search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.81k stars 567 forks source link

Tor and Pale Moon Browsers hang and won't display. #1930

Closed Amii-Leigh601 closed 6 years ago

Amii-Leigh601 commented 6 years ago

I have several browsers installed: Palemoon, Iridium, Tor, Waterfox, and Seamonkey, just to have lots to choose from. Just recently I updated the Firejail from what I had which worked at the time with everything I had installed, until I installed Waterfox, so I updated Firejail and now Waterfox works just peachy. Only thing is, now that I've done that Tor will hang: [code] $ firejail /usr/bin/tor-browser-en Reading profile /etc/firejail/tor-browser-en.profile Reading profile /etc/firejail/torbrowser-launcher.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Parent pid 1672, child pid 1673 Private /etc installed in 43.80 ms Blacklist violations are logged to syslog Child process initialized in 437.93 ms Error: no suitable /usr/bin/tor-browser-en executable found

Parent is shutting down, bye... [/code]

It runs fine without firejail, but that's hardly the point in having a sandboxing application, am I right? I also cannot start palemoon using firejail. I've posted about that issue on the Palemoon forums since it's only started this since I updated Palemoon to version 27.9.1: [code]$ firejail palemoon Reading profile /etc/firejail/palemoon.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Parent pid 3085, child pid 3086 TESTING warning: noblacklist /home/amii/.moonchild productions/pale moon not matched by a proper blacklist command in disable*.inc Blacklist violations are logged to syslog Child process initialized in 76.50 ms [/code] It just hangs there until I close it. I can run palemoon also without firejail so since I don't know how to write or modify code, I have to leave it to someone who can. Just so you can see what it looks like without firejail:[code]$ palemoon

(pale moon:3634): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::sm-connect after class was initialised

(pale moon:3634): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::show-crash-dialog after class was initialised

(pale moon:3634): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::display after class was initialised

(pale moon:3634): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::default-icon after class was initialised [/code] At this point, it's up and running. Just so everyone interested knows just what machine is doing this: [code]$ inxi -Fxz System: Host: Basically Kernel: 4.4.0-121-generic x86_64 (64 bit gcc: 4.8.4) Desktop: Cinnamon 2.8.8 (Gtk 3.10.8~8+qiana) Distro: Linux Mint 17.3 Rosa Machine: Mobo: ASUSTeK model: P5KPL-CM v: x.xx Bios: American Megatrends v: 0602 date: 02/24/2009 CPU: Dual core Pentium E5300 (-MCP-) cache: 2048 KB flags: (lm nx sse sse2 sse3 ssse3 vmx) bmips: 10486 clock speeds: max: 2600 MHz 1: 2000 MHz 2: 1600 MHz Graphics: Card: NVIDIA GK208 [GeForce GT 710B] bus-ID: 01:00.0 Display Server: X.Org 1.17.1 drivers: nvidia (unloaded: fbdev,vesa,nouveau) Resolution: 1280x1024@60.0hz GLX Renderer: GeForce GT 710/PCIe/SSE2 GLX Version: 4.5.0 NVIDIA 384.111 Direct Rendering: Yes Audio: Card-1 Intel NM10/ICH7 Family High Definition Audio Controller driver: snd_hda_intel bus-ID: 00:1b.0 Card-2 NVIDIA GK208 HDMI/DP Audio Controller driver: snd_hda_intel bus-ID: 01:00.1 Sound: Advanced Linux Sound Architecture v: k4.4.0-121-generic Network: Card: Qualcomm Atheros AR8121/AR8113/AR8114 Gigabit or Fast Ethernet driver: ATL1E port: ec00 bus-ID: 02:00.0 IF: eth1 state: up speed: 100 Mbps duplex: full mac: Drives: HDD Total Size: 1070.2GB (28.2% used) ID-1: /dev/sda model: WDC_WD2500JB size: 250.1GB ID-2: /dev/sdb model: ST3500312CS size: 500.1GB ID-3: USB /dev/sdc model: Storage_Device size: 320.1GB Partition: ID-1: / size: 226G used: 92G (43%) fs: ext4 dev: /dev/sda1 ID-2: swap-1 size: 4.29GB used: 0.14GB (3%) fs: swap dev: /dev/sda5 RAID: No RAID devices: /proc/mdstat, md_mod kernel module present Sensors: System Temperatures: cpu: 45.0C mobo: 35.0C gpu: 0.0:36C Fan Speeds (in rpm): cpu: 2265 sys-1: 2393 Info: Processes: 216 Uptime: 7 days Memory: 2677.3/3951.1MB Init: Upstart runlevel: 2 Gcc sys: 4.8.4 Client: Shell (bash 4.3.111) inxi: 2.2.28 [/code]

Any kind of constructive consideration would be welcome. Thanks for reading! Namaste

CdeMills commented 6 years ago

Same issue since Palemoon upgrade to 27.9.1. Tried firejail 0.52 and 0.54; on Centos 7 and Fedora 27; arch: x86_64, session: MATE. The symptom is rather strange: firejail starts and launch palemoon; but the user interface (main window) never appears.

Any idea ?

Regards

Pascal

pizzadude commented 6 years ago

disable tracelog in pale moon profile or /etc/firejail/firefox-common.profile and it fixes the issue (for me)

the tracelog line also affects firefox 60+ and im trying to get a pull request merged that comments out that line

martywd commented 6 years ago

@pizzadude typed: disable tracelog in pale moon profile or /etc/firejail/firefox-common.profile and it fixes the issue (for me)

Yup that works. Commented out 'tracelog' in custom profile file: '~/.config/firejail/palemoon.profile'

Now 'palemoon_27.9.1~repack-1_amd64.deb' (steve pusser's .deb build) opens just fine.

Thanks!

Edited to add: OS: Linux Mint 18.3 MATE 64-bit .

.

Fred-Barclay commented 6 years ago

@Amii-Leigh601 Can you try firejail --ignore=tracelog /usr/bin/tor-browser-en and firejail --ignore=tracelog palemoon? Cheers! Fred

SkewedZeppelin commented 6 years ago

The fix (#1935) has been merged and is in master as 64914b7ae78484483dd0f736f3eefcec4342482e

imxade commented 2 years ago

may we should enable tracelog now, as newer firefox is working fine with it.

glitsj16 commented 2 years ago

@imxade

may we should enable tracelog now, as newer firefox is working fine with it.

Would you be interested in creating a PR for this? I've been running with tracelog in a firefox-common.local without issues for some time now and forgot about this. I've added it in torbrowser-launcher.local too, together with private-bin getconf, as that seems to be used by TB to determine the architecture (32bit vs 64bit). Haven't tested other browsers that include firefox-common.profile, which I have zero experience with.

imxade commented 2 years ago

@imxade

may we should enable tracelog now, as newer firefox is working fine with it.

Would you be interested in creating a PR for this? I've been running with tracelog in a firefox-common.local without issues for some time now and forgot about this. I've added it in torbrowser-launcher.local too, together with private-bin getconf, as that seems to be used by TB to determine the architecture (32bit vs 64bit). Haven't tested other browsers that include firefox-common.profile, which I have zero experience with.

https://github.com/netblue30/firejail/pull/5343