[GH-ISSUE #5961] chromium: no graceful termination with SIGINT #3144

New issue

Open

opened 2026-05-05 09:46:34 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 09:46:34 -06:00

Owner

Originally created by @arenevier on GitHub (Aug 16, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5961

Description

When I kill chrome with Ctrl-C or kill -INT, it does not terminate gracefully.

Steps to Reproduce

Launch
$ firejail google-chrome-stable
Ctrl-C

check that google chrome did not exit gracefully: the config profile still contains SingletonLock file.

I debug build of chrome will show the following errors:

Child received signal 2, shutting down the sandbox...
[2:2:0816/135718.038303:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote
[2:2:0816/135718.042869:ERROR:network_service_instance_impl.cc(625)] Network service crashed, restarting service.
[2:2:0816/135718.048479:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote
[2:2:0816/135718.055706:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote
[2:2:0816/135718.061504:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote
[2:2:0816/135718.066039:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote
[2:2:0816/135718.085031:ERROR:gpu_process_host.cc(950)] GPU process launch failed: error_code=1002
[...]
[2:2:0816/135718.116200:FATAL:gpu_data_manager_impl_private.cc(431)] GPU process isn't usable. Goodbye.
#2 0x7f869762fb48 logging::LogMessage::~LogMessage()
#3 0x7f8694b059f7 content::(anonymous namespace)::IntentionallyCrashBrowserForUnusableGpuProcess()

Expected behavior

I expect google chrome to be able to exit gracefully when killed with sig int. The same behavior also happens if I stop the sandbox with firejail --shutdown

Actual behavior

Behavior without a profile

same

Environment

Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")
archlinux. But pretty sure it happens on every distribution
Firejail version (firejail --version).
firejail version 0.9.72

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Reading profile /etc/firejail/google-chrome-stable.profile
Reading profile /etc/firejail/google-chrome.profile 
Reading profile /etc/firejail/chromium-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 44383, child pid 44384
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 68.88 ms
[6:32:0816/140129.228665:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:42:0816/140129.391314:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:42:0816/140129.391331:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied

(google-chrome:6): IBUS-WARNING **: 14:01:29.501: Unable to connect to ibus: Could not connect: No such file or directory
[6:125:0816/140129.525549:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:125:0816/140129.525564:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:125:0816/140129.525585:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:125:0816/140129.525604:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[6:125:0816/140129.525614:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied

Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...

Originally created by @arenevier on GitHub (Aug 16, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5961 ### Description When I kill chrome with Ctrl-C or kill -INT, it does not terminate gracefully. ### Steps to Reproduce Launch $ firejail google-chrome-stable Ctrl-C check that google chrome did not exit gracefully: the config profile still contains SingletonLock file. I debug build of chrome will show the following errors: ``` Child received signal 2, shutting down the sandbox... [2:2:0816/135718.038303:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote [2:2:0816/135718.042869:ERROR:network_service_instance_impl.cc(625)] Network service crashed, restarting service. [2:2:0816/135718.048479:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote [2:2:0816/135718.055706:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote [2:2:0816/135718.061504:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote [2:2:0816/135718.066039:ERROR:zygote_communication_linux.cc(291)] Failed to send GetTerminationStatus message to zygote [2:2:0816/135718.085031:ERROR:gpu_process_host.cc(950)] GPU process launch failed: error_code=1002 [...] [2:2:0816/135718.116200:FATAL:gpu_data_manager_impl_private.cc(431)] GPU process isn't usable. Goodbye. #2 0x7f869762fb48 logging::LogMessage::~LogMessage() #3 0x7f8694b059f7 content::(anonymous namespace)::IntentionallyCrashBrowserForUnusableGpuProcess() ``` ### Expected behavior I expect google chrome to be able to exit gracefully when killed with sig int. The same behavior also happens if I stop the sandbox with ```firejail --shutdown``` ### Actual behavior ### Behavior without a profile same ### Environment - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") archlinux. But pretty sure it happens on every distribution - Firejail version (`firejail --version`). firejail version 0.9.72 ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` Reading profile /etc/firejail/google-chrome-stable.profile Reading profile /etc/firejail/google-chrome.profile Reading profile /etc/firejail/chromium-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 44383, child pid 44384 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Warning: Cannot confine the application using AppArmor. Maybe firejail-default AppArmor profile is not loaded into the kernel. As root, run "aa-enforce firejail-default" to load it. Child process initialized in 68.88 ms [6:32:0816/140129.228665:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:42:0816/140129.391314:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:42:0816/140129.391331:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied (google-chrome:6): IBUS-WARNING **: 14:01:29.501: Unable to connect to ibus: Could not connect: No such file or directory [6:125:0816/140129.525549:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:125:0816/140129.525564:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:125:0816/140129.525585:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:125:0816/140129.525604:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied [6:125:0816/140129.525614:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied Parent received signal 2, shutting down the child process... Child received signal 2, shutting down the sandbox... Parent is shutting down, bye... ```

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3144

No description provided.

Rows
Columns