github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6276] Game "Faster Than Light" with font issues (--noprofile) #3230

New issue
Closed
opened 2026-05-05 09:50:24 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 09:50:24 -06:00
Owner
Copy link

Originally created by @charun80 on GitHub (Mar 16, 2024).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6276

Description

For the game "Faster Than Light" I use the steam profile.
It mainly works. However text is unreadable. It looks like font letters are drawn over each other.

Steps to Reproduce

Steps to reproduce the behavior

  1. Run the FTL games (from GOG) with (or without) steam profile

Expected behavior

Text should be readable in the same way like without firejail usage

Actual behavior

Text content is unreadable

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

The issue is the same.
So maybe it is not (only) a problem of the steam profile but firejail in general.

Additional context

Any other detail that may help to understand/debug the problem

Environment

  • MX-Linux MX-23
  • firejail version 0.9.72

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail --noprofile /path/to/program 

Running FTL: Advanced Edition
Parent pid 228136, child pid 228138
Child process initialized in 3.39 ms
Loading Arch = amd64
Initializing Crash Catcher...
Initializing Video
Video Initialized
Opengl version = 4.6 (Compatibility Profile) Mesa 23.1.2-1~mx23ahs
Starting audio library...
Audio Initialized!
Resource Preload: 3.587
Loading text....
Initializing animations...
Animations Initialized!
Loading Ship Blueprints....
Blueprints Loaded!
Initializing Sound Data....
Generating world...
Loading achievements...
Loading score file...
Running Game!
OPENGL ERROR: GL_OUT_OF_MEMORY

Output of LC_ALL=C firejail --noprofile --debug /path/to/program 

Running FTL: Advanced Edition
Command name #FTL#
DISPLAY=:0.0 parsed as 0
Using the local network stack
Parent pid 228286, child pid 228288
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/home/otto/.cache/ibus/dbus-9F6BWIsG,guid=dc9bc78f2315e1c056c834d263a9884c
IBUS_DAEMON_PID=2822
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
5033 4992 253:0 /etc /etc ro,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard
mountid=5033 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
5034 5033 253:0 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard
mountid=5034 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
5035 4992 253:0 /var /var ro,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard
mountid=5035 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
5036 5035 253:0 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard
mountid=5036 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
5037 4992 253:0 /usr /usr ro,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard
mountid=5037 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/otto/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /sys/fs
Disable /sys/module
DISPLAY=:0.0 parsed as 0
Mounting read-only /run/firejail/mnt/seccomp
5083 5030 0:113 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=5083 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             120 .
drwxr-xr-x root     root             160 ..
-rw-r--r-- otto     otto             640 seccomp
-rw-r--r-- otto     otto             432 seccomp.32
-rw-r--r-- otto     otto               0 seccomp.postexec
-rw-r--r-- otto     otto               0 seccomp.postexec32
No active seccomp files
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)

Child process initialized in 4.02 ms
Loading Arch = amd64
monitoring pid 2

Initializing Crash Catcher...
Initializing Video
Video Initialized
Opengl version = 4.6 (Compatibility Profile) Mesa 23.1.2-1~mx23ahs
Starting audio library...
Audio Initialized!
Resource Preload: 3.661
Loading text....
Initializing animations...
Animations Initialized!
Loading Ship Blueprints....
Blueprints Loaded!
Initializing Sound Data....
Generating world...
Loading achievements...
Loading score file...
Running Game!
OPENGL ERROR: GL_OUT_OF_MEMORY

... I removed some path output.

