github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #5764] pidgin: program does not start #3086

New issue
Closed
opened 2026-05-05 09:43:36 -06:00 by gitea-mirror · 16 comments
gitea-mirror commented 2026-05-05 09:43:36 -06:00
Owner
Copy link

Originally created by @Xunil73 on GitHub (Mar 28, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5764

Since one week Pidgin doesn't start anymore with Firejail. I'm using Arch Linux 6.2.8-arch1-1 and Firejail --version 0.9.72.

The output when Pidgin is started with pidgin.profile:

Reading profile /etc/firejail/pidgin.profile
Reading profile /etc/firejail/pidgin.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 4564, child pid 4565
Private /etc installed in 8.20 ms
Private /usr/etc installed in 0.01 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 342.96 ms
Fontconfig error: Cannot load default config file: No such file: (null)
Pidgin 2.14.12 hat einen Speicherzugriffsfehler festgestellt und 
versucht, eine Core-Datei zu schreiben.  Dies ist ein 
Fehler im Programm und kein Fehler von Ihnen.

Wenn Sie den Absturz reproduzieren können, informieren Sie 
bitte die Entwickler mit einem Fehlerbericht auf:
https://pidgin.im/development/simpleticket/

Bitte geben Sie unbedingt an, was Sie getan haben als der 
Fehler aufgetreten ist, und posten Sie den Backtrace aus 
der Core-Datei. Falls Sie nicht wissen, wie man einen 
Backtrace erstellt, lesen Sie bitte die Informationen auf 
https://pidgin.im/development/wiki/GetABacktrace

Parent is shutting down, bye...

if it's important there's a output from coredumpctl info /usr/bin/pidgin attached:

coredumpinfo_pidgin.txt

Originally created by @Xunil73 on GitHub (Mar 28, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5764 Since one week Pidgin doesn't start anymore with Firejail. I'm using Arch Linux 6.2.8-arch1-1 and Firejail --version 0.9.72. The output when Pidgin is started with pidgin.profile: ~~~ Reading profile /etc/firejail/pidgin.profile Reading profile /etc/firejail/pidgin.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 4564, child pid 4565 Private /etc installed in 8.20 ms Private /usr/etc installed in 0.01 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: Cannot confine the application using AppArmor. Maybe firejail-default AppArmor profile is not loaded into the kernel. As root, run "aa-enforce firejail-default" to load it. Child process initialized in 342.96 ms Fontconfig error: Cannot load default config file: No such file: (null) Pidgin 2.14.12 hat einen Speicherzugriffsfehler festgestellt und versucht, eine Core-Datei zu schreiben. Dies ist ein Fehler im Programm und kein Fehler von Ihnen. Wenn Sie den Absturz reproduzieren können, informieren Sie bitte die Entwickler mit einem Fehlerbericht auf: https://pidgin.im/development/simpleticket/ Bitte geben Sie unbedingt an, was Sie getan haben als der Fehler aufgetreten ist, und posten Sie den Backtrace aus der Core-Datei. Falls Sie nicht wissen, wie man einen Backtrace erstellt, lesen Sie bitte die Informationen auf https://pidgin.im/development/wiki/GetABacktrace Parent is shutting down, bye... ~~~ if it's important there's a output from `coredumpctl info /usr/bin/pidgin` attached: [coredumpinfo_pidgin.txt](https://github.com/netblue30/firejail/files/11090281/coredumpinfo_pidgin.txt)
gitea-mirror commented 2026-05-05 09:43:39 -06:00
Author
Owner
Copy link

@Xunil73 commented on GitHub (Mar 28, 2023):

The same error can be found in Debian Bullseye uname -r 5.10.0-21-amd64 with firejail --version firejail version 0.9.64.4

theres the console output when starting Pidgin:

Reading profile /etc/firejail/pidgin.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 1484, child pid 1485
Blacklist violations are logged to syslog
Child process initialized in 373.75 ms

(Pidgin:7): dbind-WARNING **: 21:26:35.063: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-BnAkSLZNtC: Datei oder Verzeichnis nicht gefunden
libva info: VA-API version 1.10.0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so
libva info: Found init function __vaDriverInit_1_10
libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed
libva info: va_openDriver() returns 1
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_1_8
libva info: va_openDriver() returns 0
Pidgin 2.14.1 hat einen Speicherzugriffsfehler festgestellt und 
versucht, eine Core-Datei zu schreiben.  Dies ist ein 
Fehler im Programm und kein Fehler von Ihnen.

