github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #749] 0.9.42~rc2: Runtime Errors #510

New issue

Closed

opened 2026-05-05 06:00:42 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 06:00:42 -06:00

Owner

Originally created by @githububub on GitHub (Aug 29, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/749

firejail: fs_dev.c:78: fs_private_dev: Assertion (s.st_mode & 07777) == (0755) failed.
Error: cannot establish communication with the parent, exiting...

Arch. Stock kernel. Stock grsec kernel. Custom grsec kernel. Same results. Comment out private-dev in the profile and standard output kicks back a "fs_private_etc" error. Reinstalled 0.9.42~rc1. Everything works as expected.

Build log and a few test commands: http://pastebin.com/c7YBfchM

UPDATE: Rebuilt without -fPIE as I noted -fPIC and -pie were altready being passed. Same errors.

Originally created by @githububub on GitHub (Aug 29, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/749 ``` firejail: fs_dev.c:78: fs_private_dev: Assertion (s.st_mode & 07777) == (0755) failed. Error: cannot establish communication with the parent, exiting... ``` Arch. Stock kernel. Stock grsec kernel. Custom grsec kernel. Same results. Comment out private-dev in the profile and standard output kicks back a "fs_private_etc" error. Reinstalled 0.9.42~rc1. Everything works as expected. Build log and a few test commands: http://pastebin.com/c7YBfchM UPDATE: Rebuilt without -fPIE as I noted -fPIC and -pie were altready being passed. Same errors.

gitea-mirror

2026-05-05 06:00:42 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 06:00:52 -06:00

Author

Owner

@manevich commented on GitHub (Aug 29, 2016):

Thanks for reporting.
My commits, especially 0ee599684c are source of this problem.
I am downloading Arch now to check it further.
I did tested it on Debian Linux with stock kernel and on Alpine Linux with grsec kernel before commiting.

@manevich commented on GitHub (Aug 29, 2016): Thanks for reporting. My commits, especially https://github.com/netblue30/firejail/commit/0ee599684c4ca622ca22d09eba565eb07c1a2b12 are source of this problem. I am downloading Arch now to check it further. I did tested it on Debian Linux with stock kernel and on Alpine Linux with grsec kernel before commiting.

gitea-mirror commented

2026-05-05 06:00:57 -06:00

Author

Owner

@manevich commented on GitHub (Aug 29, 2016):

Unable to reproduce on fresh ArchLinux installation in VirtualBox, using latest git compiled/installed manually.

$uname -r
4.7.2-1-ARCH

I am not familiar with Arch, so can you provide further details/suggestion?

@manevich commented on GitHub (Aug 29, 2016): Unable to reproduce on fresh ArchLinux installation in VirtualBox, using [latest git](https://github.com/netblue30/firejail/commit/80c8015d7d3158dcd44b48f83658f2c61e14eddf) compiled/installed manually. ``` $uname -r 4.7.2-1-ARCH ``` I am not familiar with Arch, so can you provide further details/suggestion?

gitea-mirror commented

2026-05-05 06:01:00 -06:00

Author

Owner

@netblue30 commented on GitHub (Aug 29, 2016):

It is affected by umask. This is a small test program:

#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>

int main(void) {
    mkdir("blablabla", 0777);
    return 0;
}

Compile and run I get:

$ umask
0022
$ ls -l
drwxr-xr-x  2 netblue netblue   4096 Aug 29 13:18 blablabla

umask setting is extracted from 0777 we intended for our directory. In "man 2 umask" they say:

       The  umask  is  used  by open(2), mkdir(2), and other system calls that
       create files to modify the permissions placed on newly created files or
       directories.   Specifically,  permissions  in  the umask are turned off
       from the mode argument to open(2) and mkdir(2).

So, we need to make a chmod after mkdir/open calls, something like this:

#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>

int main(void) {
    mkdir("blablabla", 0777);
    chmod("blablabla", 0777);
    return 0;
}

@netblue30 commented on GitHub (Aug 29, 2016): It is affected by umask. This is a small test program: ``` #include <stdio.h> #include <sys/stat.h> #include <sys/types.h> int main(void) { mkdir("blablabla", 0777); return 0; } ``` Compile and run I get: ``` $ umask 0022 $ ls -l drwxr-xr-x 2 netblue netblue 4096 Aug 29 13:18 blablabla ``` umask setting is extracted from 0777 we intended for our directory. In "man 2 umask" they say: ``` The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2). ``` So, we need to make a chmod after mkdir/open calls, something like this: ``` #include <stdio.h> #include <sys/stat.h> #include <sys/types.h> int main(void) { mkdir("blablabla", 0777); chmod("blablabla", 0777); return 0; } ```

gitea-mirror commented

2026-05-05 06:01:01 -06:00

Author

Owner

@reinerh commented on GitHub (Aug 29, 2016):

Running the test suite results in some additional errors:
https://gist.github.com/reinerh/71f4df0ab5486aa861111c072cc72132

Error: line 51 in /etc/firejail/firefox.profile is invalid

[...]

Error mkdir:fs_private(301): File exists
Error: cannot establish communication with the parent, exiting...

@reinerh commented on GitHub (Aug 29, 2016): Running the test suite results in some additional errors: https://gist.github.com/reinerh/71f4df0ab5486aa861111c072cc72132 > Error: line 51 in /etc/firejail/firefox.profile is invalid [...] > Error mkdir:fs_private(301): File exists > Error: cannot establish communication with the parent, exiting...

gitea-mirror commented

2026-05-05 06:01:03 -06:00

Author

Owner

@manevich commented on GitHub (Aug 29, 2016):

@netblue30 Thanks for pointing this! I completely forgot that umask affects mkdir too.
Will submit pull request soon.

@manevich commented on GitHub (Aug 29, 2016): @netblue30 Thanks for pointing this! I completely forgot that umask affects mkdir too. Will submit pull request soon.

gitea-mirror commented

2026-05-05 06:01:06 -06:00

Author

Owner

@netblue30 commented on GitHub (Aug 30, 2016):

Sure, no problem.

@netblue30 commented on GitHub (Aug 30, 2016): Sure, no problem.

gitea-mirror referenced this issue

2026-05-05 09:33:50 -06:00

[GH-ISSUE #5157] unprivileged firejail #2899

gitea-mirror referenced this issue

2026-05-05 09:34:00 -06:00