github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #587] Xephyr fails with chroot and net #413

New issue

Closed

opened 2026-05-05 05:49:04 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 05:49:04 -06:00

Owner

Originally created by @h1z1 on GitHub (Jun 20, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/587

I hope this is something silly I'm missing but for the life of me I cannot get Xephyr to properly start within a chroot and network isolation. The server starts but nothing within the sandbox is able to run just throws a generic error. I fully expect it's something within the chroot I'm missing but I have no idea WHAT. It works fine without --net. Disabling the default profile, secomp, and everything else I could think of had no effect.

This is what I'm trying:
firejail --net=enp4s0 --x11=xephyr --chroot=/srv/jails/desktop1 fluxbox

What doesn't really make sense is how the display variable is being set. Shouldn't it be :0 if the display was truly isolated?

Originally created by @h1z1 on GitHub (Jun 20, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/587 I hope this is something silly I'm missing but for the life of me I cannot get Xephyr to properly start within a chroot and network isolation. The server starts but nothing within the sandbox is able to run just throws a generic error. I fully expect it's something within the chroot I'm missing but I have no idea WHAT. It works fine without --net. Disabling the default profile, secomp, and everything else I could think of had no effect. This is what I'm trying: firejail --net=enp4s0 --x11=xephyr --chroot=/srv/jails/desktop1 fluxbox What doesn't really make sense is how the display variable is being set. Shouldn't it be :0 if the display was truly isolated?

gitea-mirror

2026-05-05 05:49:04 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 05:49:09 -06:00

Author

Owner

@netblue30 commented on GitHub (Jun 20, 2016):

Yes, that is a problem. Both --chroot and --net will result in no access to X11 socket. I'll have to fix it! Thanks for the bug.

Shouldn't it be :0 if the display was truly isolated?

If you see display :0, it means you are running on the main X server without any isolation. For display I pick a number up to 1000.

@netblue30 commented on GitHub (Jun 20, 2016): Yes, that is a problem. Both --chroot and --net will result in no access to X11 socket. I'll have to fix it! Thanks for the bug. > Shouldn't it be :0 if the display was truly isolated? If you see display :0, it means you are running on the main X server without any isolation. For display I pick a number up to 1000.

gitea-mirror commented

2026-05-05 05:49:11 -06:00

Author

Owner

@netblue30 commented on GitHub (Jun 23, 2016):

Fixed, give it a try.

@netblue30 commented on GitHub (Jun 23, 2016): Fixed, give it a try.

gitea-mirror commented

2026-05-05 05:49:13 -06:00

Author

Owner

@h1z1 commented on GitHub (Jun 23, 2016):

X starts now but I can't get anything to connect?

** (xterm:6): WARNING **: Failed to connect to the session manager: Could not open network socket

Removing --net works though it may still be my fault. Strange fluxbox is able to start though.. hmm.

@h1z1 commented on GitHub (Jun 23, 2016): X starts now but I can't get anything to connect? *\* (xterm:6): WARNING **: Failed to connect to the session manager: Could not open network socket Removing --net works though it may still be my fault. Strange fluxbox is able to start though.. hmm.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#413

No description provided.

Rows
Columns