Wenn Sie den Absturz reproduzieren können, informieren Sie 
bitte die Entwickler mit einem Fehlerbericht auf:
http://developer.pidgin.im/simpleticket/

Bitte geben Sie unbedingt an, was Sie getan haben als der 
Fehler aufgetreten ist, und posten Sie den Backtrace aus 
der Core-Datei. Falls Sie nicht wissen, wie man einen 
Backtrace erstellt, lesen Sie bitte die Informationen auf 
http://developer.pidgin.im/wiki/GetABacktrace

Parent is shutting down, bye...
<!-- gh-comment-id:1487492649 --> @Xunil73 commented on GitHub (Mar 28, 2023): The same error can be found in Debian Bullseye `uname -r` `5.10.0-21-amd64` with `firejail --version` `firejail version 0.9.64.4` theres the console output when starting Pidgin: ~~~ Reading profile /etc/firejail/pidgin.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 1484, child pid 1485 Blacklist violations are logged to syslog Child process initialized in 373.75 ms (Pidgin:7): dbind-WARNING **: 21:26:35.063: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-BnAkSLZNtC: Datei oder Verzeichnis nicht gefunden libva info: VA-API version 1.10.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_10 libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed libva info: va_openDriver() returns 1 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so libva info: Found init function __vaDriverInit_1_8 libva info: va_openDriver() returns 0 Pidgin 2.14.1 hat einen Speicherzugriffsfehler festgestellt und versucht, eine Core-Datei zu schreiben. Dies ist ein Fehler im Programm und kein Fehler von Ihnen. Wenn Sie den Absturz reproduzieren können, informieren Sie bitte die Entwickler mit einem Fehlerbericht auf: http://developer.pidgin.im/simpleticket/ Bitte geben Sie unbedingt an, was Sie getan haben als der Fehler aufgetreten ist, und posten Sie den Backtrace aus der Core-Datei. Falls Sie nicht wissen, wie man einen Backtrace erstellt, lesen Sie bitte die Informationen auf http://developer.pidgin.im/wiki/GetABacktrace Parent is shutting down, bye... ~~~
gitea-mirror commented 2026-05-05 09:43:40 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 29, 2023):

Since one week Pidgin doesn't start anymore with Firejail. I'm using Arch Linux 6.2.8-arch1-1 and Firejail --version 0.9.72.

We'll need more context here to be able to offer any help. Does this happen without running pidgin through firejail? Does it work with --noprofile? When you (temporarily) disable all plugins, is pidgin still crashing?

Reading profile /etc/firejail/pidgin.local

Similar remark as above. Please post this file's content here so it's clear if there's anything in it that might be causing what you're seeing.

<!-- gh-comment-id:1487765112 --> @ghost commented on GitHub (Mar 29, 2023): > Since one week Pidgin doesn't start anymore with Firejail. I'm using Arch Linux 6.2.8-arch1-1 and Firejail --version 0.9.72. We'll need more context here to be able to offer any help. Does this happen without running pidgin through firejail? Does it work with --noprofile? When you (temporarily) disable all plugins, is pidgin still crashing? > Reading profile /etc/firejail/pidgin.local Similar remark as above. Please post this file's content here so it's clear if there's anything in it that might be causing what you're seeing.
gitea-mirror commented 2026-05-05 09:43:41 -06:00
Author
Owner
Copy link

@Xunil73 commented on GitHub (Mar 29, 2023):

If Pidgin is run without firejail then it works. Similarly starting Pidgin with firejail --noprofile pidgin works:

Parent pid 2622, child pid 2623
Child process initialized in 12.00 ms
Warning: an existing sandbox was detected. /usr/bin/pidgin will run without any additional sandboxing features

there are no extra plugins installed in Pidgin.

$ cat pidgin.local 
private-etc ld.so.conf,ld.so.conf.d,ld.so.preload

i found this in the ArchLinux forum, but it does not affect the functionality, it's the same
without this.

i tried to figure the error out by creating a custom profile with firejail --build=file.profile /usr/bin/pidgin and cross checking the
profile with the default. For test i added each "whitelist" entry i found in the profile to the pidgin.local and tried it, but there is the same behaviour. Finally i tried the created firejail --build profile alone, in this case Pidgin starts up but does not recognize the personal settings (stored accounts and settings), it starts as a fresh installation of Pidgin which still needs to be configured.

