[GH-ISSUE #804] [Bug] Firejail 0.9.42 and grsecurity #549

New issue

Closed

opened 2026-05-05 06:06:22 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 06:06:22 -06:00

Owner

Originally created by @Anyon3 on GitHub (Sep 22, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/804

[ 6549.799205] firejail[8971]: segfault at 41ed ip 000003a3fd4c808d sp 0000006673b072c0 error 4 in libc-2.22.so[3a3fd3fe000+1a1000]
[ 6549.799217] grsec: Segmentation fault occurred at 00000000000041ed in /usr/bin/firejail[firejail:8971] uid/euid:1000/0 gid/egid:1000/0, parent /usr/bin/firejail[firejail:8970] uid/euid:1000/1000 gid/egid:1000/1000
[ 6549.799240] grsec: bruteforce prevention initiated due to crash of /usr/bin/firejail against uid 1000, banning suid/sgid execs for 15 minutes. Please investigate the crash report for /usr/bin/firejail[firejail:8971] uid/euid:1000/0 gid/egid:1000/0, parent /usr/bin/firejail[firejail:8970] uid/euid:1000/1000 gid/egid:1000/1000

This error happen only when --noprofile isn't use, with noprofile firejail work without problem. This bug only show for no privilege account, in root or with sudo, no problem.

The crash will be almost immediately after firejail run the default config (/etc/firejail/disable-devel.inc), the pid will be killed.

I downgraded to 0.9.40-r2 for check and no problem with this version, firejail can run with or without noprofile without any crash.

OS: Gentoo 2.2
Kernel: x86_64 Linux 4.7.4-hardened-gnu
Gcc : gcc (Gentoo Hardened 5.4.0 p1.0, pie-0.6.5) 5.4.0

If you need more infos, just tell me and will provide it

Originally created by @Anyon3 on GitHub (Sep 22, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/804 > [ 6549.799205] firejail[8971]: segfault at 41ed ip 000003a3fd4c808d sp 0000006673b072c0 error 4 in libc-2.22.so[3a3fd3fe000+1a1000] > [ 6549.799217] grsec: Segmentation fault occurred at 00000000000041ed in /usr/bin/firejail[firejail:8971] uid/euid:1000/0 gid/egid:1000/0, parent /usr/bin/firejail[firejail:8970] uid/euid:1000/1000 gid/egid:1000/1000 > [ 6549.799240] grsec: bruteforce prevention initiated due to crash of /usr/bin/firejail against uid 1000, banning suid/sgid execs for 15 minutes. Please investigate the crash report for /usr/bin/firejail[firejail:8971] uid/euid:1000/0 gid/egid:1000/0, parent /usr/bin/firejail[firejail:8970] uid/euid:1000/1000 gid/egid:1000/1000 This error happen only when --noprofile isn't use, with noprofile firejail work without problem. This bug only show for no privilege account, in root or with sudo, no problem. The crash will be almost immediately after firejail run the default config (/etc/firejail/disable-devel.inc), the pid will be killed. I downgraded to 0.9.40-r2 for check and no problem with this version, firejail can run with or without noprofile without any crash. OS: Gentoo 2.2 Kernel: x86_64 Linux 4.7.4-hardened-gnu Gcc : gcc (Gentoo Hardened 5.4.0 p1.0, pie-0.6.5) 5.4.0 If you need more infos, just tell me and will provide it

gitea-mirror closed this issue

2026-05-05 06:06:24 -06:00

gitea-mirror commented

2026-05-05 06:06:27 -06:00

Author

Owner

@Anyon3 commented on GitHub (Sep 22, 2016):

I did emerge the git sources (9999 **) witch provide the version

firejail version 0.9.43

Everything seems fixed and the crash grsec doesn't happen anymore.

I close this issue, thanks for your work on this usefull tool.

@Anyon3 commented on GitHub (Sep 22, 2016): I did emerge the git sources (9999 **) witch provide the version > firejail version 0.9.43 Everything seems fixed and the crash grsec doesn't happen anymore. I close this issue, thanks for your work on this usefull tool.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#549

No description provided.

Rows
Columns