in #5161, but this makes things even worse - I'm just getting another error Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown and Transmission doesn't even start

Environment

• Ubuntu 22.04 LTS
• Firejail 0.9.70
• Transmission 3.00-2ubuntu2

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
• I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail transmission-gtk

** (transmission-gtk:12): WARNING **: 10:34:52.072: Failed to create proxy for org.freedesktop.Notifications

Output of LC_ALL=C firejail --debug transmission-gtk

[transmission-firejail-debug.log](https://github.com/netblue30/firejail/files/8949953/transmission-firejail-debug.log)

Originally created by @egor-yudkin on GitHub (Jun 21, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5211 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Running Transmission torrent client with default profile makes it crash in a second. I'm using default transmission profiles. ### Steps to Reproduce 1. Run `firejail transmission-gtk` ### Expected behavior Transmission should continue to run normally ### Actual behavior 1. Application window opens for a second, then disappears ### Behavior without a profile Application works fine with --noprofile ### Additional context I tried to use a trasmission-gtk.local profile with DBus filter as described in #5161, but this makes things even worse - I'm just getting another error `Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown` and Transmission doesn't even start ### Environment - Ubuntu 22.04 LTS - Firejail 0.9.70 - Transmission 3.00-2ubuntu2 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail transmission-gtk</code></summary> <p> ``` ** (transmission-gtk:12): WARNING **: 10:34:52.072: Failed to create proxy for org.freedesktop.Notifications ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug transmission-gtk</code></summary> <p> [transmission-firejail-debug.log](https://github.com/netblue30/firejail/files/8949953/transmission-firejail-debug.log) </p> </details>

gitea-mirror closed this issue 2026-05-05 09:34:57 -06:00

gitea-mirror commented 2026-05-05 09:34:59 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jun 21, 2022):

Hmm, your debug log shows this warning on line 26:

Warning: networking feature is disabled in Firejail configuration file

By default that is enabled. Did you make any other changes to your /etc/firejail/firejail.config?

<!-- gh-comment-id:1161985354 --> @ghost commented on GitHub (Jun 21, 2022): Hmm, your debug log shows this warning on line 26: `Warning: networking feature is disabled in Firejail configuration file` By default that is enabled. Did you make any other changes to your /etc/firejail/firejail.config?

gitea-mirror commented 2026-05-05 09:35:00 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 21, 2022):

Debian disables it (for unprivileged users) by default (for security reasons).

Ubuntu uses the same package AFAIK.

<!-- gh-comment-id:1161999709 --> @rusty-snake commented on GitHub (Jun 21, 2022): Debian disables it (for unprivileged users) by default (for security reasons). Ubuntu uses the same package AFAIK.

gitea-mirror commented 2026-05-05 09:35:01 -06:00

Author

Owner

Copy link

@egor-yudkin commented on GitHub (Jun 21, 2022):

@glitsj16 Honestly, I'm not sure if I made this change... I don't recollect touching firejail.config at all. Could it be because I've originally installed firejail from Ubuntu repo, but then updated it from ppa:deki/firejail?
If I can assume that any uncommented lines in that file are changes to defaults, then I have two of them:

cgroup no
restricted-network yes

<!-- gh-comment-id:1162002933 --> @egor-yudkin commented on GitHub (Jun 21, 2022): @glitsj16 Honestly, I'm not sure if I made this change... I don't recollect touching firejail.config at all. Could it be because I've originally installed firejail from Ubuntu repo, but then updated it from ppa:deki/firejail? If I can assume that any uncommented lines in that file are changes to defaults, then I have two of them: ``` cgroup no restricted-network yes ```

gitea-mirror commented 2026-05-05 09:35:02 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 21, 2022):

https://sources.debian.org/patches/firejail/0.9.64.4-2/config-hardening.patch/

<!-- gh-comment-id:1162029543 --> @rusty-snake commented on GitHub (Jun 21, 2022): https://sources.debian.org/patches/firejail/0.9.64.4-2/config-hardening.patch/

gitea-mirror commented 2026-05-05 09:35:03 -06:00

Author

Owner

Copy link

@egor-yudkin commented on GitHub (Jun 21, 2022):

@rusty-snake Ok, this makes some sense to me now... But how I "fix" this?
Can I do something like ignore restricted-network in my local config file for transmission? Or I have to revert that change in firejail.config made by Debian?

<!-- gh-comment-id:1162086155 --> @egor-yudkin commented on GitHub (Jun 21, 2022): @rusty-snake Ok, this makes some sense to me now... But how I "fix" this? Can I do something like `ignore restricted-network` in my local config file for transmission? Or I have to revert that change in firejail.config made by Debian?

gitea-mirror commented 2026-05-05 09:35:04 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jun 21, 2022):

@egor-yudkin The special treatment of these specific settings on Debian/Ubuntu is news to me too. In that context the warning is to be expected and might not be relevant to your transmission-gtk issue. I only noticed it in your debug log and that triggered the above question. To make sure you can temporarily change restricted-network by commenting it in your /etc/firejail/firejail.config. Besides trying that you can start commenting lines in /etc/firejail/transmission-{common,gtk}.profile one by one to find the option(s) that seem to cause what you're seeing. A simple debug tip: start TM in a terminal like firejail --ignore=quiet /usr/bin/transmission-gtk so you can follow the loading of profile files and local overrides you might have more easily.