Heres the content of the created profile with firejail --build=file.profile /usr/bin/pidgin

# Save this file as "application.profile" (change "application" with the
# program name) in ~/.config/firejail directory. Firejail will find it
# automatically every time you sandbox your application.
#
# Run "firejail application" to test it. In the file there are
# some other commands you can try. Enable them by removing the "#".

# Firejail profile for /usr/bin/pidgin
# Persistent local customizations
#include /usr/bin/pidgin.local
# Persistent global definitions
#include globals.local

### Basic Blacklisting ###
### Enable as many of them as you can! A very important one is
### "disable-exec.inc". This will make among other things your home
### and /tmp directories non-executable.
include disable-common.inc	# dangerous directories like ~/.ssh and ~/.gnupg
#include disable-devel.inc	# development tools such as gcc and gdb
#include disable-exec.inc	# non-executable directories such as /var, /tmp, and /home
#include disable-interpreters.inc	# perl, python, lua etc.
include disable-programs.inc	# user configuration for programs such as firefox, vlc etc.
#include disable-shell.inc	# sh, bash, zsh etc.
#include disable-xdg.inc	# standard user directories: Documents, Pictures, Videos, Music

### Home Directory Whitelisting ###
### If something goes wrong, this section is the first one to comment out.
### Instead, you'll have to relay on the basic blacklisting above.
whitelist ${HOME}/.config/enchant
whitelist ${HOME}/.face
whitelist ${HOME}/.face.icon
whitelist ${HOME}/.local/share/pixmaps/pidgin
whitelist ${HOME}/.local/share/pixmaps/pidgin/buttons
whitelist ${HOME}/.local/share/vulkan
whitelist ${HOME}/.config/vulkan
whitelist ${HOME}/.config/alsa
whitelist ${HOME}/.frei0r-1
whitelist ${HOME}/.lv2
whitelist ${HOME}/.local/share/gstreamer-1.0
whitelist ${HOME}/.cache/gstreamer-1.0
whitelist ${HOME}/.zephyr.vars
whitelist ${HOME}/.Xdefaults-archmachine
whitelist ${HOME}/.purple
whitelist ${HOME}/.gtkrc-2.0.de
whitelist ${HOME}/.gtkrc-2.0.de_DE
whitelist ${HOME}/.gaim
include whitelist-common.inc

### Filesystem Whitelisting ###
whitelist /run/systemd/machines/stun.jabber.de
whitelist /run/systemd/machines/archmachine
whitelist /run/systemd/machines/jabber.de
whitelist /run/systemd/resolve/io.systemd.Resolve
whitelist /run/systemd/machines/irc.darkfasel.net
whitelist /run/udev/control
include whitelist-run-common.inc
whitelist ${RUNUSER}/pulse
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
whitelist /var/lib/alsa/conf.d
include whitelist-var-common.inc

#apparmor	# if you have AppArmor running, try this one!
caps.drop all
ipc-namespace
netfilter
#no3d	# disable 3D acceleration
#nodvd	# disable DVD and CD devices
#nogroups	# disable supplementary user groups
#noinput	# disable input devices
nonewprivs
noroot
#notv	# disable DVB TV devices
#nou2f	# disable U2F devices
#novideo	# disable video capture devices
protocol unix,inet,inet6,netlink,
#net eth0
netfilter
seccomp !chroot	# allowing chroot, just in case this is an Electron app
shell none
#tracelog	# send blacklist violations to syslog

#disable-mnt	# no access to /mnt, /media, /run/mount and /run/media
private-bin pidgin,
#private-cache	# run with an empty ~/.cache directory
#private-dev
# This is the list of devices accessed on top of regular private-dev devices:
# /dev,
private-etc ssl,fonts,vulkan,asound.conf,alsa,machine-id,pulse,zephyr.vars,gtk-2.0,xdg,
#private-lib
private-tmp

