github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #1016] firejail --x11=xpra doesn't attach with firefox #692

New issue
Closed
opened 2026-05-05 06:27:21 -06:00 by gitea-mirror · 11 comments
gitea-mirror commented 2026-05-05 06:27:21 -06:00
Owner
Copy link

Originally created by @l29ah on GitHub (Dec 31, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1016

‰ firejail --x11=xpra /usr/bin/firefox

X.Org X Server 1.18.3
Release Date: 2016-04-04
X Protocol Version 11, Revision 0
Build Operating System: Linux 4.4.2-grsec+ x86_64 Gentoo
Current Operating System: Linux l29ah-x201 4.8.7-grsec+ #65 SMP PREEMPT Thu Nov 17 06:58:08 MSK 2016 x86_64
Kernel command line: BOOT_IMAGE=Gentoo_AA_S ro root=801 ec_intr=0 acpi_sleep=s4_nohwsig elevator=noop pcie_aspm=force i915.i915_enable_fbc=1 i915.lvds_downclock=1 security=apparmor resume=/dev/sda2 processor.ignore_ppc=1
Build Date: 24 April 2016  01:52:51PM
 
Current version of pixman: 0.34.0
	Before reporting problems, check http://wiki.x.org
	to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
	(++) from command line, (!!) notice, (II) informational,
	(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: "/home/l29ah/.xpra/Xorg.:282.log", Time: Sat Dec 31 15:03:46 2016
(++) Using config file: "/etc/xpra/xorg.conf"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
2016-12-31 15:03:46,710 created unix domain socket: /home/l29ah/.xpra/l29ah-x201-282
2016-12-31 15:03:46,804 Warning: all the compressors are disabled,
2016-12-31 15:03:46,804  unless you use mmap or have a gigabit connection or better
2016-12-31 15:03:46,804  performance will suffer
Xpra server pid 27338, xpra client pid 27485, jail 27486

*** Attaching to xpra display 282 ***

Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 27486, child pid 27487
Blacklist violations are logged to syslog
Child process initialized
2016-12-31 15:03:47,669 Error importing ffmpeg encoder (enc_ffmpeg)
2016-12-31 15:03:47,669  No module named libav_common.av_log
2016-12-31 15:03:49,637 Warning: all the compressors are disabled,
2016-12-31 15:03:49,638  unless you use mmap or have a gigabit connection or better
2016-12-31 15:03:49,638  performance will suffer
2016-12-31 15:03:49,639 Xpra gtk2 client version 2.0 64-bit
2016-12-31 15:03:49,639  running on Linux Gentoo 2.3 n/a
2016-12-31 15:03:49,641 Warning: failed to import opencv:
2016-12-31 15:03:49,641  No module named cv2
2016-12-31 15:03:49,641  webcam forwarding is disabled
2016-12-31 15:03:51,950 OpenGL_accelerate module loaded
2016-12-31 15:03:51,960 OpenGL enabled with Mesa DRI Intel(R) Ironlake Mobile
2016-12-31 15:03:52,078 Error setting up dbus signals:
2016-12-31 15:03:52,078  org.freedesktop.DBus.Error.FileNotFound: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
xpra initialization error:
 cannot find any live servers to connect to
FoxyProxy settingsDir: /home/l29ah/.mozilla/firefox/i3daxy5h.default/foxyproxy.xml
FoxyProxy settingsDir: /home/l29ah/.mozilla/firefox/i3daxy5h.default/foxyproxy.xml
2016-12-31 15:03:52,130 Warning: webcam forwarding is disabled
2016-12-31 15:03:52,131  the virtual video directory '/sys/devices/virtual/video4linux' was not found
2016-12-31 15:03:52,131  make sure that the 'v4l2loopback' kernel module is installed and loaded
2016-12-31 15:03:52,131 found 0 virtual video devices for webcam forwarding
<gtk spam>
2016-12-31 15:03:52,219 pulseaudio server started with pid 27954
2016-12-31 15:03:52,223 D-Bus notification forwarding is available
/bin/sh: pulseaudio: command not found
2016-12-31 15:03:52,242 xpra X11 version 2.0 64-bit
2016-12-31 15:03:52,243  uid=1000 (l29ah), gid=1000 (l29ah)
2016-12-31 15:03:52,248  running with pid 27338 on Linux Gentoo 2.3 n/a
2016-12-31 15:03:52,248  connected to X11 display :282
2016-12-31 15:03:52,324 xpra is ready.
2016-12-31 15:03:52,344 5.6GB of system memory
2016-12-31 15:03:53,250 Warning: pulseaudio has terminated shortly after startup.
2016-12-31 15:03:53,251  pulseaudio is limited to a single instance per user account,
2016-12-31 15:03:53,251  and one may be running already for user 'l29ah'
2016-12-31 15:03:53,251  to avoid this warning, either fix the pulseaudio command line
2016-12-31 15:03:53,251  or use the 'pulseaudio=no' option
1483185835590	addons.manager	WARN	Exception calling callback: Error: couldn't open library /home/l29ah/.mozilla/firefox/i3daxy5h.default/extensions/extended-validator@os3sec.org/components/libunbound64.so.2.7.0: libcrypto.so.0.9.8: cannot open shared object file: No such file or directory (chrome://extval/content/Extval.Libunbound.js:94:16) JS Stack trace: org.os3sec.Extval.Libunbound._init@Libunbound.js:94:16 < org.os3sec.Extval.Libunbound.init/<@Libunbound.js:86:4 < safeCall@AddonManager.jsm:188:5 < makeSafe/<@AddonManager.jsm:204:25 < Handler.prototype.process@Promise-backend.js:937:23 < this.PromiseWalker.walkerLoop@Promise-backend.js:816:7 < this.PromiseWalker.scheduleWalkerLoop/<@Promise-backend.js:750:11