<!-- gh-comment-id:1162171675 --> @ghost commented on GitHub (Jun 21, 2022): @egor-yudkin The special treatment of these specific settings on Debian/Ubuntu is news to me too. In that context the warning is to be expected and might not be relevant to your transmission-gtk issue. I only noticed it in your debug log and that triggered the above question. To make sure you can `temporarily` change `restricted-network` by commenting it in your /etc/firejail/firejail.config. Besides trying that you can start commenting lines in /etc/firejail/transmission-{common,gtk}.profile one by one to find the option(s) that seem to cause what you're seeing. A simple debug tip: start TM in a terminal like `firejail --ignore=quiet /usr/bin/transmission-gtk` so you can follow the loading of profile files and local overrides you might have more easily.

gitea-mirror commented 2026-05-05 09:35:05 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 21, 2022):

First, if --noprofile works is restricted-network unrelated. Second does firejail --ignore="dbus-user none" /usr/bin/transmission-gtk work?

<!-- gh-comment-id:1162232562 --> @rusty-snake commented on GitHub (Jun 21, 2022): First, if `--noprofile` works is `restricted-network` unrelated. Second does `firejail --ignore="dbus-user none" /usr/bin/transmission-gtk` work?

gitea-mirror commented 2026-05-05 09:35:06 -06:00

Author

Owner

Copy link

@egor-yudkin commented on GitHub (Jun 21, 2022):

First, if --noprofile works is restricted-network unrelated. Second does firejail --ignore="dbus-user none" /usr/bin/transmission-gtk work?

1. True. I tried to follow @glitsj16 advice and temporarily changed it back to default - this didn't help
2. It does not. I'm getting another warning, though. Here is the full output with --ignore=quiet:

firejail --ignore=quiet --ignore="dbus-user none" /usr/bin/transmission-gtk
Reading profile /etc/firejail/transmission-gtk.profile
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/transmission-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 28411, child pid 28412
1 program installed in 1.58 ms
Standard C library installed in 1.06 ms
Firejail libraries installed in 0.59 ms
Program libraries installed in 11.91 ms
GdkPixbuf installed in 3.77 ms
GTK3 installed in 6.23 ms
Pango installed in 0.00 ms
GIO installed in 1.74 ms
Installed 151 libraries and 6 directories
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Warning: cleaning all supplementary groups
Child process initialized in 191.46 ms

(transmission-gtk:12): dbind-WARNING **: 15:29:38.459: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such file or directory

Parent is shutting down, bye...

<!-- gh-comment-id:1162239250 --> @egor-yudkin commented on GitHub (Jun 21, 2022): > First, if `--noprofile` works is `restricted-network` unrelated. Second does `firejail --ignore="dbus-user none" /usr/bin/transmission-gtk` work? 1. True. I tried to follow @glitsj16 advice and temporarily changed it back to default - this didn't help 2. It does not. I'm getting another warning, though. Here is the full output with --ignore=quiet: ``` firejail --ignore=quiet --ignore="dbus-user none" /usr/bin/transmission-gtk Reading profile /etc/firejail/transmission-gtk.profile Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/transmission-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 28411, child pid 28412 1 program installed in 1.58 ms Standard C library installed in 1.06 ms Firejail libraries installed in 0.59 ms Program libraries installed in 11.91 ms GdkPixbuf installed in 3.77 ms GTK3 installed in 6.23 ms Pango installed in 0.00 ms GIO installed in 1.74 ms Installed 151 libraries and 6 directories Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Warning: cleaning all supplementary groups Child process initialized in 191.46 ms (transmission-gtk:12): dbind-WARNING **: 15:29:38.459: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such file or directory Parent is shutting down, bye... ```

gitea-mirror commented 2026-05-05 09:35:06 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 21, 2022):

Ok, then it's not dbus.

Maybe it's seccomp. Can you check your syslog and try --ignore=memory-deny-write-execute.

<!-- gh-comment-id:1162245192 --> @rusty-snake commented on GitHub (Jun 21, 2022): Ok, then it's not dbus. Maybe it's seccomp. Can you check your syslog and try `--ignore=memory-deny-write-execute`.

gitea-mirror commented 2026-05-05 09:35:07 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 21, 2022):

Do you use Wayland?

<!-- gh-comment-id:1162245589 --> @rusty-snake commented on GitHub (Jun 21, 2022): Do you use Wayland?

gitea-mirror commented 2026-05-05 09:35:08 -06:00

Author

Owner

Copy link

@egor-yudkin commented on GitHub (Jun 21, 2022):

Can you check your syslog and try --ignore=memory-deny-write-execute.