#dbus-user none
#dbus-system none

#memory-deny-write-execute
<!-- gh-comment-id:1488140866 --> @Xunil73 commented on GitHub (Mar 29, 2023): If Pidgin is run without firejail then it works. Similarly starting Pidgin with `firejail --noprofile pidgin` works: ~~~ Parent pid 2622, child pid 2623 Child process initialized in 12.00 ms Warning: an existing sandbox was detected. /usr/bin/pidgin will run without any additional sandboxing features ~~~ there are no extra plugins installed in Pidgin. ~~~ $ cat pidgin.local private-etc ld.so.conf,ld.so.conf.d,ld.so.preload ~~~ i found this in the ArchLinux forum, but it does not affect the functionality, it's the same without this. i tried to figure the error out by creating a custom profile with `firejail --build=file.profile /usr/bin/pidgin` and cross checking the profile with the default. For test i added each "whitelist" entry i found in the profile to the `pidgin.local` and tried it, but there is the same behaviour. Finally i tried the created `firejail --build` profile alone, in this case Pidgin starts up but does not recognize the personal settings (stored accounts and settings), it starts as a fresh installation of Pidgin which still needs to be configured. Heres the content of the created profile with `firejail --build=file.profile /usr/bin/pidgin` ~~~ # Save this file as "application.profile" (change "application" with the # program name) in ~/.config/firejail directory. Firejail will find it # automatically every time you sandbox your application. # # Run "firejail application" to test it. In the file there are # some other commands you can try. Enable them by removing the "#". # Firejail profile for /usr/bin/pidgin # Persistent local customizations #include /usr/bin/pidgin.local # Persistent global definitions #include globals.local ### Basic Blacklisting ### ### Enable as many of them as you can! A very important one is ### "disable-exec.inc". This will make among other things your home ### and /tmp directories non-executable. include disable-common.inc # dangerous directories like ~/.ssh and ~/.gnupg #include disable-devel.inc # development tools such as gcc and gdb #include disable-exec.inc # non-executable directories such as /var, /tmp, and /home #include disable-interpreters.inc # perl, python, lua etc. include disable-programs.inc # user configuration for programs such as firefox, vlc etc. #include disable-shell.inc # sh, bash, zsh etc. #include disable-xdg.inc # standard user directories: Documents, Pictures, Videos, Music ### Home Directory Whitelisting ### ### If something goes wrong, this section is the first one to comment out. ### Instead, you'll have to relay on the basic blacklisting above. whitelist ${HOME}/.config/enchant whitelist ${HOME}/.face whitelist ${HOME}/.face.icon whitelist ${HOME}/.local/share/pixmaps/pidgin whitelist ${HOME}/.local/share/pixmaps/pidgin/buttons whitelist ${HOME}/.local/share/vulkan whitelist ${HOME}/.config/vulkan whitelist ${HOME}/.config/alsa whitelist ${HOME}/.frei0r-1 whitelist ${HOME}/.lv2 whitelist ${HOME}/.local/share/gstreamer-1.0 whitelist ${HOME}/.cache/gstreamer-1.0 whitelist ${HOME}/.zephyr.vars whitelist ${HOME}/.Xdefaults-archmachine whitelist ${HOME}/.purple whitelist ${HOME}/.gtkrc-2.0.de whitelist ${HOME}/.gtkrc-2.0.de_DE whitelist ${HOME}/.gaim include whitelist-common.inc ### Filesystem Whitelisting ### whitelist /run/systemd/machines/stun.jabber.de whitelist /run/systemd/machines/archmachine whitelist /run/systemd/machines/jabber.de whitelist /run/systemd/resolve/io.systemd.Resolve whitelist /run/systemd/machines/irc.darkfasel.net whitelist /run/udev/control include whitelist-run-common.inc whitelist ${RUNUSER}/pulse include whitelist-runuser-common.inc include whitelist-usr-share-common.inc whitelist /var/lib/alsa/conf.d include whitelist-var-common.inc #apparmor # if you have AppArmor running, try this one! caps.drop all ipc-namespace netfilter #no3d # disable 3D acceleration #nodvd # disable DVD and CD devices #nogroups # disable supplementary user groups #noinput # disable input devices nonewprivs noroot #notv # disable DVB TV devices #nou2f # disable U2F devices #novideo # disable video capture devices protocol unix,inet,inet6,netlink, #net eth0 netfilter seccomp !chroot # allowing chroot, just in case this is an Electron app shell none #tracelog # send blacklist violations to syslog #disable-mnt # no access to /mnt, /media, /run/mount and /run/media private-bin pidgin, #private-cache # run with an empty ~/.cache directory #private-dev # This is the list of devices accessed on top of regular private-dev devices: # /dev, private-etc ssl,fonts,vulkan,asound.conf,alsa,machine-id,pulse,zephyr.vars,gtk-2.0,xdg, #private-lib private-tmp #dbus-user none #dbus-system none #memory-deny-write-execute ~~~
gitea-mirror commented 2026-05-05 09:43:42 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 29, 2023):