Works after attaching manually with xpra attach.

Originally created by @l29ah on GitHub (Dec 31, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/1016 ``` ‰ firejail --x11=xpra /usr/bin/firefox X.Org X Server 1.18.3 Release Date: 2016-04-04 X Protocol Version 11, Revision 0 Build Operating System: Linux 4.4.2-grsec+ x86_64 Gentoo Current Operating System: Linux l29ah-x201 4.8.7-grsec+ #65 SMP PREEMPT Thu Nov 17 06:58:08 MSK 2016 x86_64 Kernel command line: BOOT_IMAGE=Gentoo_AA_S ro root=801 ec_intr=0 acpi_sleep=s4_nohwsig elevator=noop pcie_aspm=force i915.i915_enable_fbc=1 i915.lvds_downclock=1 security=apparmor resume=/dev/sda2 processor.ignore_ppc=1 Build Date: 24 April 2016 01:52:51PM Current version of pixman: 0.34.0 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (++) Log file: "/home/l29ah/.xpra/Xorg.:282.log", Time: Sat Dec 31 15:03:46 2016 (++) Using config file: "/etc/xpra/xorg.conf" (==) Using system config directory "/usr/share/X11/xorg.conf.d" 2016-12-31 15:03:46,710 created unix domain socket: /home/l29ah/.xpra/l29ah-x201-282 2016-12-31 15:03:46,804 Warning: all the compressors are disabled, 2016-12-31 15:03:46,804 unless you use mmap or have a gigabit connection or better 2016-12-31 15:03:46,804 performance will suffer Xpra server pid 27338, xpra client pid 27485, jail 27486 *** Attaching to xpra display 282 *** Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/whitelist-common.inc Parent pid 27486, child pid 27487 Blacklist violations are logged to syslog Child process initialized 2016-12-31 15:03:47,669 Error importing ffmpeg encoder (enc_ffmpeg) 2016-12-31 15:03:47,669 No module named libav_common.av_log 2016-12-31 15:03:49,637 Warning: all the compressors are disabled, 2016-12-31 15:03:49,638 unless you use mmap or have a gigabit connection or better 2016-12-31 15:03:49,638 performance will suffer 2016-12-31 15:03:49,639 Xpra gtk2 client version 2.0 64-bit 2016-12-31 15:03:49,639 running on Linux Gentoo 2.3 n/a 2016-12-31 15:03:49,641 Warning: failed to import opencv: 2016-12-31 15:03:49,641 No module named cv2 2016-12-31 15:03:49,641 webcam forwarding is disabled 2016-12-31 15:03:51,950 OpenGL_accelerate module loaded 2016-12-31 15:03:51,960 OpenGL enabled with Mesa DRI Intel(R) Ironlake Mobile 2016-12-31 15:03:52,078 Error setting up dbus signals: 2016-12-31 15:03:52,078 org.freedesktop.DBus.Error.FileNotFound: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory xpra initialization error: cannot find any live servers to connect to FoxyProxy settingsDir: /home/l29ah/.mozilla/firefox/i3daxy5h.default/foxyproxy.xml FoxyProxy settingsDir: /home/l29ah/.mozilla/firefox/i3daxy5h.default/foxyproxy.xml 2016-12-31 15:03:52,130 Warning: webcam forwarding is disabled 2016-12-31 15:03:52,131 the virtual video directory '/sys/devices/virtual/video4linux' was not found 2016-12-31 15:03:52,131 make sure that the 'v4l2loopback' kernel module is installed and loaded 2016-12-31 15:03:52,131 found 0 virtual video devices for webcam forwarding <gtk spam> 2016-12-31 15:03:52,219 pulseaudio server started with pid 27954 2016-12-31 15:03:52,223 D-Bus notification forwarding is available /bin/sh: pulseaudio: command not found 2016-12-31 15:03:52,242 xpra X11 version 2.0 64-bit 2016-12-31 15:03:52,243 uid=1000 (l29ah), gid=1000 (l29ah) 2016-12-31 15:03:52,248 running with pid 27338 on Linux Gentoo 2.3 n/a 2016-12-31 15:03:52,248 connected to X11 display :282 2016-12-31 15:03:52,324 xpra is ready. 2016-12-31 15:03:52,344 5.6GB of system memory 2016-12-31 15:03:53,250 Warning: pulseaudio has terminated shortly after startup. 2016-12-31 15:03:53,251 pulseaudio is limited to a single instance per user account, 2016-12-31 15:03:53,251 and one may be running already for user 'l29ah' 2016-12-31 15:03:53,251 to avoid this warning, either fix the pulseaudio command line 2016-12-31 15:03:53,251 or use the 'pulseaudio=no' option 1483185835590 addons.manager WARN Exception calling callback: Error: couldn't open library /home/l29ah/.mozilla/firefox/i3daxy5h.default/extensions/extended-validator@os3sec.org/components/libunbound64.so.2.7.0: libcrypto.so.0.9.8: cannot open shared object file: No such file or directory (chrome://extval/content/Extval.Libunbound.js:94:16) JS Stack trace: org.os3sec.Extval.Libunbound._init@Libunbound.js:94:16 < org.os3sec.Extval.Libunbound.init/<@Libunbound.js:86:4 < safeCall@AddonManager.jsm:188:5 < makeSafe/<@AddonManager.jsm:204:25 < Handler.prototype.process@Promise-backend.js:937:23 < this.PromiseWalker.walkerLoop@Promise-backend.js:816:7 < this.PromiseWalker.scheduleWalkerLoop/<@Promise-backend.js:750:11 ``` Works after attaching manually with `xpra attach`.
gitea-mirror 2026-05-05 06:27:21 -06:00
gitea-mirror commented 2026-05-05 06:27:28 -06:00
Author
Owner
Copy link

@valoq commented on GitHub (Dec 31, 2016):

What distribution are you using?

Try installing ffmpeg, as there is an error about missing it.

<!-- gh-comment-id:269879623 --> @valoq commented on GitHub (Dec 31, 2016): What distribution are you using? Try installing ffmpeg, as there is an error about missing it.
gitea-mirror commented 2026-05-05 06:27:30 -06:00
Author
Owner
Copy link

@l29ah commented on GitHub (Jan 1, 2017):

Gentoo.
It works for other programs despite the ffmpeg whining.