Doesn't work. Same warning as it was originally.

Do you use Wayland?

Yes

<!-- gh-comment-id:1162252575 --> @egor-yudkin commented on GitHub (Jun 21, 2022): > Can you check your syslog and try --ignore=memory-deny-write-execute. Doesn't work. Same warning as it was originally. > Do you use Wayland? Yes

gitea-mirror commented 2026-05-05 09:35:09 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (Jun 21, 2022):

A Debian user also reported a problem with transmission and 0.9.70: https://bugs.debian.org/1012734
Maybe it's the same issue, sorry for not forwarding it earlier, I wanted to confirm/reproduce it first...

@egor-yudkin
Can you please try it with --ignore=private-lib?

<!-- gh-comment-id:1162257393 --> @reinerh commented on GitHub (Jun 21, 2022): A Debian user also reported a problem with transmission and 0.9.70: https://bugs.debian.org/1012734 Maybe it's the same issue, sorry for not forwarding it earlier, I wanted to confirm/reproduce it first... @egor-yudkin Can you please try it with `--ignore=private-lib`?

gitea-mirror commented 2026-05-05 09:35:09 -06:00

Author

Owner

Copy link

@egor-yudkin commented on GitHub (Jun 21, 2022):

Can you please try it with --ignore=private-lib?

This is it! It works with --ignore=private-lib

<!-- gh-comment-id:1162260219 --> @egor-yudkin commented on GitHub (Jun 21, 2022): > Can you please try it with --ignore=private-lib? This is it! It works with `--ignore=private-lib`

gitea-mirror commented 2026-05-05 09:35:10 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (Jun 21, 2022):

@rusty-snake @glitsj16
We already ignore private-lib in transmission-remote-gtk.profile and transmission-qt.profile. What about disabling it in general (transmission-common.profile)?

<!-- gh-comment-id:1162267750 --> @reinerh commented on GitHub (Jun 21, 2022): @rusty-snake @glitsj16 We already ignore private-lib in `transmission-remote-gtk.profile` and `transmission-qt.profile`. What about disabling it in general (`transmission-common.profile`)?

gitea-mirror commented 2026-05-05 09:35:10 -06:00

Author

Owner

Copy link

@egor-yudkin commented on GitHub (Jun 21, 2022):

I just tried to do what the person who reported a bug suggested, and it worked.
Add to ~/.config/firejail/transmission-gtk.local:

# A fix for Debian-patched Transmission; Allows using RC4. See https://bugs.debian.org/1012734
private-lib x86_64-linux-gnu/ossl-modules,legacy.so

<!-- gh-comment-id:1162285870 --> @egor-yudkin commented on GitHub (Jun 21, 2022): I just tried to do what the person who reported [a bug](https://bugs.debian.org/1012734) suggested, and it worked. Add to `~/.config/firejail/transmission-gtk.local`: ``` # A fix for Debian-patched Transmission; Allows using RC4. See https://bugs.debian.org/1012734 private-lib x86_64-linux-gnu/ossl-modules,legacy.so ```

gitea-mirror commented 2026-05-05 09:35:11 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (Jun 21, 2022):

I just tried to do what the person who reported a bug suggested, and it worked. Add to ~/.config/firejail/transmission-gtk.local:

Thanks for the confirmation! :)

<!-- gh-comment-id:1162287230 --> @reinerh commented on GitHub (Jun 21, 2022): > I just tried to do what the person who reported [a bug](https://bugs.debian.org/1012734) suggested, and it worked. Add to `~/.config/firejail/transmission-gtk.local`: Thanks for the confirmation! :)

gitea-mirror commented 2026-05-05 09:35:11 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Jun 21, 2022):

We already ignore private-lib in transmission-remote-gtk.profile and transmission-qt.profile. What about disabling it in general (transmission-common.profile)?

@reinerh Sounds like the wise thing to do seeing private-lib causes this kind of breakage. I'll hold until we get @rusty-snake's opinion on this before making a PR to remove private-lib from all relevant profiles. Thanks for clearing things up!

<!-- gh-comment-id:1162403905 --> @ghost commented on GitHub (Jun 21, 2022): > We already ignore private-lib in transmission-remote-gtk.profile and transmission-qt.profile. What about disabling it in general (transmission-common.profile)? @reinerh Sounds like the wise thing to do seeing `private-lib` causes this kind of breakage. I'll hold until we get @rusty-snake's opinion on this before making a PR to remove private-lib from all relevant profiles. Thanks for clearing things up!

gitea-mirror commented 2026-05-05 09:35:12 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (Jun 22, 2022):

Closed by #5213

<!-- gh-comment-id:1163481381 --> @reinerh commented on GitHub (Jun 22, 2022): Closed by #5213

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2918

No description provided.