Thanks for providing additional info. I cannot reproduce this (yet) on my Arch Linux box, but I have a hunch your issue might be caused by gstreamer. Can you add the below and report back if that changes anything?

whitelist /usr/libexec/gstreamer-1.0
whitelist /usr/share/gstreamer-1.0
<!-- gh-comment-id:1488629370 --> @ghost commented on GitHub (Mar 29, 2023): Thanks for providing additional info. I cannot reproduce this (yet) on my Arch Linux box, but I have a hunch your issue might be caused by gstreamer. Can you add the below and report back if that changes anything? ``` whitelist /usr/libexec/gstreamer-1.0 whitelist /usr/share/gstreamer-1.0 ```
gitea-mirror commented 2026-05-05 09:43:43 -06:00
Author
Owner
Copy link

@Xunil73 commented on GitHub (Mar 29, 2023):

The two lines did nothing. I tested it on both, Arch and Debian.

<!-- gh-comment-id:1488899008 --> @Xunil73 commented on GitHub (Mar 29, 2023): The two lines did nothing. I tested it on both, Arch and Debian.
gitea-mirror commented 2026-05-05 09:43:43 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 29, 2023):

The two lines did nothing. I tested it on both, Arch and Debian.

So much for my hunch. For now it seems you're left with commenting lines in /etc/firejail/pidgin.profile (one by one) and try to find the offending option(s) that cause the crash you're seeing...

<!-- gh-comment-id:1489278192 --> @ghost commented on GitHub (Mar 29, 2023): > The two lines did nothing. I tested it on both, Arch and Debian. So much for my hunch. For now it seems you're left with commenting lines in /etc/firejail/pidgin.profile (one by one) and try to find the offending option(s) that cause the crash you're seeing...
gitea-mirror commented 2026-05-05 09:43:44 -06:00
Author
Owner
Copy link

@Xunil73 commented on GitHub (Mar 30, 2023):

I figured it out! Commenting out was not helpful.
Solution: In /etc/firejail/pidgin.profile there is an entry protocol unix,inet,inet6.
Just adding netlink to this line made pidgin executable again.

I noticed it after the output of firejail --build=file.profile has an line with just this entry:
protocol unix,inet, inet6,netlink.
I saved the line in an .local and it looks like it will work as before.

Thanks support! Great job!

<!-- gh-comment-id:1489799165 --> @Xunil73 commented on GitHub (Mar 30, 2023): I figured it out! Commenting out was not helpful. Solution: In `/etc/firejail/pidgin.profile` there is an entry `protocol unix,inet,inet6`. Just adding `netlink` to this line made pidgin executable again. I noticed it after the output of `firejail --build=file.profile` has an line with just this entry: `protocol unix,inet, inet6,netlink`. I saved the line in an .local and it looks like it will work as before. Thanks support! Great job!
gitea-mirror commented 2026-05-05 09:43:44 -06:00
Author
Owner
Copy link

@Xunil73 commented on GitHub (Mar 30, 2023):

solved

<!-- gh-comment-id:1489799669 --> @Xunil73 commented on GitHub (Mar 30, 2023): solved
gitea-mirror commented 2026-05-05 09:43:44 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 30, 2023):

Needs to be fixed upstream as well.

<!-- gh-comment-id:1490759893 --> @rusty-snake commented on GitHub (Mar 30, 2023): Needs to be fixed upstream as well.
gitea-mirror commented 2026-05-05 09:43:45 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 30, 2023):

Just adding netlink to this line made pidgin executable again.

Weird. I've been running pidgin for a long time and never needed netlink. But that's with firejail built from git. In fact I cannot reproduce this at all.

Needs to be fixed upstream as well.

@rusty-snake Can you reproduce this?

<!-- gh-comment-id:1490789652 --> @ghost commented on GitHub (Mar 30, 2023): > Just adding netlink to this line made pidgin executable again. Weird. I've been running pidgin for a long time and `never` needed `netlink`. But that's with firejail built from git. In fact I cannot reproduce this at all. > Needs to be fixed upstream as well. @rusty-snake Can you reproduce this?
gitea-mirror commented 2026-05-05 09:43:45 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 30, 2023):

I did not tried yet but we should at least add a comment IMHO.

