[GH-ISSUE #5311] whalebird: program does not start (AppArmor/private-etc) #2953

New issue

Closed

opened 2026-05-05 09:37:06 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented 2026-05-05 09:37:06 -06:00

Owner

Copy link

Originally created by @cyberpunkrocker-zero on GitHub (Aug 13, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5311

Description

Whalebird-4.6.2 does not start using the default whalebird.profile. I had to comment out private-etc and add ignore apparmor to make it work.

Steps to Reproduce

Expected behavior

Actual behavior

Output with the default profile

Reading profile /etc/firejail/whalebird.profile
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 17300, child pid 17301
13 programs installed in 22.34 ms
Warning: skipping alternatives for private /etc
Private /etc installed in 3.61 ms
Warning: skipping alternatives for private /usr/etc
Warning: skipping fonts for private /usr/etc
Warning: skipping ld.so.cache for private /usr/etc
Warning: skipping ld.so.preload for private /usr/etc
Warning: skipping machine-id for private /usr/etc
Private /usr/etc installed in 0.04 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Child process initialized in 101.68 ms
LaunchProcess: failed to execvp:
/usr/share/whalebird/whalebird
LaunchProcess: failed to execvp:
/usr/share/whalebird/whalebird

Parent is shutting down, bye...

I got past this by adding "ignore apparmor". After that:

Reading profile /etc/firejail/whalebird.profile
Reading profile /etc/firejail/whalebird.local
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 18285, child pid 18287
13 programs installed in 22.60 ms
Warning: skipping alternatives for private /etc
Private /etc installed in 3.18 ms
Warning: skipping alternatives for private /usr/etc
Warning: skipping fonts for private /usr/etc
Warning: skipping ld.so.cache for private /usr/etc
Warning: skipping ld.so.preload for private /usr/etc
Warning: skipping machine-id for private /usr/etc
Private /usr/etc installed in 0.05 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Child process initialized in 120.38 ms
06:43:22.489 › Error: Can't insert key 2, it violates the unique constraint
    at _AVLTree.insert (/usr/share/whalebird/resources/app.asar/node_modules/binary-search-tree/lib/avltree.js:273:19)
    at AVLTree.insert (/usr/share/whalebird/resources/app.asar/node_modules/binary-search-tree/lib/avltree.js:307:27)
    at Index.insert (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/indexes.js:77:15)
    at Index.updateMultipleDocs (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/indexes.js:193:12)
    at Index.update (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/indexes.js:163:36)
    at Datastore.updateIndexes (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:223:29)
    at /usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:632:14
    at /usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:329:14
    at Object.async.eachSeries (/usr/share/whalebird/resources/app.asar/node_modules/async/lib/async.js:130:20)
    at /usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:323:11
06:43:22.536 › System proxy configuration: DIRECT
[23:0813/064322.586788:ERROR:browser_main_loop.cc(267)] Gtk: gtk_widget_add_accelerator: assertion 'GTK_IS_ACCEL_GROUP (accel_group)' failed
[23:0813/064322.586897:ERROR:browser_main_loop.cc(267)] Gtk: gtk_widget_add_accelerator: assertion 'GTK_IS_ACCEL_GROUP (accel_group)' failed
[58:0813/064322.591540:ERROR:angle_platform_impl.cc(44)] Display.cpp:940 (initialize): ANGLE Display::initialize error 12289: Could not create a backing OpenGL context.
[58:0813/064322.591624:ERROR:gl_surface_egl.cc(808)] EGL Driver message (Critical) eglInitialize: Could not create a backing OpenGL context.
[58:0813/064322.591648:ERROR:gl_surface_egl.cc(1430)] eglInitialize OpenGL failed with error EGL_NOT_INITIALIZED, trying next display type
[58:0813/064322.621458:ERROR:angle_platform_impl.cc(44)] Display.cpp:940 (initialize): ANGLE Display::initialize error 12289: Could not create a backing OpenGL context.
[58:0813/064322.621533:ERROR:gl_surface_egl.cc(808)] EGL Driver message (Critical) eglInitialize: Could not create a backing OpenGL context.
[58:0813/064322.621557:ERROR:gl_surface_egl.cc(1430)] eglInitialize OpenGLES failed with error EGL_NOT_INITIALIZED
[58:0813/064322.621579:ERROR:gl_ozone_egl.cc(20)] GLSurfaceEGL::InitializeOneOff failed.
[58:0813/064322.622480:ERROR:viz_main_impl.cc(188)] Exiting GPU process due to errors during initialization
[105:0813/064322.637937:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.
[23:0813/064322.722043:ERROR:browser_main_loop.cc(267)] Gdk: gdk_window_thaw_toplevel_updates: assertion 'window->update_and_descendants_freeze_count > 0' failed
Error occurred in handler for 'refresh-accounts': AxiosError: getaddrinfo EAI_AGAIN mastodon.online
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26) {
  hostname: 'mastodon.online',
  syscall: 'getaddrinfo',
  code: 'EAI_AGAIN',
  errno: -3001,
  config: {