<!-- gh-comment-id:269891151 --> @l29ah commented on GitHub (Jan 1, 2017): Gentoo. It works for other programs despite the ffmpeg whining.
gitea-mirror commented 2026-05-05 06:27:32 -06:00
Author
Owner
Copy link

@valoq commented on GitHub (Jan 1, 2017):

Did you try again with ffmpeg installed?

<!-- gh-comment-id:269923435 --> @valoq commented on GitHub (Jan 1, 2017): Did you try again with ffmpeg installed?
gitea-mirror commented 2026-05-05 06:27:35 -06:00
Author
Owner
Copy link

@l29ah commented on GitHub (Jan 2, 2017):

I don't really know how as i have ffmpeg installed already.

<!-- gh-comment-id:269935276 --> @l29ah commented on GitHub (Jan 2, 2017): I don't really know how as i have ffmpeg installed already.
gitea-mirror commented 2026-05-05 06:27:37 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jan 3, 2017):

Try the version in git. A few weeks ago a similar bug was fixed, I had to put in a 1 second delay after starting xpra server just before we attempt to attach.

<!-- gh-comment-id:270129791 --> @netblue30 commented on GitHub (Jan 3, 2017): Try the version in git. A few weeks ago a similar bug was fixed, I had to put in a 1 second delay after starting xpra server just before we attempt to attach.
gitea-mirror commented 2026-05-05 06:27:40 -06:00
Author
Owner
Copy link

@l29ah commented on GitHub (Jan 4, 2017):

https://xpra.org/trac/ticket/1389#comment:5 :/

<!-- gh-comment-id:270307573 --> @l29ah commented on GitHub (Jan 4, 2017): https://xpra.org/trac/ticket/1389#comment:5 :/
gitea-mirror commented 2026-05-05 06:27:43 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jan 5, 2017):

I'll make the delay configurable, the 10 sec delay they suggest would be overkill.

<!-- gh-comment-id:270652758 --> @netblue30 commented on GitHub (Jan 5, 2017): I'll make the delay configurable, the 10 sec delay they suggest would be overkill.
gitea-mirror commented 2026-05-05 06:27:45 -06:00
Author
Owner
Copy link

@l29ah commented on GitHub (Jan 5, 2017):

They suggest to touch a flag.

<!-- gh-comment-id:270659943 --> @l29ah commented on GitHub (Jan 5, 2017): They suggest to touch a flag.
gitea-mirror commented 2026-05-05 06:27:47 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Jan 5, 2017):

As for knowing when the server is truly ready and you can connect to it. You can add a start command that touches a file (ie: --start="touch ready", or you can run "xpra version :DISPLAY" until it exits without error, etc..

found it, thanks.

<!-- gh-comment-id:270663425 --> @netblue30 commented on GitHub (Jan 5, 2017): > As for knowing when the server is truly ready and you can connect to it. You can add a start command that touches a file (ie: --start="touch ready", or you can run "xpra version :DISPLAY" until it exits without error, etc.. found it, thanks.
gitea-mirror commented 2026-05-05 06:27:50 -06:00
Author
Owner
Copy link

@chiraag-nataraj commented on GitHub (Jul 26, 2017):

I'm actually having the same problem now, after upgrading xpra. Is there a configurable delay that I can mess with (maybe in firejail.config)? I've gotten around it for now by setting up a shell script that waits for xpra start to finish before running xpra attach.

<!-- gh-comment-id:317911873 --> @chiraag-nataraj commented on GitHub (Jul 26, 2017): I'm actually having the same problem now, after upgrading xpra. Is there a configurable delay that I can mess with (maybe in `firejail.config`)? I've gotten around it for now by setting up a shell script that waits for `xpra start` to finish before running `xpra attach`.
gitea-mirror commented 2026-05-05 06:27:51 -06:00
Author
Owner
Copy link

@chiraag-nataraj commented on GitHub (Jul 22, 2018):

For newer versions, you can set xpra-attach yes in firejail.config, which should use the --attach parameter to xpra.

<!-- gh-comment-id:406837906 --> @chiraag-nataraj commented on GitHub (Jul 22, 2018): For newer versions, you can set `xpra-attach yes` in `firejail.config`, which should use the `--attach` parameter to `xpra`.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#692
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?