<!-- gh-comment-id:1490803838 --> @rusty-snake commented on GitHub (Mar 30, 2023): I did not tried yet but we should at least add a comment IMHO.
gitea-mirror commented 2026-05-05 09:43:46 -06:00
Author
Owner
Copy link

@Xunil73 commented on GitHub (Mar 30, 2023):

netlink takes effect in both distros, Arch 6.2.8-arch1-1 and Firejail --version 0.9.72 and
Debian Bullseye 5.10.0-21-amd64 firejail version 0.9.64.4. In both distros only packages of the official repositories used here. On both systems the crash happend last week, i believe there where no package upgrades of firejail or pidgin at this time. Sorry, but i have no more details or an idea whats going on there on my machine.

<!-- gh-comment-id:1490835131 --> @Xunil73 commented on GitHub (Mar 30, 2023): `netlink` takes effect in both distros, Arch 6.2.8-arch1-1 and Firejail --version 0.9.72 and Debian Bullseye 5.10.0-21-amd64 firejail version 0.9.64.4. In both distros only packages of the official repositories used here. On both systems the crash happend last week, i believe there where no package upgrades of firejail or pidgin at this time. Sorry, but i have no more details or an idea whats going on there on my machine.
gitea-mirror commented 2026-05-05 09:43:46 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 30, 2023):

@Xunil73 No worries, I think it's best to add netlink in our pidgin.profile with a comment that it might work without it. Can you open a PR for that?

<!-- gh-comment-id:1490842538 --> @ghost commented on GitHub (Mar 30, 2023): @Xunil73 No worries, I think it's best to add netlink in our pidgin.profile with a comment that it might work without it. Can you open a PR for that?
gitea-mirror commented 2026-05-05 09:43:47 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Apr 3, 2023):

(Offtopic)

@Xunil73 on Mar 30:

Debian Bullseye 5.10.0-21-amd64 firejail version 0.9.64.4.

Note that we do not maintain that version of firejail:

Versions other than the latest usually have outdated profiles and may contain
bugs and security vulnerabilities that were fixed in later versions.

See the following for how to install a supported version on Debian:

<!-- gh-comment-id:1494874838 --> @kmk3 commented on GitHub (Apr 3, 2023): (Offtopic) @Xunil73 [on Mar 30](https://github.com/netblue30/firejail/issues/5764#issuecomment-1490835131): > Debian Bullseye 5.10.0-21-amd64 firejail version 0.9.64.4. Note that we do not maintain that version of firejail: * <https://github.com/netblue30/firejail/blob/master/SECURITY.md> Versions other than the latest usually have outdated profiles and may contain bugs and security vulnerabilities that were fixed in later versions. See the following for how to install a supported version on Debian: * <https://github.com/netblue30/firejail#installing>
gitea-mirror commented 2026-05-05 09:43:47 -06:00
Author
Owner
Copy link

@vbooka1 commented on GitHub (Sep 25, 2023):

I had the same issue in openSuSE Leap 15.5 (Pidgin 2.14.8, firejail 0.9.70)
adding protocol netlink to pidgin.local fixed the issue.

<!-- gh-comment-id:1733538236 --> @vbooka1 commented on GitHub (Sep 25, 2023): I had the same issue in openSuSE Leap 15.5 (Pidgin 2.14.8, firejail 0.9.70) adding `protocol netlink` to pidgin.local fixed the issue.
gitea-mirror commented 2026-05-05 09:43:47 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Sep 25, 2023):

I had the same issue in openSuSE Leap 15.5 (Pidgin 2.14.8, firejail 0.9.70)
adding protocol netlink to pidgin.local fixed the issue.

Note that this was fixed in firejail 0.9.72.

See also my previous comment.

<!-- gh-comment-id:1734189276 --> @kmk3 commented on GitHub (Sep 25, 2023): > I had the same issue in openSuSE Leap 15.5 (Pidgin 2.14.8, firejail 0.9.70) > adding `protocol netlink` to pidgin.local fixed the issue. Note that this was fixed in firejail 0.9.72. See also my previous [comment](https://github.com/netblue30/firejail/issues/5764#issuecomment-1494874838).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3086
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?