github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #1112] Question: How can i fix this profile? #762

New issue

Closed

opened 2026-05-05 06:35:57 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented

2026-05-05 06:35:57 -06:00

Owner

Originally created by @nyancat18 on GitHub (Feb 21, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1112

with https://github.com/chiraag-nataraj/firejail-profiles/raw/master/kdenlive.profile

i get this log
https://gist.github.com/triceratops1/f34c1b68e535b2c35484810a38a14a70

Originally created by @nyancat18 on GitHub (Feb 21, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1112 with https://github.com/chiraag-nataraj/firejail-profiles/raw/master/kdenlive.profile i get this log https://gist.github.com/triceratops1/f34c1b68e535b2c35484810a38a14a70

gitea-mirror

2026-05-05 06:35:57 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 06:36:05 -06:00

Author

Owner

@nyancat18 commented on GitHub (Feb 21, 2017):

firejail version 0.9.44.8

Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- bind support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled

@nyancat18 commented on GitHub (Feb 21, 2017): firejail version 0.9.44.8 Compile time support: - AppArmor support is disabled - AppImage support is enabled - bind support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled

gitea-mirror commented

2026-05-05 06:36:08 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 22, 2017):

In the log you have:

mprotect failed in ExecutableAllocator::makeExecutable: Permiso denegado

Grsecurity is killing the executable. I think the application is intentionally doing dynamic machine code generation and just needs an exception. This happens in some programs, usually browsers or Python programs. You would need to disable mprotect feature for your program executable, something like this:

$ sudo paxctl -c /usr/lib/iceweasel/iceweasel
$ sudo paxctl -m /usr/lib/iceweasel/iceweasel

Replace iceweasel above with the full path for your executable.

@netblue30 commented on GitHub (Feb 22, 2017): In the log you have: > mprotect failed in ExecutableAllocator::makeExecutable: Permiso denegado Grsecurity is killing the executable. I think the application is intentionally doing dynamic machine code generation and just needs an exception. This happens in some programs, usually browsers or Python programs. You would need to disable mprotect feature for your program executable, something like this: ````` $ sudo paxctl -c /usr/lib/iceweasel/iceweasel $ sudo paxctl -m /usr/lib/iceweasel/iceweasel ````` Replace iceweasel above with the full path for your executable.

gitea-mirror commented

2026-05-05 06:36:11 -06:00

Author

Owner

@nyancat18 commented on GitHub (Feb 22, 2017):

@netblue30 i use linux-lts (archlinux) :)
no grsec

@nyancat18 commented on GitHub (Feb 22, 2017): @netblue30 i use linux-lts (archlinux) :) no grsec

gitea-mirror commented

2026-05-05 06:36:14 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 22, 2017):

You are right, it is something different. I was going with this: https://pax.grsecurity.net/docs/mprotect.txt

Try to run the program without a profile:

$ firejail --noprofile application-name

If this is working, we can definitely fix it.

@netblue30 commented on GitHub (Feb 22, 2017): You are right, it is something different. I was going with this: https://pax.grsecurity.net/docs/mprotect.txt Try to run the program without a profile: ````` $ firejail --noprofile application-name ````` If this is working, we can definitely fix it.

gitea-mirror commented

2026-05-05 06:36:17 -06:00

Author

Owner

@liloman commented on GitHub (Feb 23, 2017):

You are right, it is something different. I was going with this: https://pax.grsecurity.net/docs/mprotect.txt

I remember clearing reading this amazing staff long time ago I had even printed it! 👯‍♂️ /mprotect() 4 life!

http://phrack.org/issues/60/6.html

Good ol'd times and amazing job indeed ! :)

Sorry for the spam! 😢

@liloman commented on GitHub (Feb 23, 2017): > You are right, it is something different. I was going with this: https://pax.grsecurity.net/docs/mprotect.txt I remember clearing reading this amazing staff long time ago I had even printed it! :dancing_men: /mprotect() 4 life! http://phrack.org/issues/60/6.html Good ol'd times and amazing job indeed ! :) Sorry for the spam! :cry:

gitea-mirror commented

2026-05-05 06:36:20 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 25, 2017):

No problem.

@netblue30 commented on GitHub (Feb 25, 2017): No problem.

gitea-mirror commented

2026-05-05 06:36:24 -06:00

Author

Owner

@nyancat18 commented on GitHub (Feb 25, 2017):

@netblue30 it works (firejail --noprofile --net=none kdenlive)

@nyancat18 commented on GitHub (Feb 25, 2017): @netblue30 it works (firejail --noprofile --net=none kdenlive)

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#762

No description provided.

Rows
Columns