Originally created by @charun80 on GitHub (Mar 16, 2024). Original GitHub issue: https://github.com/netblue30/firejail/issues/6276 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description For the game "Faster Than Light" I use the steam profile. It mainly works. However text is unreadable. It looks like font letters are drawn over each other. ### Steps to Reproduce _Steps to reproduce the behavior_ 1. Run the FTL games (from GOG) with (or without) steam profile ### Expected behavior Text should be readable in the same way like without firejail usage ### Actual behavior Text content is unreadable ### Behavior without a profile _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ The issue is the same. So maybe it is not (only) a problem of the steam profile but firejail in general. ### Additional context _Any other detail that may help to understand/debug the problem_ ### Environment - MX-Linux MX-23 - firejail version 0.9.72 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail --noprofile /path/to/program</code></summary> <p> ``` Running FTL: Advanced Edition Parent pid 228136, child pid 228138 Child process initialized in 3.39 ms Loading Arch = amd64 Initializing Crash Catcher... Initializing Video Video Initialized Opengl version = 4.6 (Compatibility Profile) Mesa 23.1.2-1~mx23ahs Starting audio library... Audio Initialized! Resource Preload: 3.587 Loading text.... Initializing animations... Animations Initialized! Loading Ship Blueprints.... Blueprints Loaded! Initializing Sound Data.... Generating world... Loading achievements... Loading score file... Running Game! OPENGL ERROR: GL_OUT_OF_MEMORY ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --noprofile --debug /path/to/program</code></summary> <p> <!-- If the output is too long to embed it into the comment, create a secret gist at https://gist.github.com/ and link it here. --> ``` Running FTL: Advanced Edition Command name #FTL# DISPLAY=:0.0 parsed as 0 Using the local network stack Parent pid 228286, child pid 228288 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/home/otto/.cache/ibus/dbus-9F6BWIsG,guid=dc9bc78f2315e1c056c834d263a9884c IBUS_DAEMON_PID=2822 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 5033 4992 253:0 /etc /etc ro,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard mountid=5033 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 5034 5033 253:0 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard mountid=5034 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 5035 4992 253:0 /var /var ro,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard mountid=5035 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 5036 5035 253:0 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard mountid=5036 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 5037 4992 253:0 /usr /usr ro,noatime master:1 - ext4 /dev/mapper/root.fsm rw,discard mountid=5037 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/otto/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /sys/fs Disable /sys/module DISPLAY=:0.0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp 5083 5030 0:113 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=5083 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 160 .. -rw-r--r-- otto otto 640 seccomp -rw-r--r-- otto otto 432 seccomp.32 -rw-r--r-- otto otto 0 seccomp.postexec -rw-r--r-- otto otto 0 seccomp.postexec32 No active seccomp files Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) Child process initialized in 4.02 ms Loading Arch = amd64 monitoring pid 2 Initializing Crash Catcher... Initializing Video Video Initialized Opengl version = 4.6 (Compatibility Profile) Mesa 23.1.2-1~mx23ahs Starting audio library... Audio Initialized! Resource Preload: 3.661 Loading text.... Initializing animations... Animations Initialized! Loading Ship Blueprints.... Blueprints Loaded! Initializing Sound Data.... Generating world... Loading achievements... Loading score file... Running Game! OPENGL ERROR: GL_OUT_OF_MEMORY ``` ... I removed some path output. </p> </details>
gitea-mirror 2026-05-05 09:50:24 -06:00
  • closed this issue
  • added the
    bug
         label
gitea-mirror commented 2026-05-05 09:50:26 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 16, 2024):

Not being familiar with this game I'm wondering if that OPENGL ERROR: GL_OUT_OF_MEMORY is related. Do these font issues persist when using the noprofile.profile?

$ firejail --profile=noprofile.profile /path/to/program
<!-- gh-comment-id:2002104070 --> @ghost commented on GitHub (Mar 16, 2024): Not being familiar with this game I'm wondering if that `OPENGL ERROR: GL_OUT_OF_MEMORY` is related. Do these font issues persist when using the `noprofile.profile`? ```sh $ firejail --profile=noprofile.profile /path/to/program ```
gitea-mirror commented 2026-05-05 09:50:27 -06:00
Author
Owner
Copy link

@charun80 commented on GitHub (Mar 16, 2024):

Indeed, the issue persist also when using the noprofile.profile .

<!-- gh-comment-id:2002166294 --> @charun80 commented on GitHub (Mar 16, 2024): Indeed, the issue persist also when using the noprofile.profile .
gitea-mirror commented 2026-05-05 09:50:28 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 17, 2024):

Indeed, the issue persist also when using the noprofile.profile

Sadly this means Firejail can't (reliably) sandbox this particular game. It might be worthwhile to look at other sandboxing tools like bubblejail or crablock.

<!-- gh-comment-id:2002355318 --> @ghost commented on GitHub (Mar 17, 2024): > Indeed, the issue persist also when using the noprofile.profile Sadly this means Firejail can't (reliably) sandbox this particular game. It might be worthwhile to look at other sandboxing tools like [bubblejail](https://github.com/igo95862/bubblejail) or [crablock](https://codeberg.org/crabjail/crablock).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3230
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?