search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.68k stars 557 forks source link

ktorrent: configuration does not persist #1793

Open zorates opened 6 years ago

zorates commented 6 years ago

firejail version 0.9.52 ktorrent 5.1.0

Launching firejail ktorrent with the default profile in /etc/firejail/ktorrent.profile, changing some settings in ktorrent and clicking apply produces the following error on the console:

Qt Warning: Couldn't write "/home/myuser/.config/ktorrentrc" . Disk full?

No error when launching with the --noprofile argument however.

I checked ktorrent.profile and it contains the following lines:

noblacklist ${HOME}/.config/ktorrentrc whitelist ${HOME}/.config/ktorrentrc

so it appears the file is properly whitelisted, but it still doesn't work.

Fred-Barclay commented 6 years ago

G'day @zorates Do you know what those settings are you changed in ktorrent? Thanks! Fred

zorates commented 6 years ago

For example the 'Default save location' or the the 'Maximum upload speed'.

I first ran ktorrent without firejail if that makes any difference, so the ktorrentrc file already existed and contained my initial setup. I then started running it in firejail, without any apparent issues, until I tried to change to above settings and notice that they don't survive a restart. This lead me to investigate the cause, which turned out to be firejail.

smitsohu commented 6 years ago

I see the same with all KDE apps when I try to add whitelisting to their profiles, and Firefox has similar problems when it attempts to update the default browser in mimeapps.list (see #1355).

This might have to do with KDE and Firefox trying to run rename() on whitelisted files, which fails because whitelisted files are mount points inside the sandbox and can't be renamed or replaced. It could be a lack of imagination on my side, but I guess this is a rather hard limitation in the interaction between KDE apps (or Firefox) and Firejail.

Also means we can drop all mkfile instructions in KDE app profiles with whitelist (i.e. akregator, kcalc and ktorrent).

rusty-snake commented 4 years ago

still an issue?

smitsohu commented 4 years ago

Basically it is a limitation in the kernel. It can be addressed either there or in the relevant libraries, there is not much that Firejail can do (apart from dirty LD_PRELOAD hacks).

rusty-snake commented 3 years ago

See https://github.com/netblue30/firejail/issues/3697#issuecomment-716468502 for a workaround.