...and then a very, very long list of json code, I suppose whalebird's internal configuration, and finally:

Error sending from webFrameMain:  Error: Failed to serialize arguments
    at EventEmitter.n.send (node:electron/js2c/browser_init:165:417)
    at EventEmitter.b.send (node:electron/js2c/browser_init:161:2494)
    at /usr/share/whalebird/resources/app.asar/dist/electron/main.js:1:261646
    at Generator.throw (<anonymous>)
    at s (/usr/share/whalebird/resources/app.asar/dist/electron/main.js:1:241903)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

At that point whalebird started, but couldn't connect anywhere in the net. Commenting out the "private-etc" section in the whalebird.profile fixed this and allowed whalebird to run normally.

Do you need the full output? As I said above it is a very, very, very long file...

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a terminal?

Whalebird started normally.

Additional context

Environment

• Linux distribution and version: Arch Linux
• Firejail version: 0.9.70

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
• I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

output goes here

Output of LC_ALL=C firejail --debug /path/to/program

output goes here

Originally created by @cyberpunkrocker-zero on GitHub (Aug 13, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5311 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Whalebird-4.6.2 does not start using the default whalebird.profile. I had to comment out _private-etc_ and add _ignore apparmor_ to make it work. ### Steps to Reproduce ### Expected behavior ### Actual behavior Output with the default profile ``` Reading profile /etc/firejail/whalebird.profile Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 17300, child pid 17301 13 programs installed in 22.34 ms Warning: skipping alternatives for private /etc Private /etc installed in 3.61 ms Warning: skipping alternatives for private /usr/etc Warning: skipping fonts for private /usr/etc Warning: skipping ld.so.cache for private /usr/etc Warning: skipping ld.so.preload for private /usr/etc Warning: skipping machine-id for private /usr/etc Private /usr/etc installed in 0.04 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/gvfs Child process initialized in 101.68 ms LaunchProcess: failed to execvp: /usr/share/whalebird/whalebird LaunchProcess: failed to execvp: /usr/share/whalebird/whalebird Parent is shutting down, bye... ``` I got past this by adding "ignore apparmor". After that: ``` Reading profile /etc/firejail/whalebird.profile Reading profile /etc/firejail/whalebird.local Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 18285, child pid 18287 13 programs installed in 22.60 ms Warning: skipping alternatives for private /etc Private /etc installed in 3.18 ms Warning: skipping alternatives for private /usr/etc Warning: skipping fonts for private /usr/etc Warning: skipping ld.so.cache for private /usr/etc Warning: skipping ld.so.preload for private /usr/etc Warning: skipping machine-id for private /usr/etc Private /usr/etc installed in 0.05 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/gvfs Child process initialized in 120.38 ms 06:43:22.489 › Error: Can't insert key 2, it violates the unique constraint at _AVLTree.insert (/usr/share/whalebird/resources/app.asar/node_modules/binary-search-tree/lib/avltree.js:273:19) at AVLTree.insert (/usr/share/whalebird/resources/app.asar/node_modules/binary-search-tree/lib/avltree.js:307:27) at Index.insert (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/indexes.js:77:15) at Index.updateMultipleDocs (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/indexes.js:193:12) at Index.update (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/indexes.js:163:36) at Datastore.updateIndexes (/usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:223:29) at /usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:632:14 at /usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:329:14 at Object.async.eachSeries (/usr/share/whalebird/resources/app.asar/node_modules/async/lib/async.js:130:20) at /usr/share/whalebird/resources/app.asar/node_modules/nedb/lib/datastore.js:323:11 06:43:22.536 › System proxy configuration: DIRECT [23:0813/064322.586788:ERROR:browser_main_loop.cc(267)] Gtk: gtk_widget_add_accelerator: assertion 'GTK_IS_ACCEL_GROUP (accel_group)' failed [23:0813/064322.586897:ERROR:browser_main_loop.cc(267)] Gtk: gtk_widget_add_accelerator: assertion 'GTK_IS_ACCEL_GROUP (accel_group)' failed [58:0813/064322.591540:ERROR:angle_platform_impl.cc(44)] Display.cpp:940 (initialize): ANGLE Display::initialize error 12289: Could not create a backing OpenGL context. [58:0813/064322.591624:ERROR:gl_surface_egl.cc(808)] EGL Driver message (Critical) eglInitialize: Could not create a backing OpenGL context. [58:0813/064322.591648:ERROR:gl_surface_egl.cc(1430)] eglInitialize OpenGL failed with error EGL_NOT_INITIALIZED, trying next display type [58:0813/064322.621458:ERROR:angle_platform_impl.cc(44)] Display.cpp:940 (initialize): ANGLE Display::initialize error 12289: Could not create a backing OpenGL context. [58:0813/064322.621533:ERROR:gl_surface_egl.cc(808)] EGL Driver message (Critical) eglInitialize: Could not create a backing OpenGL context. [58:0813/064322.621557:ERROR:gl_surface_egl.cc(1430)] eglInitialize OpenGLES failed with error EGL_NOT_INITIALIZED [58:0813/064322.621579:ERROR:gl_ozone_egl.cc(20)] GLSurfaceEGL::InitializeOneOff failed. [58:0813/064322.622480:ERROR:viz_main_impl.cc(188)] Exiting GPU process due to errors during initialization [105:0813/064322.637937:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process. [23:0813/064322.722043:ERROR:browser_main_loop.cc(267)] Gdk: gdk_window_thaw_toplevel_updates: assertion 'window->update_and_descendants_freeze_count > 0' failed Error occurred in handler for 'refresh-accounts': AxiosError: getaddrinfo EAI_AGAIN mastodon.online at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26) { hostname: 'mastodon.online', syscall: 'getaddrinfo', code: 'EAI_AGAIN', errno: -3001, config: { ...and then a very, very long list of json code, I suppose whalebird's internal configuration, and finally: Error sending from webFrameMain: Error: Failed to serialize arguments at EventEmitter.n.send (node:electron/js2c/browser_init:165:417) at EventEmitter.b.send (node:electron/js2c/browser_init:161:2494) at /usr/share/whalebird/resources/app.asar/dist/electron/main.js:1:261646 at Generator.throw (<anonymous>) at s (/usr/share/whalebird/resources/app.asar/dist/electron/main.js:1:241903) at processTicksAndRejections (node:internal/process/task_queues:96:5) ``` At that point whalebird started, but couldn't connect anywhere in the net. Commenting out the "private-etc" section in the whalebird.profile fixed this and allowed whalebird to run normally. Do you need the full output? As I said above it is a very, very, very long file... ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ Whalebird started normally. ### Additional context ### Environment - Linux distribution and version: Arch Linux - Firejail version: 0.9.70 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` output goes here ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` output goes here ``` </p> </details>

gitea-mirror closed this issue 2026-05-05 09:37:07 -06:00

gitea-mirror commented 2026-05-05 09:37:09 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Aug 13, 2022):

Can you try

ignore apparmor
private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl

<!-- gh-comment-id:1213910729 --> @rusty-snake commented on GitHub (Aug 13, 2022): Can you try ``` ignore apparmor private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl ```

gitea-mirror commented 2026-05-05 09:37:10 -06:00

Author

Owner

Copy link

@cyberpunkrocker-zero commented on GitHub (Aug 13, 2022):

Yeah, thanks for the fast response! That fixed the issue :).
Whalebird runs now normally with firejail.

<!-- gh-comment-id:1213923817 --> @cyberpunkrocker-zero commented on GitHub (Aug 13, 2022): Yeah, thanks for the fast response! That fixed the issue :). Whalebird runs now normally with firejail.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2953

No description provided.